## Hammad Mubarik

Problem 1


Part 1 Parity function

In [215]:
import numpy as np

### 1. Parity Function

The Parity function performs a bitwise XOR operation on three 32-bit words.

Formula: `Parity(x, y, z) = x ⊕ y ⊕ z`

Usage: Used in SHA-1 hash algorithm for rounds t=20-39 and t=60-79.

In [216]:
#Parity Function
def Parity(x, y, z):
    """
    Parity function - XOR of three 32-bit words.
    
    Formula from FIPS 180-4: Parity(x, y, z) = x ⊕ y ⊕ z
    
    Used in SHA-1 for rounds t=20-39 and t=60-79.
    
    Args:
        x: First 32-bit word
        y: Second 32-bit word
        z: Third 32-bit word
    
    Returns:
        32-bit word result of x XOR y XOR z
    """
    # Convert inputs to 32-bit unsigned integers
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    # Perform XOR operation
    result = np.uint32(x ^ y ^ z)
    
    return result

In [217]:
# Test Parity function
x_test = np.uint32(0x12345678)
y_test = np.uint32(0x9ABCDEF0)
z_test = np.uint32(0xFEDCBA98)

parity_result = Parity(x_test, y_test, z_test)
print(f"Parity(0x{x_test:08X}, 0x{y_test:08X}, 0x{z_test:08X}) = 0x{parity_result:08X}")

Parity(0x12345678, 0x9ABCDEF0, 0xFEDCBA98) = 0x76543210


#### Cryptographic Purpose

In SHA-1, the Parity function is used during specific rounds (t=20-39 and t=60-79) to mix the internal state variables. The XOR operation ensures that changes in any of the three inputs will affect the output, providing diffusion.

#### How It Works

For each of the 32 bit positions:
- If an **odd number** of input bits are 1 → output is 1
- If an **even number** of input bits are 1 → output is 0

Example for one bit position:
- `Parity(1, 0, 0) = 1` (odd number of 1s)
- `Parity(1, 1, 0) = 0` (even number of 1s)
- `Parity(1, 1, 1) = 1` (odd number of 1s)

### 2. Ch (Choose) Function

The Ch function chooses bits from y or z based on the bits in x.

**Formula:** `Ch(x, y, z) = (x ∧ y) ⊕ (¬x ∧ z)`

**Explanation:** For each bit position, if the bit in x is 1, the result takes the bit from y; if the bit in x is 0, the result takes the bit from z.

**Usage:** Used in SHA-224, SHA-256, SHA-384, SHA-512 hash computations.

In [218]:
def Ch(x, y, z):
    """
    Choose function - x chooses between y and z.
    
    Args:
        x, y, z: 32-bit words
    
    Returns:
        32-bit word where each bit is chosen from y (if x bit is 1) or z (if x bit is 0)
    """
    # Convert all inputs to 32-bit unsigned integers
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    # Apply the choose formula: (x AND y) XOR (NOT x AND z)
    return np.uint32((x & y) ^ (~x & z))

In [219]:
# Test Ch function
x_test = np.uint32(0x12345678)
y_test = np.uint32(0x9ABCDEF0)
z_test = np.uint32(0xFEDCBA98)

ch_result = Ch(x_test, y_test, z_test)
print(f"Ch(0x{x_test:08X}, 0x{y_test:08X}, 0x{z_test:08X}) = 0x{ch_result:08X}")

# Additional test: when x is all 1s, should return y
x_all_ones = np.uint32(0xFFFFFFFF)
ch_test2 = Ch(x_all_ones, y_test, z_test)
print(f"\nCh(0xFFFFFFFF, 0x{y_test:08X}, 0x{z_test:08X}) = 0x{ch_test2:08X}")
print(f"Expected y: 0x{y_test:08X} - Match: {ch_test2 == y_test}")

