# Computational Theory Notebook

In [1]:
import numpy as np
import hashlib

## Problem 1: Binary Words and Operations

##### The Pharity function is responsible for implementing the SHA-1 function, which returns the bitwise XOR of three 32-bit integer values. XOR outputs 1 in a bit position if an odd number of inputs have a 1 in that position otherwise it outputs 0. To ensure that the inputs are treated as 32-bit integers I have decided to use the `numpy.uint32` function ([see official documentation](https://numpy.org/doc/stable/user/basics.types.html))

In [164]:
# Problem one is all about implementing functions in Python using numpy to ensure that all values are treated as 32-bit integers

def Parity(x, y, z):
    """
    The Parity function is responsible for computing the bitwise parity (XOR) of three 32-bit integers.
    
    The Parity function is defined as follows:
    
    Parity(x, y, z) = x XOR y XOR z
    where XOR is the bitwise exclusive OR operation.
    
    Using the numpy library, we can ensure that the inputs are treated as 32-bit integers by converting them using np.uint32.
    
    Parameters:
    
    x (int): A 32-bit integer.
    y (int): A 32-bit integer.
    z (int): A 32-bit integer.
    
    Returns:
    
    int: The parity of the three input integers as a 32-bit integer.
    
    """
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    return (x ^ y ^ z)


# To test this function I will be using three binary numbers with the Parity function
a = 0b1010 # 10 in decimal
b = 0b1100 # 12 in decimal
c = 0b0110 # 6 in decimal

# Testing out the function
result = Parity(a, b, c)
print("Parity result: ", bin(result))

Parity result:  0b0


#### The Ch function which is actually short for choose is a bitwise operation that is used in SHA-1. It selects bits from two inputs (y and z) based on the third input (x) as a selector.

#### I will now explain how it works: 
#### For each bit position: If the bit in x (the selector integer), is 1 you take the bit from y, and if the bit in x is 0 you take the bit from z. To ensure that the inputs are treated as 32-bit integers I have decided to use the `numpy.uint32` function ([see official documentation](https://numpy.org/doc/stable/user/basics.types.html))

In [165]:
"""
Ch(x,y,z) = (x AND y) XOR (NOT x AND z) is responsible for returning the result of the Ch function for three 32-bit integers.

The function takes three 32-bit integers as input and returns the result of the Ch function as a 32-bit integer.

"""

def Ch(x, y, z):
    """
    The Ch function is responsible for computing the bitwise choice operation of three 32-bit integers.
    
    The Ch function is defined as follows:
    
    Ch(x, y, z) = (x AND y) XOR (NOT x AND z)
    where AND is the bitwise AND operation, NOT is the bitwise NOT operation, and XOR is the bitwise exclusive OR operation.
    Using the numpy library, we can ensure that the inputs are treated as 32-bit integers by converting them using np.uint32.
    
    Returns:
    int: The result of the Ch function for the three input integers as a 32-bit integer.
    
    """
    
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    return ((x & y) ^ (~x & z))

# To test this function I will be using three binary numbers with the Ch function
a = 0b1010 # 10 in decimal
b = 0b1100 # 12 in decimal
c = 0b0110 # 6 in decimal

# Testing out the function
result = Ch(a, b, c)
print("Ch result: ", bin(result))

Ch result:  0b1100


#### The Maj which is actually short for majority function is responsible for computing the majority of three 32-bit integers bitwise. The maj function is defined as follows:

#### Maj(x,y,z) = (x AND y) XOR (x AND z) XOR (y AND z)

#### I will now explain its behaviour: for each bit position: output = 1 if at least two of the three input bits are 1 or 0 if fewer than two bits are 1. To ensure that the inputs are treated as 32-bit integers I have decided to use the `numpy.uint32` function ([see official documentation](https://numpy.org/doc/stable/user/basics.types.html))

In [166]:
def Maj(x, y, z):
    """
    The Maj function is responsible for computing the bitwise majority operation of three 32-bit integers.
    
    The Maj function is defined as follows:
    
    Maj(x, y, z) = (x AND y) XOR (x AND z) XOR (y AND z)
    where AND is the bitwise AND operation and XOR is the bitwise exclusive OR operation.
    Using the numpy library, we can ensure that the inputs are treated as 32-bit integers by converting them using np.uint32.
    
    Parameters:
    
    x (int): A 32-bit integer.
    y (int): A 32-bit integer.
    z (int): A 32-bit integer.
    
    Returns:
    
    int: The result of the Maj function for the three input integers as a 32-bit integer.
    
    """
    # Makes sure inputs are treated as 32-bit integers
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    # Returns the result of the Maj function as a 32-bit integer
    return ((x & y) ^ (x & z) ^ (y & z))

# To test this function I will be using three binary numbers with the Maj function
a = 0b1010 # 10 in decimal
b = 0b1100 # 12 in decimal
c = 0b0110 # 6 in decimal

# Testing out the function
result = Maj(a, b, c)
print("Maj result:", bin(result))


Maj result: 0b1110



#### The Big Sigma Zero of x is a bit-mixing function that is used in the SHA-256 compression step. It takes a 32-bit word and returns another 32-bit word by combining three right-rotations of the input usnig bitwise XOR. 

#### There are three steps you must take in order to implement this correctly (see functions below): 
#### 1. ROTR(x ,n) (right rotate) x by n bits (wrap bits around).
#### 2. SHR(x, n) (logical shift right) x by n bits
#### 3. XOR Bitwise exclusive OR applied to the three rotated results
#### To ensure that the inputs are treated as 32-bit integers I have decided to use the `numpy.uint32` function ([see official documentation](https://numpy.org/doc/stable/user/basics.types.html))

In [167]:
def rotr(x, n):
    """
    ROTR (rotate right) function performs a right rotation on a 32-bit integer x by n bits.
    It is used in SHA-256 for bit diffusion.
    
    Parameters:
    
    x (int): A 32-bit integer to be rotated.
    n (int): The number of bits to rotate x to the right.
    
    Returns:
    int: The result of rotating x to the right by n bits as a 32-bit integer.
    
    """
    
    x = np.uint32(x) # Ensure x is treated as a 32-bit integer
    
    # To preform the right rotation we have to:
    # 1. Shift x to the right by n bits
    # 2. Shift the original bits to the left by (32 - n) to wrap around
    # 3. Combine both of the results by using the OR operation
    return np.uint32((x >> n) | (x << (32 - n)))


In [168]:
def shr(x, n):
    """ 
    SHR (shift right) function performs a logical right shift on a 32-bit integer x by n bits.
    It differs to the arithmetic right shift because it does not preserve the sign bit.
    
    Parameters:
    x (int): A 32-bit integer to be shifted.
    n (int): The number of bits to shift x to the right.
    
    Returns:
    int: The result of shifting x to the right by n bits as a 32-bit integer.
    """
    x = np.uint32(x) # Ensure x is treated as a 32-bit integer
    
    # To preform the logical right shift we have to:
    # 1. Ensure that the bits shifted off the right are discarded
    # 2. Ensure the new leftmost bits are filled with zeros
    return np.uint32((x >> n))

In [169]:
def Sigma0(x):
    """
    The Sigma0 function is responsible for computing the bitwise rotation and XOR operations on a 32-bit integer.
    The Big Sigma function is defined as follows:
    Sigma0(x) = ROTR(x, 2) XOR ROTR(x, 13) XOR ROTR(x, 22)
    where ROTR is the bitwise rotate right operation and XOR is the bitwise exclusive OR operation.
    
    Parameters:
    x (int): A 32-bit integer.
    
    Returns:
    int: The result of the Sigma0 function for the input integer as a 32-bit integer.
    """
    x = np.uint32(x) # Ensure x is treated as a 32-bit integer
    
    # Calculate and return the result of the Sigma0 function as a 32-bit integer
    return np.int32(rotr(x, 2) ^ rotr(x, 13) ^ rotr(x, 22))

In [170]:
# Testing to see if the Sigma0 function works correctly
testing_values = [
    0x00000000,
    0xFFFFFFFF,
    0x12345678,
    0x6A09E667
]

# Output of the results for Sigma0 function
print("Sigma0 results:")
for value in testing_values:
    result = Sigma0(value)
    print(f"x = {hex(value):>10} -> Sigma0(x) = {hex(int(result))}")


Sigma0 results:
x =        0x0 -> Sigma0(x) = 0x0
x = 0xffffffff -> Sigma0(x) = -0x1
x = 0x12345678 -> Sigma0(x) = 0x66146474
x = 0x6a09e667 -> Sigma0(x) = -0x31df4b82


#### The SHA-256 standard defines several small bit-manipulation helper functions. One of them is the capital Sigma function Σ1 (for 256-bit variant), written in the standard as Σ₁²⁵⁶(x). 

