# Computational Theory Problems

*Hammad Mubarik*

In [401]:
import numpy as np

### 1. Parity Function

The Parity function performs a bitwise XOR operation on three 32-bit words.

Formula: `Parity(x, y, z) = x ⊕ y ⊕ z`

Usage: Used in SHA-1 hash algorithm for rounds t=20-39 and t=60-79.

In [402]:
#Parity Function
def Parity(x, y, z):
    """
    Parity function - XOR of three 32-bit words.
    
    Formula from FIPS 180-4: Parity(x, y, z) = x ⊕ y ⊕ z
    
    Used in SHA-1 for rounds t=20-39 and t=60-79.
    
    Args:
        x: First 32-bit word
        y: Second 32-bit word
        z: Third 32-bit word
    
    Returns:
        32-bit word result of x XOR y XOR z
    """
    # Convert inputs to 32-bit unsigned integers
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    # Perform XOR operation
    result = np.uint32(x ^ y ^ z)

    return result

In [403]:
# Test Parity function
x_test = np.uint32(0x12345678)
y_test = np.uint32(0x9ABCDEF0)
z_test = np.uint32(0xFEDCBA98)

parity_result = Parity(x_test, y_test, z_test)
print(f"Parity(0x{x_test:08X}, 0x{y_test:08X}, 0x{z_test:08X}) = 0x{parity_result:08X}")

Parity(0x12345678, 0x9ABCDEF0, 0xFEDCBA98) = 0x76543210


#### Cryptographic Purpose

In SHA-1, the Parity function is used during specific rounds (t=20-39 and t=60-79) to mix the internal state variables. The XOR operation ensures that changes in any of the three inputs will affect the output, providing diffusion.

#### How It Works

For each of the 32 bit positions:
- If an **odd number** of input bits are 1 → output is 1
- If an **even number** of input bits are 1 → output is 0

Example for one bit position:
- `Parity(1, 0, 0) = 1` (odd number of 1s)
- `Parity(1, 1, 0) = 0` (even number of 1s)
- `Parity(1, 1, 1) = 1` (odd number of 1s)

### 2. Ch (Choose) Function

The Ch function chooses bits from y or z based on the bits in x.

**Formula:** `Ch(x, y, z) = (x ∧ y) ⊕ (¬x ∧ z)`

**Explanation:** For each bit position, if the bit in x is 1, the result takes the bit from y; if the bit in x is 0, the result takes the bit from z.

**Usage:** Used in SHA-224, SHA-256, SHA-384, SHA-512 hash computations.

In [404]:
def Ch(x, y, z):
    """
    Choose function - x chooses between y and z.
    
    Args:
        x, y, z: 32-bit words
    
    Returns:
        32-bit word where each bit is chosen from y (if x bit is 1) or z (if x bit is 0)
    """
    # Convert all inputs to 32-bit unsigned integers
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    # Apply the choose formula: (x AND y) XOR (NOT x AND z)
    return np.uint32((x & y) ^ (~x & z))

In [405]:
# Test Ch function
x_test = np.uint32(0x12345678)
y_test = np.uint32(0x9ABCDEF0)
z_test = np.uint32(0xFEDCBA98)

ch_result = Ch(x_test, y_test, z_test)
print(f"Ch(0x{x_test:08X}, 0x{y_test:08X}, 0x{z_test:08X}) = 0x{ch_result:08X}")

# Additional test: when x is all 1s, should return y
x_all_ones = np.uint32(0xFFFFFFFF)
ch_test2 = Ch(x_all_ones, y_test, z_test)
print(f"\nCh(0xFFFFFFFF, 0x{y_test:08X}, 0x{z_test:08X}) = 0x{ch_test2:08X}")
print(f"Expected y: 0x{y_test:08X} - Match: {ch_test2 == y_test}")