# When x is all 0s, should return z
x_all_zeros = np.uint32(0x00000000)
ch_test3 = Ch(x_all_zeros, y_test, z_test)
print(f"\nCh(0x00000000, 0x{y_test:08X}, 0x{z_test:08X}) = 0x{ch_test3:08X}")
print(f"Expected z: 0x{z_test:08X} - Match: {ch_test3 == z_test}")

Ch(0x12345678, 0x9ABCDEF0, 0xFEDCBA98) = 0xFEFCFEF0

Ch(0xFFFFFFFF, 0x9ABCDEF0, 0xFEDCBA98) = 0x9ABCDEF0
Expected y: 0x9ABCDEF0 - Match: True

Ch(0x00000000, 0x9ABCDEF0, 0xFEDCBA98) = 0xFEDCBA98
Expected z: 0xFEDCBA98 - Match: True


#### Visualization

For a single bit position:
- If `x = 1`: output = `y` bit
- If `x = 0`: output = `z` bit

Think of `x` as a **selector switch**: 1 means "choose from y", 0 means "choose from z".

#### Example
```
x = 0b1010 (selector)
y = 0b1100 (option A)
z = 0b0011 (option B)

Result: 0b1001
         ↑  ↑
         |  └─ x=0, so chose z (1)
         └──── x=1, so chose y (1)
```

### 3. Maj (Majority) Function

The Maj function returns the majority bit at each position across three inputs.

**Formula:** `Maj(x, y, z) = (x ∧ y) ⊕ (x ∧ z) ⊕ (y ∧ z)`

**Explanation:** For each bit position, the result is 1 if at least two of the three input bits are 1.

**Usage:** Used in SHA-224, SHA-256, SHA-384, SHA-512 hash computations.

In [220]:
def Maj(x, y, z):
    """
    Majority function - returns the majority bit at each position.
    
    Args:
        x, y, z: 32-bit words
    
    Returns:
        32-bit word where each bit is 1 if at least two of the input bits are 1
    """
    # Convert all inputs to 32-bit unsigned integers
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    # Apply the majority formula: (x AND y) XOR (x AND z) XOR (y AND z)
    return np.uint32((x & y) ^ (x & z) ^ (y & z))

In [221]:
# Test Maj function
x_test = np.uint32(0x12345678)
y_test = np.uint32(0x9ABCDEF0)
z_test = np.uint32(0xFEDCBA98)

maj_result = Maj(x_test, y_test, z_test)
print(f"Maj(0x{x_test:08X}, 0x{y_test:08X}, 0x{z_test:08X}) = 0x{maj_result:08X}")

# Additional test: all same values should return that value
x_same = np.uint32(0xAAAAAAAA)
maj_test2 = Maj(x_same, x_same, x_same)
print(f"\nMaj(0xAAAAAAAA, 0xAAAAAAAA, 0xAAAAAAAA) = 0x{maj_test2:08X}")
print(f"Expected: 0xAAAAAAAA - Match: {maj_test2 == x_same}")

Maj(0x12345678, 0x9ABCDEF0, 0xFEDCBA98) = 0x9ABCDEF8

Maj(0xAAAAAAAA, 0xAAAAAAAA, 0xAAAAAAAA) = 0xAAAAAAAA
Expected: 0xAAAAAAAA - Match: True


#### Truth Table

For a single bit position:

| x | y | z | Maj(x,y,z) | Explanation |
|---|---|---|------------|-------------|
| 0 | 0 | 0 | 0 | Zero 1s (majority is 0) |
| 0 | 0 | 1 | 0 | One 1 (majority is 0) |
| 0 | 1 | 0 | 0 | One 1 (majority is 0) |
| 0 | 1 | 1 | 1 | Two 1s (majority is 1) ✓ |
| 1 | 0 | 0 | 0 | One 1 (majority is 0) |
| 1 | 0 | 1 | 1 | Two 1s (majority is 1) ✓ |
| 1 | 1 | 0 | 1 | Two 1s (majority is 1) ✓ |
| 1 | 1 | 1 | 1 | Three 1s (majority is 1) ✓ |

