## Problem 1 — Binary Words and Operations

This problem asks us to implement several low-level bitwise functions used in SHA-256.  
They are defined in the **Secure Hash Standard (FIPS 180-4)**.  
All operations must be performed on **32-bit unsigned integers**, so I use `numpy.uint32`.

The functions implemented are:

- Parity(x, y, z)
- Ch(x, y, z)
- Maj(x, y, z)
- Σ0(x), Σ1(x)
- σ0(x), σ1(x)

Each function is introduced in its own section below.


In [54]:
import numpy as np  # For 32-bit unsigned integers (np.uint32)


def rotr(x, n):
    """
    Rotate a 32-bit value x to the right by n bits.
    Used in almost all SHA-256 logical functions.
    """
    x = np.uint32(x)
    n = n % 32
    return np.uint32((x >> n) | (x << (32 - n)))


def shr(x, n):
    """
    Logical right shift of x by n bits.
    Unlike rotation, bits shifted off the right are discarded.
    """
    x = np.uint32(x)
    return np.uint32(x >> n)


## Problem 1A: Parity(x, y, z)

**Goal:** Write a function that returns the XOR of three 32-bit numbers.

From the standard (FIPS 180-4):  
**Parity(x, y, z) = x ⊕ y ⊕ z**

This function is very simple — XOR all three values.  
We ensure everything is cast to `np.uint32` so the result stays 32-bit.


In [55]:
def Parity(x, y, z):

    """Return Parity(x, y, z) = x XOR y XOR z operating on 32-bit words.



    - Inputs may be scalars or numpy arrays; they are cast to np.uint32.

    - The result preserves shape and dtype (np.uint32).

    """

    return u32(u32(x) ^ u32(y) ^ u32(z))

def Parity(x, y, z):
    """
    XOR all three 32-bit words together.
    """
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    return np.uint32(x ^ y ^ z)


## Problem 1B: Ch(x, y, z)

**Goal:** Implement the SHA-256 “choose” function.

From the standard:  
**Ch(x, y, z) = (x AND y) XOR (~x AND z)**

Interpretation:  
- If a bit of **x** is 1 → choose bit from **y**  
- If a bit of **x** is 0 → choose bit from **z**  


In [56]:
def Ch(x, y, z):
    """
    SHA-256 choice function:
    For each bit, choose from y if x's bit is 1, else from z.
    """
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    return np.uint32((x & y) ^ (~x & z))


## Problem 1C: Maj(x, y, z)

**Goal:** Implement the SHA-256 majority function.

From the standard:  
**Maj(x, y, z) = (x AND y) XOR (x AND z) XOR (y AND z)**

Interpretation:  
Bit becomes **1** if *at least two* of x, y, z have a 1 in that position.


In [57]:
def Maj(x, y, z):
    """
    SHA-256 majority function.
    Bit is 1 if two or more of (x, y, z) have bit 1.
    """
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    return np.uint32((x & y) ^ (x & z) ^ (y & z))


## Problem 1D: Σ0(x) and Σ1(x)

**Goal:** Implement the two uppercase sigma functions from the standard.  

These use *rotations*, not shifts.

Definitions (FIPS 180-4):

- **Σ0(x) = ROTR²(x) ⊕ ROTR¹³(x) ⊕ ROTR²²(x)**
- **Σ1(x) = ROTR⁶(x) ⊕ ROTR¹¹(x) ⊕ ROTR²⁵(x)**

These are used in the SHA-256 compression function.


In [58]:
def Sigma0(x):
    """
    Σ0(x) = ROTR^2(x) ^ ROTR^13(x) ^ ROTR^22(x)
    """
    x = np.uint32(x)
    return np.uint32(rotr(x, 2) ^ rotr(x, 13) ^ rotr(x, 22))


def Sigma1(x):
    """
    Σ1(x) = ROTR^6(x) ^ ROTR^11(x) ^ ROTR^25(x)
    """
    x = np.uint32(x)
    return np.uint32(rotr(x, 6) ^ rotr(x, 11) ^ rotr(x, 25))


## Problem 1E: σ0(x) and σ1(x)

**Goal:** Implement the lowercase sigma functions used in the message schedule.  

These mix **rotation** and **logical shift**.