# When x is all 0s, should return z
x_all_zeros = np.uint32(0x00000000)
ch_test3 = Ch(x_all_zeros, y_test, z_test)
print(f"\nCh(0x00000000, 0x{y_test:08X}, 0x{z_test:08X}) = 0x{ch_test3:08X}")
print(f"Expected z: 0x{z_test:08X} - Match: {ch_test3 == z_test}")

Ch(0x12345678, 0x9ABCDEF0, 0xFEDCBA98) = 0xFEFCFEF0

Ch(0xFFFFFFFF, 0x9ABCDEF0, 0xFEDCBA98) = 0x9ABCDEF0
Expected y: 0x9ABCDEF0 - Match: True

Ch(0x00000000, 0x9ABCDEF0, 0xFEDCBA98) = 0xFEDCBA98
Expected z: 0xFEDCBA98 - Match: True


#### Visualization

For a single bit position:
- If `x = 1`: output = `y` bit
- If `x = 0`: output = `z` bit

Think of `x` as a **selector switch**: 1 means "choose from y", 0 means "choose from z".

#### Example
```
x = 0b1010 (selector)
y = 0b1100 (option A)
z = 0b0011 (option B)

Result: 0b1001
         ↑  ↑
         |  └─ x=0, so chose z (1)
         └──── x=1, so chose y (1)
```

### 3. Maj (Majority) Function

The Maj function returns the majority bit at each position across three inputs.

**Formula:** `Maj(x, y, z) = (x ∧ y) ⊕ (x ∧ z) ⊕ (y ∧ z)`

**Explanation:** For each bit position, the result is 1 if at least two of the three input bits are 1.

**Usage:** Used in SHA-224, SHA-256, SHA-384, SHA-512 hash computations.

In [406]:
def Maj(x, y, z):
    """
    Majority function - returns the majority bit at each position.
    
    Args:
        x, y, z: 32-bit words
    
    Returns:
        32-bit word where each bit is 1 if at least two of the input bits are 1
    """
    # Convert all inputs to 32-bit unsigned integers
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    # Apply the majority formula: (x AND y) XOR (x AND z) XOR (y AND z)
    return np.uint32((x & y) ^ (x & z) ^ (y & z))

In [407]:
# Test Maj function
x_test = np.uint32(0x12345678)
y_test = np.uint32(0x9ABCDEF0)
z_test = np.uint32(0xFEDCBA98)

maj_result = Maj(x_test, y_test, z_test)
print(f"Maj(0x{x_test:08X}, 0x{y_test:08X}, 0x{z_test:08X}) = 0x{maj_result:08X}")

# Additional test: all same values should return that value
x_same = np.uint32(0xAAAAAAAA)
maj_test2 = Maj(x_same, x_same, x_same)
print(f"\nMaj(0xAAAAAAAA, 0xAAAAAAAA, 0xAAAAAAAA) = 0x{maj_test2:08X}")
print(f"Expected: 0xAAAAAAAA - Match: {maj_test2 == x_same}")

Maj(0x12345678, 0x9ABCDEF0, 0xFEDCBA98) = 0x9ABCDEF8

Maj(0xAAAAAAAA, 0xAAAAAAAA, 0xAAAAAAAA) = 0xAAAAAAAA
Expected: 0xAAAAAAAA - Match: True


#### Truth Table

For a single bit position:

| x | y | z | Maj(x,y,z) | Explanation |
|---|---|---|------------|-------------|
| 0 | 0 | 0 | 0 | Zero 1s (majority is 0) |
| 0 | 0 | 1 | 0 | One 1 (majority is 0) |
| 0 | 1 | 0 | 0 | One 1 (majority is 0) |
| 0 | 1 | 1 | 1 | Two 1s (majority is 1) ✓ |
| 1 | 0 | 0 | 0 | One 1 (majority is 0) |
| 1 | 0 | 1 | 1 | Two 1s (majority is 1) ✓ |
| 1 | 1 | 0 | 1 | Two 1s (majority is 1) ✓ |
| 1 | 1 | 1 | 1 | Three 1s (majority is 1) ✓ |