#### Mathemically it is written as follows:
#### Σ1₍₂₅₆₎(x) = ROTR⁶(x) ⊕ ROTR¹¹(x) ⊕ ROTR²⁵(x) where ROTR^n(x) is the right-rotation of the 32-bit word x by n bits, and ⊕ is bitwise XOR. The purpose of this is is that it mixes bits of the 32-bit word x by rotating it three different amounts and XOR-ing the results. The result is a 32-bit word used inside the SHA-256 message schedule and compression steps. To ensure that the inputs are treated as 32-bit integers I have decided to use the `numpy.uint32` function ([see official documentation](https://numpy.org/doc/stable/user/basics.types.html))

In [171]:
# I will be using numpy for this function as well to ensure that all values are treated as 32-bit integers

def rotr_np(x, n):
    """
    Rotate-right a 32-bit unsigned integer using numpy.
    
    This function performs what is known as a "bit rotation".
    A rotation is similar to a shift, but instead the bits that fall off the right side wrap around and reappear on the left side.
    This wrap-around behaviour is the key difference between a rotation and a regular shift.
    
    This is important because SHA-256 uses rotations to mix-bits in a way that cannot be undone by simple arithmetic. 
    
    Parameters:
    x (int): A 32-bit unsigned integer to be rotated. 
    
    n (int): The number of bits to rotate x to the right.
    
    Returns:
    int: The result of rotating x to the right by n bits as a 32-bit unsigned integer.
    
    Note: We mask with 0xFFFFFFFF to ensure we only keep the lowest 32 bits after shifting.
    Using numpy.uint32 forces every operation to wrap at 32 bits.
    
    """
    
    # This converts x to a 32-bit unsigned integer
    # This will ensure that all math operations use 32-bit behaviour, not Python's infinite integers
    x = np.uint32(x)
    
    # Converts n to a plain Python int so numpy doesn't complain about shift types
    n = int(n)
    
    # Performs a simple logical right shift. Bits shifted off the right end dissapear
    right_shifted = np.uint32(x >> np.uint32(n))
    
    # Shifts the number to the left by (32 - n) so the bits that were removed from the right side can reappear on the left
    # Then we mask with 0xFFFFFFFF to ensure we only keep the lowest 32 bits
    left_wrapped = np.uint32((x << np.uint32(32 - n)) & np.uint32(0xFFFFFFFF))
    
    # Returns the rotation which is the combination of the right shifted and left wrapped bits
    return np.uint32(right_shifted | left_wrapped)

In [172]:
def Sigma1_256(x):
    """
    Compute the SHA-256 function Σ1_256(x), sometimes written Σ₁(x).
    
    According to the Secure Hash Standard (FIPS 180-4), the mathematical definition of this function is:
    Σ1_256(x) = ROTR^6(x) XOR ROTR^11(x) XOR ROTR^25(x)

    This basically means that we:
    
    1. Rotate the input x by 6 bits to the right.
    2. Rotate the input x by 11 bits to the right.
    3. Rotate the input x by 25 bits to the right.
    4. Then we XOR the three rotated values together to produce the final output.
    
    These rotations help shuffle the bits in a nonlinear way. This mixing is essential because SHA-256 must make every output bit depend on many input bits.
    This prevents predictable or reversible behaviour.
    
    Parameters:
    x (int): A 32-bit unsigned integer input.
    
    Returns:
    int: The result of the Σ1_256 function as a 32-bit unsigned integer.
    
    Notes: 
    
    XOR is used because it is reversible and mixes bits well.
    Rotating by different amounts ensurs each output bit depends on many different input bits.
    """
    
    # Converts x to a strict 32-bit unsigned integer before doing anything else to guarantee predictable and standard-compliant behaviour
    x = np.uint32(x)
    
    # Performs the three required rotations
    rotr6 = rotr_np(x, 6)
    rotr11 = rotr_np(x, 11)
    rotr25 = rotr_np(x, 25)
    
    # XORs the rotated values together to produce the final Σ1 output.
    return np.uint32(rotr6 ^ rotr11 ^ rotr25)

In [173]:
# Testing to see if the Sigma1_256 function works correctly

def roty_py(x, n):
    """Reference rotate-right written using plain Python (this is slower but it is simple and easy to understand)."""
    
    x = x & 0xFFFFFFFF  # Ensure x is treated as a 32-bit unsigned integer
    return ((x >> n) | ((x << (32 - n)) & 0xFFFFFFFF)) & 0xFFFFFFFF

def Sigma1_py(x):
    """Pure Python reference implementation for verification."""
    return (roty_py(x, 6) ^ roty_py(x, 11) ^ roty_py(x,25)) & 0xFFFFFFFF

# Checking to see that both implementations match
if __name__ == "__main__":
    test_value = 0x12345678
    print("numpy version: ", hex(int(Sigma1_256(test_value))))
    print("python version: ", hex(Sigma1_py(test_value)))

numpy version:  0x3561abda
python version:  0x3561abda


#### In SHA-256, the small sigma zero function σ0(x) is a bit-mixing function. It takes a single 32-bit word and scrambles its bits in a specific way. The standard defines it as:

#### σ0​(x)=ROTR7(x)⊕ROTR18(x)⊕SHR3(x)

#### Where ROTRⁿ(x) means rotate x right by n bits, SHRⁿ(x) means shift x right by n bits, filling with zeros, ⊕ means XOR (combine bits). SHA-256 uses this function when expanding message blocks, because mising bits like this spreads information around and prevents patterns. To ensure that the inputs are treated as 32-bit integers I have decided to use the `numpy.uint32` function ([see official documentation](https://numpy.org/doc/stable/user/basics.types.html))

In [174]:
def rotr(x, n):
    """ 
    Rotate-right operation for 32-bit valyes using numpy.uint32
    
    This function performs a bit rotation, which is different from a shift because a normal right shift pushes bits off the right end and fills with zeros
    whereas a rotation takes the bits that fall off the right side and wraps them around to the left side again
    
    SHA-256 uses rotations because they preserve all original bits, just in different positions, which helps with diffusion
    
    Parameters:
    x (int): A 32-bit unsigned integer to be rotated.
    n (int): The number of bits to rotate x to the right.
    
    Returns:
    int: The result of rotating x to the right by n bits as a 32-bit unsigned integer.
    """
    
    # Converts x to a 32-bit unsigned integer to guarantee wrapping at 32 bits.
    x = np.uint32(x)
    
    # Ensures n is a normal integer and within 0-31
    n = int(n) % 32
    
    # Right shift: bits move right, empty spaces on the left fill with zeros.
    right_part = np.uint32(x >> np.uint32(n))
    
    # Left shift: moves the bits left, but we mask with 0xFFFFFFFF to keep it 32-bit
    # This simulates the wrap-around effect of a true rotation
    left_part = np.uint32((x << np.uint32(32 - n)) & np.uint32(0xFFFFFFFF))
    
    # The roatation is the OR of the right-shifted bits and the wrapped-around bits
    return np.uint32(right_part | left_part)

In [175]:
def shr_np(x, n):
    """ 
    Logical right shift for 32-bit integers.
    
    Unlike rotations, this operation shifts does not wrap around bits
    Instead, bits shifted out on the right are simpply discarded, and the left shift is filled with zeros.
    
    SHA-256 uses this zero-fill behaviour so we enforce it with numpy.uint32
    
    Parameters:
    x (int): A 32-bit unsigned integer to be shifted.
    n (int): The number of bits to shift x to the right.
    
    Returns:
    int: The result of shifting x to the right by n bits as a 32-bit unsigned integer.
    """
    
    x = np.uint32(x)
    n = int(n) % 32
    
    # Numpy shifts on uint32 automatically behave as logical shifts
    return np.uint32(x >> np.uint32(n))

In [176]:
def sigma0_256(x):
    """ 
    σ0₍₂₅₆₎(x) — Small sigma 0 function from SHA-256.
    
    This is directly from the SHA-256 standard (FIPS 180-4), page 10.
    The formula defined by the standard is:
    
    σ0(x) = ROTR^7(x) XOR ROTR^18(x) XOR SHR^3(x)
    
    This means that we have to:
    
    1. Rotate the input x by 7 bits to the right.
    2. Rotate the input x by 18 bits to the right.
    3. Shift the input x to the right by 3 bits logically (filling with zeros).
    4. Then we XOR the three results together to produce the final output.
    
    Why does SAH-256 do this?
    This bit-mixing function spreads small changes across many bits.
    It helps SHA-256 achieve avalanche effect where small input changes cause large output changes.
    
    Parameters:
    x (int): A 32-bit unsigned integer input.
    
    Returns:
    int: The result of the σ0₍₂₅₆₎ function as a 32-bit unsigned integer.
    