Definitions (FIPS 180-4):

- **σ0(x) = ROTR⁷(x) ⊕ ROTR¹⁸(x) ⊕ SHR³(x)**  
- **σ1(x) = ROTR¹⁷(x) ⊕ ROTR¹⁹(x) ⊕ SHR¹⁰(x)**  

These are used when generating the message schedule array `W[t]`.

In [59]:
def sigma0(x):
    """
    σ0(x) = ROTR^7(x) ^ ROTR^18(x) ^ SHR^3(x)
    """
    x = np.uint32(x)
    return np.uint32(rotr(x, 7) ^ rotr(x, 18) ^ shr(x, 3))


def sigma1(x):
    """
    σ1(x) = ROTR^17(x) ^ ROTR^19(x) ^ SHR^10(x)
    """
    x = np.uint32(x)
    return np.uint32(rotr(x, 17) ^ rotr(x, 19) ^ shr(x, 10))


## Problem 1F: Testing all functions

To verify correctness, I test the functions using small example numbers.  
I print the results in hexadecimal (easier to compare with the standard).

In [60]:
a = np.uint32(0x0F0F0F0F)
b = np.uint32(0x33333333)
c = np.uint32(0xAAAAAAAA)

print("Parity =", hex(a ^ b ^ c))
print("Ch     =", hex(Ch(a, b, c)))
print("Maj    =", hex(Maj(a, b, c)))

x = np.uint32(0x12345678)

print("\nSigma0 =", hex(Sigma0(x)))
print("Sigma1 =", hex(Sigma1(x)))
print("sigma0 =", hex(sigma0(x)))
print("sigma1 =", hex(sigma1(x)))


Parity = 0x96969696
Ch     = 0xa3a3a3a3
Maj    = 0x2b2b2b2b

Sigma0 = 0x66146474
Sigma1 = 0x3561abda
sigma0 = 0xe7fce6ee
sigma1 = 0xa1f78649


## Problem 2: Fractional Parts of Cube Roots

**Goal:** Recreate the SHA-256 constants `K[0..63]` from the Secure Hash Standard (FIPS 180-4).

According to the standard, each constant is:

> "the first 32 bits of the fractional parts of the cube roots of the first 64 prime numbers."

So the plan is:

1. Write a function `primes(n)` that returns the first `n` prime numbers.
2. Use NumPy (`np.cbrt`) to calculate the cube root of each prime.  
   See: [NumPy cbrt docs](https://numpy.org/doc/stable/reference/generated/numpy.cbrt.html)
3. Extract the **fractional part** of each cube root.
4. Multiply the fractional part by \( 2^{32} \), take the integer part, and store it as a 32-bit value (`np.uint32`).
5. Display the result in **hexadecimal** and compare manually with the constants listed in FIPS 180-4.


In [61]:
import numpy as np  # For 32-bit unsigned integers (np.uint32)

def primes(n):
    """
    Return a list of the first n prime numbers.

    I use a simple trial division approach:
    - Start at 2.
    - For each candidate, test divisibility by earlier primes.
    - Only test up to the square root of the candidate.
    """
    # If n is zero or negative, just return an empty list.
    if n <= 0:
        return []

    result = []      # list to store primes
    candidate = 2    # first number to test for primality

    # Keep going until we have n primes.
    while len(result) < n:
        is_prime = True  # assume candidate is prime until shown otherwise

        # Check divisibility by previously found primes.
        for p in result:
            # If p^2 is greater than candidate, we can stop checking.
            if p * p > candidate:
                break
            # If candidate is divisible by p, it is not prime.
            if candidate % p == 0:
                is_prime = False
                break

        # If no divisors were found, we have a new prime.
        if is_prime:
            result.append(candidate)

        # Move on to the next integer.
        candidate += 1

    return result


### Problem 2A: Testing the `primes(n)` function

Before using `primes(n)` for the main task, I want to quickly check that it returns
the correct small primes.