#### Why This Formula Works

The XOR of the three AND operations counts pairs:
- If 2 inputs are 1: exactly one pair matches → XOR gives 1
- If 3 inputs are 1: all three pairs match → XOR gives 1 (odd number)
- If 0-1 inputs are 1: zero or no pairs → XOR gives 0

### Helper Functions for Rotation and Shift Operations

Before implementing the Sigma and sigma functions, we need two fundamental bit manipulation operations defined in Section 3.2 of FIPS 180-4:

#### ROTR (Rotate Right)
A **circular right shift** where bits that fall off the right end wrap around to the left end. No information is lost.

**Formula:** `ROTR^n(x) = (x >> n) | (x << (32 - n))`

**Example:** Rotating `0b10110001` right by 3 positions:
```
Original:  10110001
          ___↓↓↓
Rotated:   00110110
           ↑↑↑___
           wraparound
```

#### SHR (Shift Right)
A **logical right shift** where bits fall off the right end and zeros fill in from the left. Information is lost.

**Formula:** `SHR^n(x) = x >> n`

**Example:** Shifting `0b10110001` right by 3 positions:
```
Original:  10110001
          ___↓↓↓
Shifted:   00010110
           ↑↑↑
           zeros
```

#### Why Both Operations?

- **ROTR** preserves all bits, creating complex mixing patterns
- **SHR** introduces irreversibility (one-way function property)

Combining both in the Sigma functions provides the cryptographic properties needed for secure hashing.

In [408]:
def ROTR(x, n, w=32):
    """
    Rotate right (circular right shift) operation.
    
    Formula: ROTR^n(x) = (x >> n) | (x << (w - n))
    
    Args:
        x: 32-bit word to rotate
        n: number of positions to rotate right
        w: word size in bits (default 32)
    
    Returns:
        32-bit word after rotation
    """
    x = np.uint32(x)
    # Right shift by n, OR with left shift by (w-n)
    return np.uint32((x >> n) | (x << (w - n)))


def SHR(x, n):
    """
    Right shift operation.
    
    Formula: SHR^n(x) = x >> n
    
    Args:
        x: 32-bit word to shift
        n: number of positions to shift right
    
    Returns:
        32-bit word after shift (zeros fill from left)
    """
    x = np.uint32(x)
    # Logical right shift
    return np.uint32(x >> n)

### 4. Σ₀ (Sigma0) Function

The Sigma0 function combines three different rotations of the input.

**Formula:** `Σ₀²⁵⁶(x) = ROTR²(x) ⊕ ROTR¹³(x) ⊕ ROTR²²(x)`

**Usage:** Used in the SHA-256 compression function.

In [409]:
def Sigma0(x):
    """
    SHA-256 Sigma0 function (uppercase sigma).
    
    Args:
        x: 32-bit word
    
    Returns:
        32-bit word result of ROTR2(x) XOR ROTR13(x) XOR ROTR22(x)
    """
    # Convert input to 32-bit unsigned integer
    x = np.uint32(x)
    
    # Apply three rotations and XOR them together
    return np.uint32(ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))

In [410]:
# Test Sigma0 function
x_test = np.uint32(0x12345678)

sigma0_result = Sigma0(x_test)
print(f"Sigma0(0x{x_test:08X}) = 0x{sigma0_result:08X}")

# Test with another value
x_test2 = np.uint32(0xFFFFFFFF)
sigma0_result2 = Sigma0(x_test2)
print(f"Sigma0(0x{x_test2:08X}) = 0x{sigma0_result2:08X}")

Sigma0(0x12345678) = 0x66146474
Sigma0(0xFFFFFFFF) = 0xFFFFFFFF


### 5. Σ₁ (Sigma1) Function

The Sigma1 function combines three different rotations of the input.