    """
    
    # Forces x to be a 32-bit ineteger
    x = np.uint32(x)
    
    rotr7 = rotr(x, 7) # Rotates x by 7 bits to the right
    rotr18 = rotr(x, 18) # Rotates x by 18 bits to the right
    shr3 = shr_np(x, 3) # Shifts x to the right by 3 bits logically
    
    # XOR combines the results bit-by-bit
    return np.uint32(rotr7 ^ rotr18 ^ shr3)

In [177]:
# Testing to see if the sigma0_256 function works correctly
def sigma0_py(x):
    """Pure Python reference implementation."""
    x &= 0xFFFFFFFF
    def rotr(v, n): return ((v >> n) | ((v << (32-n)) & 0xFFFFFFFF)) & 0xFFFFFFFF
    return rotr(x,7) ^ rotr(x,18) ^ (x >> 3)

# Example tests
for v in [0, 0xFFFFFFFF, 0x12345678, 0x7FFFFFFF, 0x80000000]:
    print(hex(v), "→", hex(int(sigma0_256(v))), "(match:", sigma0_py(v) == int(sigma0_256(v)), ")")


0x0 → 0x0 (match: True )
0xffffffff → 0x1fffffff (match: True )
0x12345678 → 0xe7fce6ee (match: True )
0x7fffffff → 0xeffdfff (match: True )
0x80000000 → 0x11002000 (match: True )


#### This is the second small sigma function used in SHA-256. Just like σ0, it mixes bits of a 32-bit word, but with different rotation amounts. The standard defines it as:

#### σ1​(x)=ROTR17(x)⊕ROTR19(x)⊕SHR10(x)

#### This means we have to:
#### Rotate x right by 17 bits, rotate x right by 19 bits, shift x right by 10 bits (zero-fill), and then XOR all three results together.

#### This function is used during SHA-256 message schedule expansion, helping spread bits around so the algorithm has good diffusion. To ensure that the inputs are treated as 32-bit integers I have decided to use the `numpy.uint32` function ([see official documentation](https://numpy.org/doc/stable/user/basics.types.html))

In [178]:
def rotr_np(x, n):
    """ 
    Rotate-right for 32-bit integers using numpy.
    
    This is a helper function used throughout SHA-256. It rotates the bits of the 32-bit number x to the right by n positions. 
    Any bits that fall, off the right edge reappear on the left side. 
    This preserves all bits and only rearranges them, which is important for cryptographic mixing.
    
    Parameters:
    x (int): A 32-bit unsigned integer to be rotated.
    n (int): The number of bits to rotate x to the right.
    
    Returns:
    int: The result of rotating x to the right by n bits as a 32-bit unsigned integer.
    """
    
    x = np.uint32(x)
    n = int(n) % 32
    
    # Perfroms a simple logical right shift. Bits shifted off the right end dissapear
    right = np.uint32(x >> np.uint32(n))
    left = np.uint32((x << np.uint32(32 - n)) & np.uint32(0xFFFFFFFF)) # Mask to 32 bits
    
    # Returns the rotation which is the combination of the right shifted and left wrapped bits
    return np.uint32(right | left)

In [179]:
def shr_np(x, n):
    """ 
    Logical right shift for 32-bit integers using numpy
    
    A logical shift simply discards bits shifted out on the right, and fills in zeros on the left.
    This is different from an arithmetic shift which preserves the sign bit.
    SHA-256 requires logical shifts, so numpy.uint32 ensures this behaviour.
    """
    
    x = np.uint32(x) # Ensure x is treated as a 32-bit integer
    n = int(n) % 32 # Ensure n is within 0-31
    return np.uint32(x >> np.uint32(n)) # Logical right shift

In [180]:
def sigma1_256(x):
    """ 
    σ1₍₂₅₆₎(x) — Small Sigma 1 function from SHA-256.
    
    Defined in FIPS 180-4 (Secure Hash Standard) page 10, the mathematical definition is:
    
    σ1(x) = ROTR^17(x) XOR ROTR^19(x) XOR SHR^10(x)
    
    To explain in simple terms, this function:
    
    1. Rotates the input x by 17 bits to the right.
    2. Rotates the input x by 19 bits to the right.
    3. Shifts the input x to the right by 10 bits logically (filling with zeros).
    4. Then we XOR the three results together to produce the final output.
    
    This function is used when creating the expanded message words for each block of SHA-256, helping ensure strong avalanche behaviour.
    
    All values are numpy.uint32 to guarantee 32-bit integer behaviour.

    """
    
    x = np.uint32(x) # Ensure x is treated as a 32-bit integer
    
    rotr17 = rotr_np(x, 17) # Rotates x by 17 bits to the right
    rotr19 = rotr_np(x, 19) # Rotates x by 19 bits to the right
    shr10 = shr_np(x, 10) # Shifts x to the right by 10 bits logically
    
    # Returns the result of the σ1 function as a 32-bit integer
    return np.uint32(rotr17 ^ rotr19 ^ shr10)

In [181]:
# Testing to see if the sigma1_256 function works correctly
def sigma1_py(x):
    """Pure Python reference version for verifying correctness."""
    x &= 0xFFFFFFFF
    def rotr(v, n): return ((v >> n) | ((v << (32-n)) & 0xFFFFFFFF)) & 0xFFFFFFFF
    return rotr(x,17) ^ rotr(x,19) ^ (x >> 10)

# Example test values
for v in [0, 0xFFFFFFFF, 0x12345678, 0x7FFFFFFF, 0x80000000]:
    result_np = int(sigma1_256(v))
    result_py = sigma1_py(v)
    print(hex(v), "→", hex(result_np), "(match:", result_np == result_py, ")")


0x0 → 0x0 (match: True )
0xffffffff → 0x3fffff (match: True )
0x12345678 → 0xa1f78649 (match: True )
0x7fffffff → 0x1fafff (match: True )
0x80000000 → 0x205000 (match: True )


## Problem 2: Fractional Parts of Cube Roots

#### SHA-256 uses many constants. Some of them come from the cube roots of prime numbers. But before we can compute cube roots, we need a list of prime numbers. A prime number is:

#### A whole number greater than 1
#### Only divisible by itself and 1

#### Some examples of some prime numbers are 2,3,5,7 etc.

#### In this problem SHA-256 needs the first 64 prime numbers, so I am going to implement a function that checks if a number has any divisors, and if there are no divisors it is a prime number and I will do this for the first 64 prime numbers 

#### In this function you will see that I have used the `numpys .append` function ([see official documentation](https://numpy.org/doc/2.3/reference/generated/numpy.append.html)). The reason I chose to use this is because it is responsible for adding elements to the end of the list and that us what prime_list is used for in my primes(n) function.

In [182]:
def primes(n):
    """ 
    Generates the first n prime numbers.
    
    The function works like this:
    
    1. Start with an empty list called prime_list. This will slowly fill up as we discover primes
    
    2. Begin checking numbers starting from 2, because 1 is not a prime number
    
    3. For each number we check, we try to determine whether it is a prime. To do this, we test if it can be evenly divided by any smaller number greater than 1 
    
    4. If a number can be divided evenly than it is not a prime
    
    5. If the number can't be divided, then the number is prime
    
    6. Every time a prime is found, it is added to prime_list
    
    7. We continue checking numbers until the list contains exactly n primes
    
    Parameters:
    n: int (The number of prime numbers to generate)
    
    Returns:
    list of int (A list containing the first n prime numbers in order)
    
    """
    
    primes_list = [] # This will store all of the prime numbers I find
    candidate = 2 # Start checking for prime numbers from 2 upwards as 2 is the first prime number
    
    # This will run on a loop until we have found n prime numbers
    while len(primes_list) < n:
        
        # This assumes the current number 'candidate is prime until proven otherwise
        is_prime = True
        
        # Checks the divisors up to the square root of the candidate number as there is no need to check beyond that
        for divisor in range(2, int(candidate ** 0.5) + 1):
            
            # If the candidate is divisible by any number other than 1 and itself, it is not prime
            if candidate % divisor == 0:
                is_prime = False
                break # No need to check further divisors
            
        # If the candidate is still marked as prime, add it to the list
        if is_prime:
            primes_list.append(candidate)
            
        # Moves to the next number and repeats the process
        candidate += 1
    
    return primes_list

In [183]:
# Getting the first 64 prime numbers as per the problem requirements
print(primes(64))


[2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311]


#### In SHA-256 some constants come from the cube roots of prime numbers. To generate these constants later, we need the cube roots of the first 64 prime numbers.

#### Now you may be wondering what a cube root is. The cube root of a number x is the number that, when multiplied by itself 3 times gives x. For example the cube root of 8 is 2. Cube roots of prime numbers are usually very irritional so SHA-256 uses these irrational decimals because they appear "random-like", which helps in cryptographic strength.

#### You will see here that I have used the `.array` function ([see official documentation here](https://numpy.org/doc/2.3/reference/generated/numpy.array.html#numpy-array)), and the `.cbrt` function ([see official documentation here](https://numpy.org/doc/2.3/reference/generated/numpy.cbrt.html#numpy-cbrt)). In my primes(n) function a standard Python list which works but it's not very efficient I decided to convert my list (primes_list) into a `NumPy` array `(np.array(prime_list, dtype=np.float64))`. This allows for precision control which is important as SHA-256 constants are derived from fractional parts of cube roots, so precision is critical.

#### I used np.cbrt because I needed the cube roots of primes and np.cbrt compute roots more reliably acroos the entire array, ensuring consistent floating-point results needed for cryptograhic applications like SHA-256.