Known values:
- First 5 primes: 2, 3, 5, 7, 11
- First 10 primes: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29


In [62]:
# Quick sanity checks for primes(n).

first_5 = primes(5)
first_10 = primes(10)

print("First 5 primes: ", first_5)
print("First 10 primes:", first_10)


First 5 primes:  [2, 3, 5, 7, 11]
First 10 primes: [2, 3, 5, 7, 11, 13, 17, 19, 23, 29]


### Problem 2B: Cube roots and fractional parts

Next I need to convert each prime into a 32-bit constant as follows:

1. Compute the cube root of the prime using `np.cbrt(p)`.
2. Extract the fractional part:

   \[
   \text{frac} = \text{cuberoot}(p) - \lfloor \text{cuberoot}(p) \rfloor
   \]

3. Multiply the fractional part by \( 2^{32} \).
4. Take the integer part (floor) and store it as a 32-bit unsigned integer (`np.uint32`).

This should match the way SHA-256 defines its `K` constants.


In [63]:
def cube_root_fraction_to_uint32(p):
    """
    Given a prime p, compute the 32-bit word defined as:
        floor( fractional_part(cuberoot(p)) * 2**32 )

    The result is returned as a NumPy uint32, to match the 32-bit word
    behaviour in the SHA-256 standard.
    """
    # Convert p to a float64 so np.cbrt can operate on it.
    x = np.float64(p)

    # Compute the cube root using NumPy.
    cbrt = np.cbrt(x)

    # Fractional part: total value minus its floor.
    frac = cbrt - np.floor(cbrt)

    # Scale the fractional part to 32 bits.
    scaled = frac * (2**32)

    # Take the integer part.
    integer_bits = int(scaled)

    # Cast to 32-bit unsigned integer for SHA-256.
    return np.uint32(integer_bits)


### Problem 2C: Generating 64 constants from the first 64 primes

Now I:

1. Use `primes(64)` to get the first 64 primes.
2. Apply `cube_root_fraction_to_uint32(p)` to each prime.
3. Store the results in an array `K`.
4. Print them as 8-digit hexadecimal numbers of the form `0x12345678`.

I can then compare these manually to the constants listed in the Secure Hash Standard.


In [64]:
# Get the first 64 primes.
first_64_primes = primes(64)

# Compute the constants from the cube root fractional parts.
K_computed = [cube_root_fraction_to_uint32(p) for p in first_64_primes]

print("Index  Hex value")
for i, k in enumerate(K_computed):
    # int(k) converts from NumPy scalar to plain Python int for formatting.
    print(f"{i:2d}    {int(k):08x}")


Index  Hex value
 0    428a2f98
 1    71374491
 2    b5c0fbcf
 3    e9b5dba5
 4    3956c25b
 5    59f111f1
 6    923f82a4
 7    ab1c5ed5
 8    d807aa98
 9    12835b01
10    243185be
11    550c7dc3
12    72be5d74
13    80deb1fe
14    9bdc06a7
15    c19bf174
16    e49b69c1
17    efbe4786
18    0fc19dc6
19    240ca1cc
20    2de92c6f
21    4a7484aa
22    5cb0a9dc
23    76f988da
24    983e5152
25    a831c66d
26    b00327c8
27    bf597fc7
28    c6e00bf3
29    d5a79147
30    06ca6351
31    14292967
32    27b70a85
33    2e1b2138
34    4d2c6dfc
35    53380d13
36    650a7354
37    766a0abb
38    81c2c92e
39    92722c85
40    a2bfe8a1
41    a81a664b
42    c24b8b70
43    c76c51a3
44    d192e819
45    d6990624
46    f40e3585
47    106aa070
48    19a4c116
49    1e376c08
50    2748774c
51    34b0bcb5
52    391c0cb3
53    4ed8aa4a
54    5b9cca4f
55    682e6ff3
56    748f82ee
57    78a5636f
58    84c87814
59    8cc70208
60    90befffa
61    a4506ceb
62    bef9a3f7
63    c67178f2


### Problem 2D: Verifying against the official SHA-256 constants

The Secure Hash Standard (FIPS 180-4) lists the 64 SHA-256 `K` constants as
32-bit hexadecimal words (see the SHA-256 section and constant table).