**Formula:** `Σ₁²⁵⁶(x) = ROTR⁶(x) ⊕ ROTR¹¹(x) ⊕ ROTR²⁵(x)`

**Usage:** Used in the SHA-256 compression function.

In [411]:
def Sigma1(x):
    """
    SHA-256 Sigma1 function (uppercase sigma).
    
    Args:
        x: 32-bit word
    
    Returns:
        32-bit word result of ROTR6(x) XOR ROTR11(x) XOR ROTR25(x)
    """
    # Convert input to 32-bit unsigned integer
    x = np.uint32(x)
    
    # Apply three rotations and XOR them together
    return np.uint32(ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))

In [412]:
# Test Sigma1 function
x_test = np.uint32(0x12345678)

sigma1_result = Sigma1(x_test)
print(f"Sigma1(0x{x_test:08X}) = 0x{sigma1_result:08X}")

# Test with another value
x_test2 = np.uint32(0xFFFFFFFF)
sigma1_result2 = Sigma1(x_test2)
print(f"Sigma1(0x{x_test2:08X}) = 0x{sigma1_result2:08X}")

Sigma1(0x12345678) = 0x3561ABDA
Sigma1(0xFFFFFFFF) = 0xFFFFFFFF


### 6. σ₀ (sigma0) Function

The sigma0 function (lowercase) combines two rotations and one shift of the input.

**Formula:** `σ₀²⁵⁶(x) = ROTR⁷(x) ⊕ ROTR¹⁸(x) ⊕ SHR³(x)`

**Note:** Unlike Sigma0 (uppercase), this uses SHR (shift) for the last operation, not ROTR (rotate).

**Usage:** Used in SHA-256 message schedule expansion.

In [413]:
def sigma0(x):
    """
    SHA-256 sigma0 function (lowercase sigma).
    
    Args:
        x: 32-bit word
    
    Returns:
        32-bit word result of ROTR7(x) XOR ROTR18(x) XOR SHR3(x)
    """
    # Convert input to 32-bit unsigned integer
    x = np.uint32(x)
    
    # Apply two rotations and one shift, then XOR them together
    return np.uint32(ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))

In [414]:
# Test sigma0 function
x_test = np.uint32(0x12345678)

sigma0_result = sigma0(x_test)
print(f"sigma0(0x{x_test:08X}) = 0x{sigma0_result:08X}")

# Test with another value
x_test2 = np.uint32(0xFFFFFFFF)
sigma0_result2 = sigma0(x_test2)
print(f"sigma0(0x{x_test2:08X}) = 0x{sigma0_result2:08X}")

sigma0(0x12345678) = 0xE7FCE6EE
sigma0(0xFFFFFFFF) = 0x1FFFFFFF


### 7. σ₁ (sigma1) Function

The sigma1 function (lowercase) combines two rotations and one shift of the input.

**Formula:** `σ₁²⁵⁶(x) = ROTR¹⁷(x) ⊕ ROTR¹⁹(x) ⊕ SHR¹⁰(x)`

**Note:** Like sigma0, this uses SHR (shift) for the last operation, not ROTR (rotate).

**Usage:** Used in SHA-256 message schedule expansion.

In [415]:
def sigma1(x):
    """
    SHA-256 sigma1 function (lowercase sigma).
    
    Args:
        x: 32-bit word
    
    Returns:
        32-bit word result of ROTR17(x) XOR ROTR19(x) XOR SHR10(x)
    """
    # Convert input to 32-bit unsigned integer
    x = np.uint32(x)
    
    # Apply two rotations and one shift, then XOR them together
    return np.uint32(ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))

In [416]:
# Test sigma1 function
x_test = np.uint32(0x12345678)

sigma1_result = sigma1(x_test)
print(f"sigma1(0x{x_test:08X}) = 0x{sigma1_result:08X}")

# Test with another value
x_test2 = np.uint32(0xFFFFFFFF)
sigma1_result2 = sigma1(x_test2)
print(f"sigma1(0x{x_test2:08X}) = 0x{sigma1_result2:08X}")

sigma1(0x12345678) = 0xA1F78649
sigma1(0xFFFFFFFF) = 0x003FFFFF


## Problem 2: Fractional Parts of Cube Roots

This problem generates the **SHA-256 constants K₀ through K₆₃** used in the compression function. These constants are derived from the fractional parts of cube roots of the first 64 prime numbers.