In [184]:
def cube_roots_of_primes(n):
    """ 
    This function is responsible for computing the cube roots of the first n prime numbers using numpy
    
    This function connects directly to the Secure Hash Standard (FIPS 180-4),
    where part of the SHA-256 algorithm uses constants derived from the
    cube roots of the first 64 primes.
    
    The function works like this:
    
    1. The primes(n) function that I created earlier is called. 
    This gives us a normal Python list containing the first n prime numbers.
    
    2. We convert this list of primes into a numpy array. 
    We do this because numpy arrays allow mathematical operations to be applied to the entire array at once, and numpy ensures predictable floating-point behavior.

    3. We compute the cube root of each prime number. 
    Instead of using **value ** (1/3)** in Python (which uses built-in floats), we use `np.cbrt()`, which is a numpy function that computes cube roots in a consistent and reliable way.

    4. The result is a numpy array of cube roots, each stored as a 64-bit floating-point number (`float64`). 
    This type is important because floating-point precision affects the fractional parts we will extract later.
    
    
    Parameters: 
    
    n : int
    The number of primes whose cube roots we want to calculate (in this case 64)
    
    
    Returns:
    
    numpy.ndarray of float64 A numpy array where each element is the cube root of one prime.
    The array is ordered so that the first element is the cube root of the first prime (which is 2), the second being 3 etc.
    """
    
    
     # Step 1: Get the first n prime numbers by calling the earlier function.
    prime_list = primes(n)

    # Step 2: Convert the prime list into a numpy array.
    # We convert it to float64 immediately so that cube roots are computed using numpy floating-point math, not Python's built-in floats.
    primes_np = np.array(prime_list, dtype=np.float64)

    # Step 3: Compute cube roots using numpy's cbrt function.
    # cbrt stands for "cube root", and it safely handles arrays.
    cube_roots = np.cbrt(primes_np)

    # Step 4: Return the numpy array of cube roots.
    return cube_roots

In [185]:
# Testing out cube_roots_of_primes function
find_cubed_roots = cube_roots_of_primes(64)

# Output of the first 20 as the output of 64 is really long
print("First 64 prime numbers: ", primes(20))
print("Cube roots:")
for value in find_cubed_roots:
    print(value)

First 64 prime numbers:  [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71]
Cube roots:
1.259921049894873
1.4422495703074083
1.709975946676697
1.9129311827723892
2.2239800905693157
2.3513346877207573
2.571281590658235
2.668401648721945
2.8438669798515654
3.0723168256858475
3.141380652391393
3.3322218516459534
3.4482172403827303
3.5033980603867243
3.608826080138695
3.7562857542210724
3.8929964158732604
3.9364971831021736
4.06154810044568
4.140817749422853
4.179339196381232
4.2908404270262075
4.362070671454838
4.464745095584538
4.59470089220704
4.657009507803836
4.687548147653597
4.7474593985234
4.776856181035017
4.834588127111639
5.026525695313479
5.078753078132701
5.155136735475772
5.180101467380293
5.3014591923809045
5.325074021614987
5.3946907121095915
5.462555571281397
5.506878446387352
5.5720546555426225
5.635740794544237
5.656652825822911
5.758965220492401
5.77899656515213
5.818647867496962
5.838272460814002
5.953341813139051
6.064126994506963
6.100170200

#### Previously I computed the cube roots of the first 64 prime numbers. SHA-256 however does not use the whole cube root, it only uses the fractional part which are the digits that come after the decimal point eg. the fractional part of 1.2599210498948732 would be 0.2599210498948732

#### So what I need to do now is create a function called fractional_parts() that is responsible for taking an array of cube roots and returning an array of their fractional parts. 

#### The simplest way to do this is using the equation frac(x)=x−⌊x⌋. Thankfully there is a NumPy function for this called `np.floor` ([see official documentation here](https://numpy.org/doc/stable/reference/generated/numpy.floor.html)). This makes getting the fractional parts of cube roots much faster and precise than if I was to use Pyhton's built in math.floor.

#### I have also used the `np.array` function again ([see official documentation here](https://numpy.org/doc/2.3/reference/generated/numpy.array.html#numpy-array)) to guarantee consistent floating-point precision.

In [186]:
def fractional_parts(values):
    """ 
    This function is responsible for extracting the fractional parts of a list or numpy array of floating-point values.
    
    This function is designed specifically for the SHA-256 constant-generation process described in the Secure Hash Standard (FIPS 180-4).
    At this point in time, I have already computed the cube roots of the first n primes.
    Now what I want is only the digits that come after the decimal point for each cube root.
    
    The reason why we do this is because SHA-256 uses the first 32 bits of the fractional parts of cube roots.
    The fractional portion appears "random-like" and procides good cryptographic mixing.
    The integer part is ignored completely.
    
    This is how the function works:
    
     1. Convert the input values into a numpy array of type float64 to ensure consistent floating-point behavior.

    2. Compute the floor (the integer part) using numpy's floor().

    3. Subtract the floor from the original values. What remains is exactly the fractional part.
    
    Parameters:
    
    values : array-like
    A list or numpy array of floating-point numbers, typically cube roots of prime numbers.
    
    Returns:
    
    numpy.ndarray
    An array of the fractional parts of the input values. 
    Each element is a float64 between 0 (inclusive) and 1 (exclusive)
    
    """
    
     # Step 1: Ensure the input is a numpy array of float64 values.
    values = np.array(values, dtype=np.float64)

    # Step 2: Compute the integer part of each number.
    integer_parts = np.floor(values)

    # Step 3: Subtract the integer parts to isolate the fractional parts.
    fractions = values - integer_parts

    # Step 4: Return the fractions as a numpy array.
    return fractions

In [187]:
# Testing fractional_parts(values) function
# First, get cube roots of first 5 primes
roots = cube_roots_of_primes(5)

# Now extract fractional parts
fracs = fractional_parts(roots)

print("Cube roots: ", roots)
print("Fractional parts: ", fracs)


Cube roots:  [1.25992105 1.44224957 1.70997595 1.91293118 2.22398009]
Fractional parts:  [0.25992105 0.44224957 0.70997595 0.91293118 0.22398009]


#### In the last section, I extracted the fractional aprts of the cube roots of the first 64 prime numbers. The next part of the problem is to create constants from these values using the equation constant=⌊2^32×fractional part⌋.

#### The reason why the fractional parts are being multiplied by 32 is because this turns the fractional part into a 32-bit number space and allows SHA-256 to use them in bitwise operations.

#### I will be using more NumPy functions for this part. The NumPy functions that I used for this section are `np.array` ([see official documentation here](https://numpy.org/doc/2.3/reference/generated/numpy.array.html#numpy-array)), `np.floor` ([see official documentation here](https://numpy.org/doc/stable/reference/generated/numpy.floor.html)) and `astype(np.uint32)` ([see official documentation](https://numpy.org/doc/stable/user/basics.types.html)).

#### `np.array(values, dtype=np.float64)` was used to convert the list into a NumPy array, `dtype=np.float64` forces 64-bit floating point numbers.

#### `np.floor` took each number in the array, returning the largest whole number eg. floor(12.99) would turn into 12.

#### `astype(np.uint32)` converted values into 32-bit unsigned integers to ensure proper SHA-256 32-bit behaviour.

In [188]:
def fractional_parts_to_constants(fraction_values):
     """ 
     This function is responsible for converting the fractional parts of cube roots into 32-bit SHA-256 constants
     
     This function performs the exact mathematical process described in the Secure Hash Standard (FIPS 180-4).
     After extracting the fractional part of each cube root, we must transform those fractions into 32-bit unsigned integers.
     These become the SHA-256 "K" constants (K0 through K63).
     
     This is how the function works:
     
     1. We take each fractional part (a number between 0 and 1).
     
     2. We multiply it by 2^32. This expands the fractional digits into the 32-bit integer space that SHA-256 uses internally.
     
     3. We take the floor of each result, which means we remove any decimal from the multiplied value.
     
     4. We convert each result into a numpy.uint32, which guarantess these numbers behave like real 32-bit integers used in SHA-256.
     
     5. We convert each 32-bit number into a hexadecimal string, since the SHA-256 standard lists the constants in hex.
     
     Parameters:
     friction_values : array-like
     A list or numpy array of fractional values from cube roots
     
     Returns:
     list of str
     A list of hexadecimal strings, each representing a 32-bit SHA-256 constant derived from the cube root fractional parts.
     