To fully "test the results against what is in the standard", I:

1. Hard-code the official 64 hex values from the standard into a list.
2. Convert them to integers.
3. Compare them element-wise with `K_computed`.
4. Report whether there are any mismatches.

If the implementation is correct, there should be **zero** mismatches.


In [65]:
# Official SHA-256 K constants from FIPS 180-4, written in hex.
K_official_hex = [
    "428a2f98", "71374491", "b5c0fbcf", "e9b5dba5",
    "3956c25b", "59f111f1", "923f82a4", "ab1c5ed5",
    "d807aa98", "12835b01", "243185be", "550c7dc3",
    "72be5d74", "80deb1fe", "9bdc06a7", "c19bf174",
    "e49b69c1", "efbe4786", "0fc19dc6", "240ca1cc",
    "2de92c6f", "4a7484aa", "5cb0a9dc", "76f988da",
    "983e5152", "a831c66d", "b00327c8", "bf597fc7",
    "c6e00bf3", "d5a79147", "06ca6351", "14292967",
    "27b70a85", "2e1b2138", "4d2c6dfc", "53380d13",
    "650a7354", "766a0abb", "81c2c92e", "92722c85",
    "a2bfe8a1", "a81a664b", "c24b8b70", "c76c51a3",
    "d192e819", "d6990624", "f40e3585", "106aa070",
    "19a4c116", "1e376c08", "2748774c", "34b0bcb5",
    "391c0cb3", "4ed8aa4a", "5b9cca4f", "682e6ff3",
    "748f82ee", "78a5636f", "84c87814", "8cc70208",
    "90befffa", "a4506ceb", "bef9a3f7", "c67178f2",
]

# Convert official hex strings to plain Python ints.
K_official = [int(x, 16) for x in K_official_hex]

# Build a list of mismatches (index, computed, official) if any.
mismatches = []
for i in range(64):
    computed_val = int(K_computed[i])
    official_val = K_official[i]
    if computed_val != official_val:
        mismatches.append((i, f"{computed_val:08x}", f"{official_val:08x}"))

print("Number of mismatches:", len(mismatches))
if mismatches:
    print("Mismatches found (index, computed, official):")
    for m in mismatches:
        print(m)
else:
    print("All 64 computed K constants match the official SHA-256 values.")


Number of mismatches: 0
All 64 computed K constants match the official SHA-256 values.


### Problem 2: Conclusion

- I used `primes(n)` to generate the first 64 primes.
- For each prime, I computed the cube root, extracted the fractional part,
  multiplied by \( 2^{32} \), and took the integer part as a 32-bit word (`np.uint32`).
- I displayed all 64 constants in hexadecimal.
- I then compared them directly against the official SHA-256 `K` array from
  the Secure Hash Standard ([FIPS 180-4](https://csrc.nist.gov/publications/detail/fips/180/4/final)).

The comparison showed:

> **All 64 computed K constants match the official SHA-256 values.**

This confirms that both the prime generation and the cube-root-based constant computation are correct.


In [66]:
## Problem 3: Padding
"""I'll do this section later. Leaving this here to remember the order."""

"I'll do this section later. Leaving this here to remember the order."

In [67]:
## Problem 4: Hashes
"""I'll do this section later. Leaving this here to remember the order."""

"I'll do this section later. Leaving this here to remember the order."

In [68]:
## Problem 5: Passwords 
"""I'll do this section later. Leaving this here to remember the order."""

"I'll do this section later. Leaving this here to remember the order."