#### Why This Formula Works

The XOR of the three AND operations counts pairs:
- If 2 inputs are 1: exactly one pair matches → XOR gives 1
- If 3 inputs are 1: all three pairs match → XOR gives 1 (odd number)
- If 0-1 inputs are 1: zero or no pairs → XOR gives 0

### Helper Functions for Rotation and Shift Operations

Before implementing the Sigma and sigma functions, we need two fundamental bit manipulation operations defined in Section 3.2 of FIPS 180-4:

#### ROTR (Rotate Right)
A **circular right shift** where bits that fall off the right end wrap around to the left end. No information is lost.

**Formula:** `ROTR^n(x) = (x >> n) | (x << (32 - n))`

**Example:** Rotating `0b10110001` right by 3 positions:
```
Original:  10110001
          ___↓↓↓
Rotated:   00110110
           ↑↑↑___
           wraparound
```

#### SHR (Shift Right)
A **logical right shift** where bits fall off the right end and zeros fill in from the left. Information is lost.

**Formula:** `SHR^n(x) = x >> n`

**Example:** Shifting `0b10110001` right by 3 positions:
```
Original:  10110001
          ___↓↓↓
Shifted:   00010110
           ↑↑↑
           zeros
```

#### Why Both Operations?

- **ROTR** preserves all bits, creating complex mixing patterns
- **SHR** introduces irreversibility (one-way function property)

Combining both in the Sigma functions provides the cryptographic properties needed for secure hashing.

In [222]:
def ROTR(x, n, w=32):
    """
    Rotate right (circular right shift) operation.
    
    Formula: ROTR^n(x) = (x >> n) | (x << (w - n))
    
    Args:
        x: 32-bit word to rotate
        n: number of positions to rotate right
        w: word size in bits (default 32)
    
    Returns:
        32-bit word after rotation
    """
    x = np.uint32(x)
    # Right shift by n, OR with left shift by (w-n)
    return np.uint32((x >> n) | (x << (w - n)))


def SHR(x, n):
    """
    Right shift operation.
    
    Formula: SHR^n(x) = x >> n
    
    Args:
        x: 32-bit word to shift
        n: number of positions to shift right
    
    Returns:
        32-bit word after shift (zeros fill from left)
    """
    x = np.uint32(x)
    # Logical right shift
    return np.uint32(x >> n)

### 4. Σ₀ (Sigma0) Function

The Sigma0 function combines three different rotations of the input.

**Formula:** `Σ₀²⁵⁶(x) = ROTR²(x) ⊕ ROTR¹³(x) ⊕ ROTR²²(x)`

**Usage:** Used in the SHA-256 compression function.

In [223]:
def Sigma0(x):
    """
    SHA-256 Sigma0 function (uppercase sigma).
    
    Args:
        x: 32-bit word
    
    Returns:
        32-bit word result of ROTR2(x) XOR ROTR13(x) XOR ROTR22(x)
    """
    # Convert input to 32-bit unsigned integer
    x = np.uint32(x)
    
    # Apply three rotations and XOR them together
    return np.uint32(ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))

In [224]:
# Test Sigma0 function
x_test = np.uint32(0x12345678)

sigma0_result = Sigma0(x_test)
print(f"Sigma0(0x{x_test:08X}) = 0x{sigma0_result:08X}")

# Test with another value
x_test2 = np.uint32(0xFFFFFFFF)
sigma0_result2 = Sigma0(x_test2)
print(f"Sigma0(0x{x_test2:08X}) = 0x{sigma0_result2:08X}")

Sigma0(0x12345678) = 0x66146474
Sigma0(0xFFFFFFFF) = 0xFFFFFFFF


### 5. Σ₁ (Sigma1) Function

The Sigma1 function combines three different rotations of the input.

**Formula:** `Σ₁²⁵⁶(x) = ROTR⁶(x) ⊕ ROTR¹¹(x) ⊕ ROTR²⁵(x)`

**Usage:** Used in the SHA-256 compression function.

In [225]:
def Sigma1(x):
    """
    SHA-256 Sigma1 function (uppercase sigma).
    