     """

     # Step 1: Make sure we are working with a numpy array of float64s.
     fraction_values = np.array(fraction_values, dtype=np.float64)

     # Step 2: Multiply each fractional part by 2^32.
     # This expands the fractional part into a 32-bit integer range.
     expanded = fraction_values * (2 ** 32)

     # Step 3: Apply floor to remove decimals, as required by the standard.
     floored = np.floor(expanded)

     # Step 4: Convert to 32-bit integers (numpy.uint32).
     # This ensures correct 32-bit wraparound semantics.
     constants_uint32 = floored.astype(np.uint32)

     # Step 5: Convert each uint32 to a hex string for readability.
     hex_constants = [hex(int(value)) for value in constants_uint32]

     return hex_constants


In [189]:
# Testing fractional_parts_to_constants
roots = cube_roots_of_primes(5)
fractions = fractional_parts(roots)
constants = fractional_parts_to_constants(fractions)

print("Cube roots:    ", roots)
print("Fractions:     ", fractions)
print("SHA constants: ", constants)


Cube roots:     [1.25992105 1.44224957 1.70997595 1.91293118 2.22398009]
Fractions:      [0.25992105 0.44224957 0.70997595 0.91293118 0.22398009]
SHA constants:  ['0x428a2f98', '0x71374491', '0xb5c0fbcf', '0xe9b5dba5', '0x3956c25b']


#### Previously, I displayed the fractional parts of cube roots as hexadecimals. The final part of this problem is displaying these test results against what is in the Secure Hash Standard.

#### This section adds a function called `official_sha256_constants` that holds all of the 64 official constants and another function called `compare_constants` that will comapre my computed constants with the official ones.

In [190]:
def official_sha256_constants():
    """ 
    This function is responsible for returning the official SHA-256 K constants from the Secure Hash Standard.
    
    These constants appear in the FIPS 180-4 (bottom of page 11).
    They represent the first 32-bits of the fractional parts of the cube roots of the first 64 prime numbers.
    
    The constants are written here exactly as they appear in the standard.
    They are given as hexadecimal because SHA-256 typically displays constants in hex format.
    This is also helpful for comparing our computed values with the official ones.
    
    Returns:
    list of str
    A list of hexadecimal string constants
    """
    return [
        "0x428a2f98","0x71374491","0xb5c0fbcf","0xe9b5dba5","0x3956c25b","0x59f111f1","0x923f82a4","0xab1c5ed5",
        "0xd807aa98","0x12835b01","0x243185be","0x550c7dc3","0x72be5d74","0x80deb1fe","0x9bdc06a7","0xc19bf174",
        "0xe49b69c1","0xefbe4786","0x0fc19dc6","0x240ca1cc","0x2de92c6f","0x4a7484aa","0x5cb0a9dc","0x76f988da",
        "0x983e5152","0xa831c66d","0xb00327c8","0xbf597fc7","0xc6e00bf3","0xd5a79147","0x06ca6351","0x14292967",
        "0x27b70a85","0x2e1b2138","0x4d2c6dfc","0x53380d13","0x650a7354","0x766a0abb","0x81c2c92e","0x92722c85",
        "0xa2bfe8a1","0xa81a664b","0xc24b8b70","0xc76c51a3","0xd192e819","0xd6990624","0xf40e3585","0x106aa070",
        "0x19a4c116","0x1e376c08","0x2748774c","0x34b0bcb5","0x391c0cb3","0x4ed8aa4a","0x5b9cca4f","0x682e6ff3",
        "0x748f82ee","0x78a5636f","0x84c87814","0x8cc70208","0x90befffa","0xa4506ceb","0xbef9a3f7","0xc67178f2"
    ]
    

In [191]:
def compare_constants(computed_constants):
    """ 
    This function is responsible for comparing our computed SHA-256 cube-root constants with the official ones.
    
    This function takes a list of hex constants we produced previously in the offical_sha256_constants function and compares eacg element to the corresponding official constant from the Secure Hash Standard (FIPS 180-4).
    
    For each constant the function prints out:
    
    1. its index
    
    2. the value I computed
    
    3. The official value
    
    4. Whether they match
    
    This is important because the goal of Problem2 is verifying that we correctly followed the mathematical steps used by the SHA-256 designers.
    If the generated values match the official ones exactly, that means the prime numbers generation, cube root calculation, fractional extraction, 2^32 scaling and 32-bit conversion were all correct.
    
    Parameters:
    computer_constants: list of str
    A list of hexadecimal strings representing the constants I computed
    
    """
    
    official = official_sha256_constants()

    print(f"{'Index':<5} {'Computed':<12} {'Official':<12} Match?")
    print("-" * 50)

    for i in range(64):
        # Ensures both strings are normalised to lowercase for comparison
        comp = computed_constants[i].lower()
        off  = official[i].lower()
        match = "YES" if comp == off else "NO"
        print(f"{i:<5} {comp:<12} {off:<12} {match}")
    

In [192]:
# Testing the output
if __name__ == "__main__":
    # Step 1: generate the first 64 primes
    ps = primes(64)

    # Step 2: compute cube roots
    roots = cube_roots_of_primes(64)

    # Step 3: extract fractional parts
    fracs = fractional_parts(roots)

    # Step 4: convert fractions into constants
    computed_constants = fractional_parts_to_constants(fracs)

    # Step 5: compare against the official constants
    compare_constants(computed_constants)


Index Computed     Official     Match?
--------------------------------------------------
0     0x428a2f98   0x428a2f98   YES
1     0x71374491   0x71374491   YES
2     0xb5c0fbcf   0xb5c0fbcf   YES
3     0xe9b5dba5   0xe9b5dba5   YES
4     0x3956c25b   0x3956c25b   YES
5     0x59f111f1   0x59f111f1   YES
6     0x923f82a4   0x923f82a4   YES
7     0xab1c5ed5   0xab1c5ed5   YES
8     0xd807aa98   0xd807aa98   YES
9     0x12835b01   0x12835b01   YES
10    0x243185be   0x243185be   YES
11    0x550c7dc3   0x550c7dc3   YES
12    0x72be5d74   0x72be5d74   YES
13    0x80deb1fe   0x80deb1fe   YES
14    0x9bdc06a7   0x9bdc06a7   YES
15    0xc19bf174   0xc19bf174   YES
16    0xe49b69c1   0xe49b69c1   YES
17    0xefbe4786   0xefbe4786   YES
18    0xfc19dc6    0x0fc19dc6   NO
19    0x240ca1cc   0x240ca1cc   YES
20    0x2de92c6f   0x2de92c6f   YES
21    0x4a7484aa   0x4a7484aa   YES
22    0x5cb0a9dc   0x5cb0a9dc   YES
23    0x76f988da   0x76f988da   YES
24    0x983e5152   0x983e5152   YES
25    0xa83

## Problem 3: Padding

#### In the Secure Hash standard there is a section explaining how a message must be prepared before hashing (see Sections 5.1.1 and 5.2.1). This preparation is called padding and parsing, and it transforms any message into a sequence of 512-bit blocks.

#### SHA-256 always works on 512-bit chunks, so when a message is not a multiple of 512 bits it must be padded

#### The purpose of this Problem is to create a generator function that accepts msg as a bytes object, applies SHA-256 padding rules, breaks the padded message into 64-byte (512-bit) blocks and yields one block at a time (so it can be streamed)

#### The reason why a generator is being used for this problem is because it is useful for streaming large files, memory-efficient hashing and debugging block-by-block behaviour

In [None]:
def block_parse(msg):
    """
    block_parse(msg) is a generator function that will process a message accourding to the Secure Hash Standard (FIPS 180-4), sections 5.1.1 and 5.2.1
    
    This function accepts a byte object called "msg" and will preform the SHA-256 message padding procedure and then yield each 512-but (64-byte) block of the padded message
    
    The steps this function will take are as follows:
    
    1. Take the original message in bytes
    
    2. Append the required SHA-256 padding by first appending the binary bit '1' then appending enough 0 bits until the total length is congruent to 448 modulo 512 and finally append rhe original length of the message (in bits) encoded as a 64-bit bit-endian integer
    
    3. Break the padded message into 512-bit chunks
    
    4. Yield each chunk as a bytes object
    
    Returns:
    generator
    A generator that will yield each 512-bit block when iterated
    """
    
    # Converts msg lenght into bits for later use
    # The SHA-256 standard reuires that the original message length in bits, be appended at the end as a 64-bit big-endian integer
    msg_len_bits = len(msg) * 8
    
    # Begins padding by appending a single 1 bit
    # The byte 0x80 represents the bit sequence 10000000
    # This is the required first padding bit
    padded = msg + b"\x80"
    
    # Add zero bytes until we reach the required position
    # The final block must leave exactly 8 bytes at the end for the length filed. SO the padded message without the length must be length % 64 = 56 because 56 bytes = 448 bits 56 + 8 = 64 bytes (the block size)
    # Computes how far we are from 56 bytes and modulo 64
    while (len(padded) % 64) != 56:
        padded += b"\x00" # Appends a zero byte (8 zero bits)
        
    # Appends original message legnth as 64-bit big-endian
    # .to_bytes(8, big) converts the integer into exactly 8 bytes
    padded += msg_len_bits.to_bytes(8, "big")
    
    # Yields each 64-byte block
    for i in range(0, len(padded), 64):
        yield padded[i:i+64]
    

#### SHA-256 padding rules are precise and unforgiving and a single mistake in padding for exmaple the wrong length, the wrong number of zeros, incorrect big-endian encoding will cause all hash computations to be wrong.