### Why Cube Roots of Primes?

The SHA-256 designers chose these values to demonstrate that the constants are **"nothing up my sleeve" numbers** - they come from a transparent mathematical process, not arbitrary choices where backdoors could be hidden.

The process:
1. Take the first 64 prime numbers (2, 3, 5, 7, 11, 13, ...)
2. Calculate the cube root of each: ∛2, ∛3, ∛5, ...
3. Extract the fractional part: ∛2 ≈ 1.259921... → 0.259921...
4. Convert to 32-bit representation (first 32 bits of fractional part)
5. Display in hexadecimal

These become the round constants K₀, K₁, K₂, ... K₆₃ used in SHA-256.

### Step 1: Generate Prime Numbers

We need a function `primes(n)` that returns the first n prime numbers.

**What is a prime number?**
A prime is a natural number greater than 1 that has no positive divisors other than 1 and itself.

**Algorithm**: Trial Division
- Start with 2 (the first prime)
- For each candidate number, check if it's divisible by any smaller prime
- If not divisible, it's prime

We'll use an efficient approach: only check divisibility up to √candidate.

In [417]:
def primes(n):
    """
    Generate the first n prime numbers.
    
    Args:
        n: Number of primes to generate
    
    Returns:
        List of first n prime numbers
    """
    if n <= 0:
        return []
    
    # List to store prime numbers
    prime_list = []
    
    # Start checking from 2 (first prime)
    candidate = 2
    
    # Continue until we have n primes
    while len(prime_list) < n:
        # Check if candidate is prime
        is_prime = True
        
        # Only need to check divisibility up to sqrt(candidate)
        for prime in prime_list:
            if prime * prime > candidate:
                break
            if candidate % prime == 0:
                is_prime = False
                break
        
        # If prime, add to list
        if is_prime:
            prime_list.append(candidate)
        
        # Move to next candidate
        candidate += 1
    
    return prime_list

In [418]:
# Test the primes function
first_10_primes = primes(10)
print("First 10 prime numbers:")
print(first_10_primes)

# Verify they're correct
expected = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29]
print(f"\nExpected: {expected}")
print(f"Match: {first_10_primes == expected}")

# Show first 64 primes (what we need for SHA-256)
first_64_primes = primes(64)
print(f"\nFirst 64 primes generated successfully")
print(f"First prime: {first_64_primes[0]}")
print(f"64th prime: {first_64_primes[63]}")

First 10 prime numbers:
[2, 3, 5, 7, 11, 13, 17, 19, 23, 29]

Expected: [2, 3, 5, 7, 11, 13, 17, 19, 23, 29]
Match: True

First 64 primes generated successfully
First prime: 2
64th prime: 311


### Step 2: Calculate Cube Roots and Extract Fractional Parts

For each prime number p, we need to:
1. Calculate the cube root: ∛p
2. Extract the fractional part (decimal portion after the decimal point)

**Example:**
- ∛2 ≈ 1.259921049894873...
- Fractional part = 0.259921049894873...

**Mathematical breakdown:**
- Integer part = floor(∛p) = 1
- Fractional part = ∛p - floor(∛p) = 1.2599... - 1 = 0.2599...



In [419]:
def get_fractional_part(number):
    """
    Calculate cube root and extract the fractional part.
    