    Args:
        x: 32-bit word
    
    Returns:
        32-bit word result of ROTR6(x) XOR ROTR11(x) XOR ROTR25(x)
    """
    # Convert input to 32-bit unsigned integer
    x = np.uint32(x)
    
    # Apply three rotations and XOR them together
    return np.uint32(ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))

In [226]:
# Test Sigma1 function
x_test = np.uint32(0x12345678)

sigma1_result = Sigma1(x_test)
print(f"Sigma1(0x{x_test:08X}) = 0x{sigma1_result:08X}")

# Test with another value
x_test2 = np.uint32(0xFFFFFFFF)
sigma1_result2 = Sigma1(x_test2)
print(f"Sigma1(0x{x_test2:08X}) = 0x{sigma1_result2:08X}")

Sigma1(0x12345678) = 0x3561ABDA
Sigma1(0xFFFFFFFF) = 0xFFFFFFFF


### 6. σ₀ (sigma0) Function

The sigma0 function (lowercase) combines two rotations and one shift of the input.

**Formula:** `σ₀²⁵⁶(x) = ROTR⁷(x) ⊕ ROTR¹⁸(x) ⊕ SHR³(x)`

**Note:** Unlike Sigma0 (uppercase), this uses SHR (shift) for the last operation, not ROTR (rotate).

**Usage:** Used in SHA-256 message schedule expansion.

In [227]:
def sigma0(x):
    """
    SHA-256 sigma0 function (lowercase sigma).
    
    Args:
        x: 32-bit word
    
    Returns:
        32-bit word result of ROTR7(x) XOR ROTR18(x) XOR SHR3(x)
    """
    # Convert input to 32-bit unsigned integer
    x = np.uint32(x)
    
    # Apply two rotations and one shift, then XOR them together
    return np.uint32(ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))

In [228]:
# Test sigma0 function
x_test = np.uint32(0x12345678)

sigma0_result = sigma0(x_test)
print(f"sigma0(0x{x_test:08X}) = 0x{sigma0_result:08X}")

# Test with another value
x_test2 = np.uint32(0xFFFFFFFF)
sigma0_result2 = sigma0(x_test2)
print(f"sigma0(0x{x_test2:08X}) = 0x{sigma0_result2:08X}")

sigma0(0x12345678) = 0xE7FCE6EE
sigma0(0xFFFFFFFF) = 0x1FFFFFFF


### 7. σ₁ (sigma1) Function

The sigma1 function (lowercase) combines two rotations and one shift of the input.

**Formula:** `σ₁²⁵⁶(x) = ROTR¹⁷(x) ⊕ ROTR¹⁹(x) ⊕ SHR¹⁰(x)`

**Note:** Like sigma0, this uses SHR (shift) for the last operation, not ROTR (rotate).

**Usage:** Used in SHA-256 message schedule expansion.

In [229]:
def sigma1(x):
    """
    SHA-256 sigma1 function (lowercase sigma).
    
    Args:
        x: 32-bit word
    
    Returns:
        32-bit word result of ROTR17(x) XOR ROTR19(x) XOR SHR10(x)
    """
    # Convert input to 32-bit unsigned integer
    x = np.uint32(x)
    
    # Apply two rotations and one shift, then XOR them together
    return np.uint32(ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))

In [230]:
# Test sigma1 function
x_test = np.uint32(0x12345678)

sigma1_result = sigma1(x_test)
print(f"sigma1(0x{x_test:08X}) = 0x{sigma1_result:08X}")

# Test with another value
x_test2 = np.uint32(0xFFFFFFFF)
sigma1_result2 = sigma1(x_test2)
print(f"sigma1(0x{x_test2:08X}) = 0x{sigma1_result2:08X}")

sigma1(0x12345678) = 0xA1F78649
sigma1(0xFFFFFFFF) = 0x003FFFFF