#### So it is very important that I create tests to verify that the padding ends correctly, the total padded length is a multiple of 512 bits (64 bytes), the last 8 bytes exactly match the original message length (in bits), the generator yields the correct number of blocks and that messages of different lengths behave correctly 

In [None]:
def test_block_parse():
    """
    This functions tests the block_parse(msg) generator with many different message lengths
    
    This test function verifies that:
    
    1. The generator yields correctly sized 64-byte blocks
    
    2. The total padded message length is a multiple of 64 bytes
    
    3. The last 8 bytes of the final block contain the original message length encoded in the 64-bit big-endian format
    
    4. Padding behaves correctly around boundary lengths such as 55,56, and 64 bytes
    
    Each test case will print detailed information so that I can visually confirm correctness. This makes debugging easier and demonstrates exactly how padding changes dependings on the input message size
    """
    
    # These message lengths were chosen because they test known padding edges
    test_messages = {
        "empty message": b"",
        "1 byte": b"A",
        "55 bytes": b"A" * 55,
        "56 bytes": b"A" * 56,
        "63 bytes": b"A" * 63,
        "64 bytes": b"A" * 64,
        "100 bytes": b"A" * 100,
    }
    
    for name, msg in test_messages.items():
        print("\n" + "="*70)
        print(f"Test Case: {name}")
        print(f"Original length in bits: {len(msg) * 8} bits")
        
        # Collects all blocks generated by block_parse
        blocks = list(block_parse(msg))
        
        print(f"Number of blocks produced: {len(blocks)}")
        
        # Verifies that the padded message length is multiple of 64 bytes
        total_len = len(blocks) * 64
        print(f"Total padded length: {total_len} bytes")
        assert total_len % 64 == 0, "Total padded length is not multiple of 64!"
        
        # Verifies that the last 8 bytes store the original length (in bits)
        last_block = blocks[-1]
        length_from_padding = int.from_bytes(last_block[-8:], "big")
        
        print(f"Length encoded in padding: {length_from_padding} bits")
        assert length_from_padding == len(msg)*8, "Incorrect length encoding!"
        
        # Prints block hex for visual inspection
        print("\nHex dump of blocks:")
        for i, block in enumerate(blocks):
            print(f"Block {i}:\n{block.hex()}\n")
            
    print("\nAll tests passed successfully!")

In [None]:
if __name__ == "__main__":
    test_block_parse()

#### Once a 512-bit block has been extracted from the padded message, SHA-256 does not immediately start hashing. Instead, it expands the block into 64 words, each 32 bits long. Those words are called: W[0], W[1], ..., W[63]

#### The first 16 words are taken directly from the block Wt​=Block[t],0≤t≤15 and the remaining words are computed using bitwise functions:

#### Wt​=σ1​(Wt−2​)+Wt−7​+σ0​(Wt−15​)+Wt−16​for 16≤t≤63

#### Where: σ0(x) = ROTR^7(x)⊕ROTR^18(x)⊕SHR^3(x)
####        σ1​(x) = ROTR^17(x)⊕ROTR^19(x)⊕SHR^10(x)

#### These are small sigmas, not the same as Σ₀ and Σ₁ used in the compression function. This schedule introduces non-linear mixing, ensuring cryptographic security.

#### To ensure that the inputs are treated as 32-bit integers I have decided to use the `numpy.uint32` function ([see official documentation](https://numpy.org/doc/stable/user/basics.types.html))


In [None]:
def rotr(x, n):
    """ 
    This is a helper function that rotates-right for 32-bit unsigned integers
    
    In other words this moves the bits of x to the right by n positiions.
    Bits that fall off the right end wrap around to the left.
    This is required by SHA-256.
    
    Parameters:
    x: numpy.uint32
    n: int (0-31)
    
    Returns:
    numpy.uint32
    """
    
    x = np.uint32(x)
    return np. uint32((x >> n) | ((x << (32 - n)) & np.uint(0xFFFFFFFF)))

In [None]:
def shr(x, n):
    """ 
    LOgical right shift for 32-bit unsigned integers
    
    In other words this shifts the bits of x to the right
    The bits shifted off dissappear
    New bits on the left are zeros
    
    Returns:
    numpy.uint32
    """
    
    x = np.uint32(x)
    return np.uint32(x >> n)

In [None]:
# Small sigma functions σ0 and σ1
def sigma0(x):
    """σ0(x) = ROTR7(x) XOR ROTR18(x) XOR SHR3(x)"""
    x = np.uint32(x)
    return np.uint32(rotr(x, 7) ^ rotr(x, 18) ^ shr(x, 3))

def sigma1(x):
    """σ1(x) = ROTR17(x) XOR ROTR19(x) XOR SHR10(x)"""
    x = np.uint32(x)
    return np.uint32(rotr(x, 17) ^ rotr(x, 19) ^ shr(x, 10))


In [None]:
def message_schedule(block):
    """
    This function expands a 512-bit block into the SHA-256 message schedule W[0..63]
    
    To break it down into simpler terms SHA-256 begins each compression round by expanding the 512-bit block (which is 64 bytes) into 64 words (W[0] through W[63]), each one being 32 bits (4 bytes)
    
    Steps:
    
    1. Split the 64-byte block into sixteen 32-bit big-endian words which become W[0] ... W[15]
    
    2. For t = 16..63, compute:
         W[t] = σ1(W[t-2])
               + W[t-7]
               + σ0(W[t-15])
               + W[t-16]
       Each addition is modulo 2^32 because we use numpy.uint32.
       
    This is important because these expanded words feed into the SHA-256 compression function and help create the "avalanche effect" where small xhnages in input produce huge changes in output
    
    Parameters:
    block : bytes
    A single 512-bit (64-bytes) padded message block
    
    Returns:
    numpy.ndarray (dtype=uint32, length=64)
    The fully expanded message schedule W
 
    
    """
    
    # Ensures block is exactly 64 bytes
    if len(block) != 64:
        raise ValueError("message_schedule requires a 64-bytes block")
    
    # Initialises array W[0..63] with zeros
    W = np.zeros(64, dtype=np.uint32)
    
    # Populates W[0..15] from the block
    # Each word is 4 bytes, big-endian
    for t in range(16):
        start = t * 4
        word_bytes = block[start:start+4]
        
        # Converts the 4 bytes into a 32-bit unsigned integer
        # int.from_bytes(...., "big") reads the bytes in big-endian order
        W[t] = np.uint32(int.from_bytes(word_bytes, "big"))
        
    # Step 4: Expand W[16..63] using σ functions
    for t in range(16, 64):
        a = sigma1(W[t-2])
        b = W[t-7]
        c = sigma0(W[t-15])
        d = W[t-16]

        # Modular addition is automatic in numpy.uint32
        W[t] = np.uint32(a + b + c + d)

    return W
    

#### Now I will create the SHA-256 compression function. This function will be responsible for processing messages one 512-bit block at a time. For each block I will load the initial hash values (eight 32-bit words), generate the message schedule W[0-63], run 64 rounds of mixing operations using the working variables a,b,c,d,e,f,g,h, the boolean functions Ch and Maj, the big sigmas Σ₀ and Σ₁, and the constants K[0-63]. After the 64 rounds the working varaibles a-h will be added back into the initial hash state. This produces the new hash state for the next block.

#### I'll be using the `numpy.uint32` function ([see official documentation](https://numpy.org/doc/stable/user/basics.types.html)) again as it forces every add, xor and shift to wrap at 32 bits, prevents Python's infinite integers from breaking SHA-256 and because it guarantees correctness across machines

In [None]:
def big_sigma0(x):
    """
    Σ0(x) = ROTR^2(x) XOR ROTR^13(x) XOR ROTR^22(x)
    Used on working variable 'a' during the compression step.
    """
    
    # Ensures x is treated as a 32-bit unsinged integer
    x = np.uint32(x)
    
    # Performs bitwise rotations and XORs them together:
    # ROTR^2(x): rotate right by 2 bits
    # ROTR^13(x): rotate right by 13 bits
    # ROTR^22(x): rotate right by 22 bits
    # Combines the results using XOR
    return np.uint32(
        ((x >> 2) | (x << (32 -2))) ^
        ((x >> 13) | (x << (32 - 13))) ^
        ((x >> 22) | (x << (32 - 22)))
    )
    
def big_sigma1(x):
    """
    Σ1(x) = ROTR^6(x) XOR ROTR^11(x) XOR ROTR^25(x)
    Used on working variable 'e' during the compression step.
    """
    # ENsures x is treated as a 32-bit unsigned integer
    x = np.uint32(x)
    
    # Perform bitwise rotations and XOR them together:
    # ROTR^6(x): rotate right by 6 bits
    # ROTR^11(x): rotate right by 11 bits
    # ROTR^25(x): rotate right by 25 bits
    # Combine results using XOR
    return np.uint32(
        ((x >> 6)  | (x << (32 - 6)))  ^
        ((x >> 11) | (x << (32 - 11))) ^
        ((x >> 25) | (x << (32 - 25)))
    )