    Args:
        number: The number to take cube root of
    
    Returns:
        Fractional part of the cube root as a float
    """
    # Calculate cube root using numpy
    cube_root = np.cbrt(number)
    
    # Extract fractional part (remove integer part)
    fractional_part = cube_root - np.floor(cube_root)
    
    return fractional_part

In [420]:
# Test with the first few primes
test_primes = primes(5)

print("Testing cube root fractional parts:")

for prime in test_primes:
    cube_root = np.cbrt(prime)
    frac_part = get_fractional_part(prime)
    
    print(f"Prime: {prime:3d}")
    print(f"  Cube root: {cube_root:.15f}")
    print(f"  Fractional part: {frac_part:.15f}")


Testing cube root fractional parts:
Prime:   2
  Cube root: 1.259921049894873
  Fractional part: 0.259921049894873
Prime:   3
  Cube root: 1.442249570307408
  Fractional part: 0.442249570307408
Prime:   5
  Cube root: 1.709975946676697
  Fractional part: 0.709975946676697
Prime:   7
  Cube root: 1.912931182772389
  Fractional part: 0.912931182772389
Prime:  11
  Cube root: 2.223980090569316
  Fractional part: 0.223980090569316


### Step 3: Convert Fractional Part to 32-bit Hexadecimal

Now we need to convert the fractional part to a 32-bit representation in hexadecimal.

**The Process:**
1. Take the fractional part (e.g., 0.259921...)
2. Multiply by 2³² (4,294,967,296) to scale it to 32-bit range
3. Take the integer part of the result
4. Convert to hexadecimal

**Why multiply by 2³²?**

When we have a fractional value between 0 and 1, multiplying by 2³² scales it to the full range of a 32-bit unsigned integer (0 to 4,294,967,295).

**Example with ∛2:**
- Fractional part: 0.259921049894873
- Multiply by 2³²: 0.259921... × 4,294,967,296 ≈ 1,116,352,408
- Convert to hex: 0x428a2f98

This matches the first K constant on page 11 of FIPS 180-4!

In [421]:
def fractional_to_hex(fractional_part):
    """
    Convert fractional part to 32-bit hexadecimal.
    
    Args:
        fractional_part: Float between 0 and 1
    
    Returns:
        32-bit value as numpy uint32
    """
    # Scale fractional part to 32-bit range
    scaled = fractional_part * (2 ** 32)
    
    # Convert to 32-bit unsigned integer
    result = np.uint32(scaled)
    
    return result

In [422]:
# Test with first few primes
test_primes = primes(5)

print("Testing fractional to hex conversion:")

for i, prime in enumerate(test_primes):
    frac_part = get_fractional_part(prime)
    hex_value = fractional_to_hex(frac_part)
    
    print(f"K[{i}] from prime {prime}:")
    print(f"  Fractional part: {frac_part:.15f}")
    print(f"  Hex value: 0x{hex_value:08X}")


# Compare first value to expected (from page 11 of FIPS 180-4)
print("Expected K[0] (from FIPS 180-4): 0x428a2f98")

Testing fractional to hex conversion:
K[0] from prime 2:
  Fractional part: 0.259921049894873
  Hex value: 0x428A2F98
K[1] from prime 3:
  Fractional part: 0.442249570307408
  Hex value: 0x71374491
K[2] from prime 5:
  Fractional part: 0.709975946676697
  Hex value: 0xB5C0FBCF
K[3] from prime 7:
  Fractional part: 0.912931182772389
  Hex value: 0xE9B5DBA5
K[4] from prime 11:
  Fractional part: 0.223980090569316
  Hex value: 0x3956C25B
Expected K[0] (from FIPS 180-4): 0x428a2f98


### Step 4: Generate All 64 SHA-256 Constants

Now we'll generate all 64 constants K[0] through K[63] and display them in the same format as page 11 of FIPS 180-4 (8 constants per row).

These constants will be used in the SHA-256 compression function, one constant per round (64 rounds total).