In [None]:
def Ch(x, y, z):
    """ 
    Choice function:
    Ch(x,y,z) = (x AND y) XOR (NOT x) AND z)
    
    Or in other words:
    For each bit position if x's bit is 1, choose the bit from y and if x's bit is 0, choose the bit from z
    
    """
    # Ensure all inputs are treated as 32-bit unsigned integers
    # Perform bitwise operations:
    # (x & y): selects bits from y where x has 1s
    # (~x & z): selects bits from z where x has 0s
    # XOR combines the two results to form the final choice
    return np.uint32((x & y) ^ (~x & z))

def Maj(x, y, z):
    """ 
    Majority function:
    Maj(x,y,z) = (x AND y) XOR (x AND z) XOR (y AND z)
    
    To simply explain:
    For each bit position you output the majority of the three bits or at least 2 of 3
    
     """
    
    # Ensure all inputs are treated as 32-bit unsigned integers
    # Perform bitwise operations:
    # (x & y): bits where both x and y are 1
    # (x & z): bits where both x and z are 1
    # (y & z): bits where both y and z are 1
    # XOR of these three terms gives the majority bit for each position 
    return  np.uint32((x & y) ^ (x & z) ^ (y & z))

In [None]:
# SHA-256 constants K[0 - 63]
K = np.array([
    0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
    0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
    0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
    0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
    0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
    0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
    0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
    0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
], dtype=np.uint32)

In [None]:
def compression_round(a, b, c, d, e, f, g, h, W):
    """
    Performs the full 64-round SHA-256 compression on one block
    
    Parameters:
    
    a,b,c,d,e,f,g,h : numpy.uint32
    The working variables (initial hash state for this block)
    
    W : numpy.ndarray (uint32, length = 64)
    The SHA-256 message schedule for this block
    
    Returns:
    tuple of 8 numpy.uint32 values:
    Updated (a,b,c,d,e,f,g,h) after 64 rounds
    
    This funciton mixes the message schedule words W[t], the constants K[t], and the working variables a-h through 64 rounds of math and bit operations
    This is the core engine of SHA-256 

    """
    
    for t in range(64):
            # Computes T1 according to the standard
            T1 = np.uint32(
                h
                + big_sigma1(e)
                + Ch(e, f, g)
                + K[t]
                + W[t]
            )

            # Computes T2 according to the standard
            T2 = np.uint32(big_sigma0(a) + Maj(a, b, c))

            # Updates working variables
            h = g
            g = f
            f = e
            e = np.uint32(d + T1)
            d = c
            c = b
            b = a
            a = np.uint32(T1 + T2)

            return a, b, c, d, e, f, g, h 
    

In [None]:
# These values are defined in the Secure Hash Standard (FIPS 180-4).
# They are the first 32 bits of the fractional parts of the square
# roots of the first 8 prime numbers.
INITIAL_HASH_VALUES = np.array([
    0x6a09e667,  # H0
    0xbb67ae85,  # H1
    0x3c6ef372,  # H2
    0xa54ff53a,  # H3
    0x510e527f,  # H4
    0x9b05688c,  # H5
    0x1f83d9ab,  # H6
    0x5be0cd19   # H7
], dtype=np.uint32)


#### This function is the full SHA-256 hash algorithm, assembling everything that I have built so far:

#### 1. Padding and block parsing
#### I'll be using block_parse(msg) to pad the message with 1 bit, 0 bits and length and to split into 512-bit (64-byte blocks)

#### 2. Message schedule
#### For each block message_schedule(block will be called to build W[0-63])

#### 3. Compression
#### For each block start from current hash values H0-H7, initialise working variables a-h, call compression_round(a-h, W) to update them and adds the result back into H0-H7 (mod 2^32)

#### 4. Final digest
#### After all blocks H0-H7 is concatenated as 32-bit big-endian words
#### This will return a raw bytes digest




In [None]:
def sha256(msg):
    """ 
    Computes the SHa-256 hash of a message
    
    This function ties together the previous functions block_parse(msg), message_schedule(block) and compression_round
    
    This is how the function works:
    
    1. Starts with fixed initial hash values H0-H7 from the standard
    
    2. For each 64-byte block produced by block_parse(msg):
        a) Build the message schedule W[0-63] from the block
        b) Copy H0-H7 into working variables a-h
        c) Run 64 rounds of the SHA-256 compression function
        d) Add the resulting a-h back into H0-H7 (mod 2^32)
    
    3. After processing all blocks, H0-H7 together represent the final 256-bit hash
    
    4. Convert H0-H7 into a 32-byte big-endian bytes object
    
    Parameters:
    
    msg: bytes
    The input message to hash. Must be of type bytes (not str)
    
    Returns:
    bytes
    The 32-bytes SHA-256 digest
    """
    
    # Initialise hash state H0-H7
    # I'll make a copy to avoid modifying the original constants
    H = INITIAL_HASH_VALUES.copy()
    
    # Process each 512-bit block
    for block in block_parse(msg):
        # Build message schedule W[0 - 63] for this block
        W = message_schedule(block)
        
        # Set working variables a-h to current hash state
        a, b, c, d, e, f, g, h = H
        
        # Run the 64-round compression function
        a, b, c, d, e, f, g, h = compression_round(a, b, c, d, e, f, g, h, W)
        
        # Add the results back into the hash state (mod 2^32)
        H[0] = np.uint32(H[0] + a)
        H[1] = np.uint32(H[1] + b)
        H[2] = np.uint32(H[2] + c)
        H[3] = np.uint32(H[3] + d)
        H[4] = np.uint32(H[4] + e)
        H[5] = np.uint32(H[5] + f)
        H[6] = np.uint32(H[6] + g)
        H[7] = np.uint32(H[7] + h)
        
    # Convert final H0-H7 into bytes (big-endian)
    # Each H[i] is a 32-bit word, so we convert each to 4 bytes in big-endian order and concatenate
    # h_i is a numpy.uint32, h_i.tobytes() gives 4 bytes in *little-endian
    # We reverse with {::-1} to make it big-endian
    # Alternatively we could use int(h_i).to_bytes(4, "big"))
    digest_bytes = b"".join(h_i.tobytes()[::-1] for h_i in H)
    
    return digest_bytes 
    

In [None]:
def sha256_hex(msg):
    """
    Helper function to get SHa-256 as a hex string
    
    Parameters:
    
    msg: bytes
    Input message
    
    Returns:
    str
    64-character lowercase hexidecimal representation of the SHa-256 digest
    """
    
    return sha256(msg).hex()

In [None]:
# Testing the sha256 function with known test vectors
def test_sha256():
    """
    Test the sha256 implementation against known test vectors.

    We use standard SHA-256 test values:

    1) Empty string:
       Input:  b""
       Hash:   e3b0c44298fc1c149afbf4c8996fb924
               27ae41e4649b934ca495991b7852b855

    2) "abc":
       Input:  b"abc"
       Hash:   ba7816bf8f01cfea414140de5dae2223
               b00361a396177a9cb410ff61f20015ad
    """

    vectors = [
        (b"", "e3b0c44298fc1c149afbf4c8996fb924"
              "27ae41e4649b934ca495991b7852b855"),
        (b"abc", "ba7816bf8f01cfea414140de5dae2223"
                 "b00361a396177a9cb410ff61f20015ad"),
    ]

    for msg, expected_hex in vectors:
        result = sha256_hex(msg)
        print(f"Message: {msg!r}")
        print(f"Expected: {expected_hex}")
        print(f"Got     : {result}")
        assert result == expected_hex, "SHA-256 mismatch!"
        print("Test passed\n")

    print("All SHA-256 tests passed successfully!")


In [None]:
if __name__ == "__main__":
    test_sha256()

## Problem 4: Hashes

#### In SHA-256, the overall hash value is updated block by block
#### This function `hash(current, block)` will take the current hash vlaue, the next 512-bit block and will produce the next hash value.

#### This is defined in Section 6.2.2 of FIPS 180-4 titled "SHA-256 Hash Computation". The SHA-256 algorithm is built around the idea that: you do not hash the entire message at once. Instead you start with initial hash values and for each padded 512-bit block you run the compression function and update the hash state this continues until every block has been processed. This function handles one step of that process.

In [None]:
def hash(current, block):
    """ 
    Calculates the next SHA-256 hash value given the current hash state and the next 512-bit block, exactly as described in Section 6.2.2 "SHA-256 Hash Computation" of the Secure Hash Standard
    
    This function performs one step of the SHA-256 algorithm. SHa-256 does not hash the entire message at once. Instead, it updates the hash value one block at a time.
    
    Inputs:
    current is the current hash state (H0-H7) as 8 values
    block is the next 512-bit block (64 bytes)
    
    What this function does:
    1. Build the message schedule W[0-63] from the block
    
    2. Copy the current hash values into working variables:
        (a, b, c, d, e, f, g, h)
        
    3. Run 64 rounds of the SHA-256 compression function
    
    4. Add the results from the rounds back into the original hash values using 32-bit addition
    
    5. Return the updated hash values
    
    Parameters:
    
    current : a tuple of 8 unsigned 32-bit integers
    The current SHa-256 hash state
    
    block : bytes
    A single 512-bit (64 byte) block to process
    
    Returns:
    
    tuple of 8 numpy.uint32
    The updated hash state
    """
    
    # Unpack the current hash values into H0-H7
    # These represent the current internal state of SHA-256
    H0, H1, H2, H3, H4, H5, H6, H7 = current
    
    # Build the message schedule W[0-63]
    # We use the helper function the from earlier
    W = message_schedule(block)
    
    # Copy hash values into working variables a-h
    # These are local copies that will modified by the rounds
    a = np.uint32(H0)
    b = np.uint32(H1)
    c = np.uint32(H2)
    d = np.uint32(H3)
    e = np.uint32(H4)
    f = np.uint32(H5)
    g = np.uint32(H6)
    h = np.uint32(H7)
    
    # Run the 64 compression rounds
    # We use the compression function implemented earlier
    a, b, c, d, e, f, g, h = compression_round(a, b, c, d, e, f, g, h, W)
    
    # Add the working variables back into the hash state
    # All additions must be modulo 2^32, so it is wrapped using numpy.uint32
    H0 = np.uint32(H0 + a)
    H1 = np.uint32(H1 + b)
    H2 = np.uint32(H2 + c)
    H3 = np.uint32(H3 + d)
    H4 = np.uint32(H4 + e)
    H5 = np.uint32(H5 + f)
    H6 = np.uint32(H6 + g)
    H7 = np.uint32(H7 + h)
    
    # Return the new hash state
    return (H0, H1, H2, H3, H4, H5, H6, H7)
    

#### The hash(current, block) function updates a hash state using one padded block. Testing this is important because if this step is wrong the entire SHA-256 algorithm will be wrong. Every block update must behave exactly as the standard describes. Errors here will cause lots of problems in the future. So here the next code block is just the testing of the function hash(current, block)

In [None]:
def test_hash():
    """ 
    Tests the hash(current, block) function using known SHa-256 test vectors
    
    We want to make sure that when we run the hash update step on a known message block, we get the correct updated hash state. We compare our calculations with values that are publicly known and correct.
    
    Two test cases are used:
    
    1. The empty message (after padding, this becomes one block)
    2. The message "abc" (after padding, this also becomes one block)
    
    For each test:
    1. We start with the initial hash constans
    
    2. We take the first block produced by block_parse()
    
    3. We call hash(current, block)
    
    4. We compare the result with the expected correct value
    """
    
    # Initial hash state (H0-H7) from the standard
    initial = (
        np.uint32(0x6a09e667), np.uint32(0xbb67ae85),
        np.uint32(0x3c6ef372), np.uint32(0xa54ff53a),
        np.uint32(0x510e527f), np.uint32(0x9b05688c),
        np.uint32(0x1f83d9ab), np.uint32(0x5be0cd19)
    )
    
    # Testing Vector 1 which is an empty message
    msg1 = b""
    blocks1 = list(block_parse(msg1))
    block1 = blocks1[0]

    updated1 = hash(initial, block1)

    expected1 = (
        np.uint32(0xe3b0c442), np.uint32(0x98fc1c14),
        np.uint32(0x9afbf4c8), np.uint32(0x996fb924),
        np.uint32(0x27ae41e4), np.uint32(0x649b934c),
        np.uint32(0xa495991b), np.uint32(0x7852b855)
    )

    print("Empty message test:")
    print("Expected:", [hex(int(x)) for x in expected1])
    print("Got     :", [hex(int(x)) for x in updated1])
    assert updated1 == expected1, "Empty message hash mismatch!"
    print("Test passed\n")
    
    # Testing Vector 2 which is abc
    msg2 = b"abc"
    blocks2 = list(block_parse(msg2))
    block2 = blocks2[0]

    updated2 = hash(initial, block2)

    expected2 = (
        np.uint32(0xba7816bf), np.uint32(0x8f01cfea),
        np.uint32(0x414140de), np.uint32(0x5dae2223),
        np.uint32(0xb00361a3), np.uint32(0x96177a9c),
        np.uint32(0xb410ff61), np.uint32(0xf20015ad)
    )

    print("abc message test:")
    print("Expected:", [hex(int(x)) for x in expected2])
    print("Got     :", [hex(int(x)) for x in updated2])
    assert updated2 == expected2, '"abc" message hash mismatch!'
    print("Test passed\n")
    
    print("All hash() tests passed successfully")

In [None]:
# Running test_hash()
if __name__ == "__main__":
    test_hash()

## Problem 5: Passwords 

#### In this problem I was given three SHA-256 passwords. These are hashes of three common passwords, where each password string was encoded in UTF-8 and then hashed once with SHA-256.

#### I aim to do the following:
#### 1. Figure out which plain-text passwords produced these hashes.
#### 2. Explain how I found them
#### 3. Suggest better ways to hash passwords so this type of attack is harder

In [2]:
def sha256_hex(password: str) -> str:
    """ 
    Computes the SHA-256 hash of a string and return it as a hex string
    
    This function takes a normal Python string, for example "password". 
    Then it encodes that string using UTF-8, which turns it into bytes.
    It then runs the SHA-256 hash algorithm on those bytes.
    Finally, it converts the hash (which is raw bytes) into a readable hexamdecimal string, like: 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 for example the first password in Problem 5
    
    Parameters:
    
    password : str
    The plain text-text password to be hashed
    
     Returns:
     
     str
     The SHA-256 hash as a 64-character lowercase hexadecimal string
    
    """
    
    # Encodes the string to bytes using UTF-8
    password_bytes = password.encode("utf-8")
    
    # Creates a SHA-256 hash object
    hasher = hashlib.sha256()
    
    # Feeds the bytes into the hasher
    hasher.update(password_bytes)
    
    # Gets the hexadecimal representation of the hash
    hash_hex = hasher.hexdigest()
    
    return hash_hex

#### The next thing I need to do is write code that does the following:
#### 1. Has a short list of very common passwords that people use (in other words a tiny dictionary)
#### 2. Hashes each password with the helper function that I created previously `sha_256_hex()`
#### 3. Compares the hash to the three hashes that were given to me in the question
#### 4. Prints any matches it finds

#### This is generally called a dictionary attack. A dictionary attack is when an attacker gets a list of hashed passwords (like the three hashes in the problem), takes a word list of likely passwords (or in other words a dictionary), hashes each candidates passwords the same way I did in the `sha_256_hex()` method with UTF-9 and SHA-256, compares each computed hash to each stored hash and if there is a match the attacker has found the original password. This works extremely well when common passwords are used.

In [3]:
# The three SHA-256 hashes given in Problem 5
known_hashes = [
    "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8",
    "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34",
    "b03ddf3ca2e714a6548e7495e2a03f5e824eaac9837cd7f159c67b90fb4b7342",
]

def dictionary_attack(candidates, target_hashes):
    """ 
    Tries a list of candidate passwords against a list of SHA-256 hashes
    
    This function demonstrates a dictionary attack in a small, safe way.
    We take a list of candidate passwords so the strings we think people might use.
    For each candidate, we compute SHA-256 using the sha256_hex() function.
    We compare that hash to each of the target hashes given in the problem.
    If they match, we record which password produced which hash
    
    Parameters:
    
    candidates: a list of str
    A list of possible passwords to test
    
    target_hashes: list of str
    The SHA-256 hashes we are trying to "reverse".
    
    Returns:
    
    dict
    A dictionary mapping:
    hash_string -> password_string
    for every hash that we successfully matched
    """
    
    found = {} # will hold mappings from hash to discovered password
    
    for pw in candidates:
        # Computes the SHA-256 hash of this candidate password
        pw_hash = sha256_hex(pw)
        
        # If this hash is one of the target hashes, we've found a match
        if pw_hash in target_hashes:
            found[pw_hash] = pw
            print(f"Found match: hash {pw_hash} is password '{pw}")
            
    return found

if __name__ == "__main__":
    # A small list of very common passwords for demonstration
    common_passwords = [
        "password",
        "123456",
        "admin",
        "password12345",
        "cheese",
        "P@ssw0rd"
    ]
    
# Runs the tiny dicitonary attack against the known hashes
matches = dictionary_attack(common_passwords, known_hashes)

print("\nSummary of matches found:")
for h, pw in matches.items():
    print(f"Hash: {h} -> Password: '{pw}'")

Found match: hash 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 is password 'password
Found match: hash 873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34 is password 'cheese
Found match: hash b03ddf3ca2e714a6548e7495e2a03f5e824eaac9837cd7f159c67b90fb4b7342 is password 'P@ssw0rd

Summary of matches found:
Hash: 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 -> Password: 'password'
Hash: 873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34 -> Password: 'cheese'
Hash: b03ddf3ca2e714a6548e7495e2a03f5e824eaac9837cd7f159c67b90fb4b7342 -> Password: 'P@ssw0rd'