In [423]:
# Generate all 64 K constants
print("SHA-256 Constants (K[0] through K[63])")

# Get first 64 primes
all_primes = primes(64)

# Generate all constants
k_constants = []

for i, prime in enumerate(all_primes):
    # Get fractional part of cube root
    frac_part = get_fractional_part(prime)
    
    # Convert to 32-bit hex
    k_value = fractional_to_hex(frac_part)
    
    # Store in list
    k_constants.append(k_value)

# Display in rows of 8 (like FIPS 180-4 page 11)
for row in range(8):
    row_values = []
    for col in range(8):
        index = row * 8 + col
        row_values.append(f"{k_constants[index]:08x}")
    
    print(" ".join(row_values))

print(f"Total constants generated: {len(k_constants)}")

SHA-256 Constants (K[0] through K[63])
428a2f98 71374491 b5c0fbcf e9b5dba5 3956c25b 59f111f1 923f82a4 ab1c5ed5
d807aa98 12835b01 243185be 550c7dc3 72be5d74 80deb1fe 9bdc06a7 c19bf174
e49b69c1 efbe4786 0fc19dc6 240ca1cc 2de92c6f 4a7484aa 5cb0a9dc 76f988da
983e5152 a831c66d b00327c8 bf597fc7 c6e00bf3 d5a79147 06ca6351 14292967
27b70a85 2e1b2138 4d2c6dfc 53380d13 650a7354 766a0abb 81c2c92e 92722c85
a2bfe8a1 a81a664b c24b8b70 c76c51a3 d192e819 d6990624 f40e3585 106aa070
19a4c116 1e376c08 2748774c 34b0bcb5 391c0cb3 4ed8aa4a 5b9cca4f 682e6ff3
748f82ee 78a5636f 84c87814 8cc70208 90befffa a4506ceb bef9a3f7 c67178f2
Total constants generated: 64


### Step 5: Verify Against FIPS 180-4

Let's verify our generated constants match the official SHA-256 constants from page 11 of FIPS 180-4.

The expected constants (from the standard) are the first 32 bits of the fractional parts of the cube roots of the first 64 prime numbers.

In [424]:
# Expected constants from FIPS 180-4 page 11
expected_k = [
    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
]

# Compare our generated constants with expected
print("Verification Results:")

all_match = True
for i in range(64):
    if k_constants[i] != expected_k[i]:
        print(f"Mismatch at K[{i}]: got 0x{k_constants[i]:08x}, expected 0x{expected_k[i]:08x}")
        all_match = False

if all_match:
    print("All 64 constants match FIPS 180-4 specification")
    print("\nOur implementation correctly generates the SHA-256 round constants.")
else:
    print("Some constants do not match. Check implementation.")

Verification Results:
All 64 constants match FIPS 180-4 specification

Our implementation correctly generates the SHA-256 round constants.


## Problem 2 Complete: Summary 

### Successfully Generated All 64 SHA-256 Constants 

Successfully generated and verified all 64 round constants K[0] through K[63] used in SHA-256.

### The Mathematical Process

1. **Prime number generation**: Found the first 64 prime numbers (2, 3, 5, ..., 311)
2. **Cube root calculation**: Computed ∛p for each prime p
3. **Fractional extraction**: Isolated the decimal portion (e.g., 1.2599... → 0.2599...)
4. **32-bit conversion**: Scaled by 2³² and converted to hexadecimal
5. **Verification**: Confirmed all values match FIPS 180-4


### How These Constants Are Used

In SHA-256's compression function:
- **64 rounds** of transformation are performed on each message block
- Each round uses **one K constant** (K[0] in round 0, K[1] in round 1, etc.)
- The constant is added to the working variables during each round
- This adds **non-linearity** and **diffusion** to prevent patterns

Formula for each round includes:
```
T₁ = h + Σ₁(e) + Ch(e,f,g) + Kₜ + Wₜ
```

Where Kₜ is our generated constant for round t.
