# Computational Theory Assessment

**Student:** Tiffany Yong Ngik Chee  (G00425067)    
**Module:** Computation Theory  
**Lecturer:** Ian McLoughlin

This notebook contains solutions to five problems related to the [SHA-256 Secure Hash Standard (FIPS 180-4)](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf).

---

## Problem 1: Binary Words and Operations

### Introduction

In this problem, I implement seven fundamental functions used in the SHA-256 cryptographic hash algorithm. These functions operate on 32-bit binary words and form the building blocks of the hash computation process.

All seven functions are defined in **Section 4.1.2** (pages 10-11) of the [Secure Hash Standard (FIPS 180-4)](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf). They perform bitwise logical operations and rotations that help ensure the security and unpredictability of the SHA-256 hash function.

### Why 32-bit Operations?

SHA-256 processes data in 32-bit chunks (called "words"). Using numpy's `uint32` type ensures that all operations treat numbers as **unsigned 32-bit integers**, preventing overflow issues and ensuring compatibility with the standard's specifications.

In [1]:
# Import numpy for 32-bit unsigned integer operations.
# NumPy documentation: https://numpy.org/doc/stable/
import numpy as np

---

### Function 1: Parity(x, y, z)

#### What is the Parity Function?

The `Parity` function is defined in **Section 4.1.2, equation (4.3)** on page 10 of the standard. It is defined as:

$$\text{Parity}(x, y, z) = x \oplus y \oplus z$$

where $\oplus$ represents the bitwise XOR (exclusive OR) operation.

#### Why is it Used?

The Parity function is used in certain rounds of the SHA-256 compression function (specifically in the SHA-1 algorithm, which shares some operations with SHA-256). It provides [diffusion](https://en.wikipedia.org/wiki/Confusion_and_diffusion), meaning that changing a single bit in any of the inputs will affect the output, making the hash function more secure.

#### How Does XOR Work?

The XOR operation compares corresponding bits of two binary numbers:
- If the bits are **different**, the result is `1`
- If the bits are the **same**, the result is `0`

For three inputs, we XOR them sequentially: first `x ⊕ y`, then XOR that result with `z`.

In [2]:
def Parity(x, y, z):
    """
    Calculate the Parity function for SHA-256.
    
    As defined in Section 4.1.2 (equation 4.3) of FIPS 180-4,
    this function returns the bitwise XOR of three 32-bit words.
    
    The formula is: Parity(x, y, z) = x ⊕ y ⊕ z
    
    Parameters
    ----------
    x : int or numpy.uint32
        First 32-bit word
    y : int or numpy.uint32
        Second 32-bit word
    z : int or numpy.uint32
        Third 32-bit word
        
    Returns
    -------
    numpy.uint32
        The bitwise XOR of x, y, and z
        
    References
    ----------
    FIPS 180-4, Section 4.1.2, page 10
    https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
    """
    # Ensure all inputs are treated as 32-bit unsigned integers.
    # This prevents overflow and ensures compatibility with the standard.
    # See: https://numpy.org/doc/stable/reference/arrays.scalars.html#numpy.uint32
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    # Perform bitwise XOR operation.
    # The ^ operator in Python performs bitwise XOR.
    # See: https://docs.python.org/3/reference/expressions.html#binary-bitwise-operations
    return x ^ y ^ z

#### Understanding the XOR Operation

Here is the demonstrate how XOR works with a simple example using smaller numbers for clarity:

In [3]:
# Example with small numbers to show how XOR works.
x_example = 0b1100  # Binary: 1100 (decimal: 12)
y_example = 0b1010  # Binary: 1010 (decimal: 10)
z_example = 0b1111  # Binary: 1111 (decimal: 15)

print("Example XOR operation:")
print(f"x = {x_example:04b} ({x_example})")
print(f"y = {y_example:04b} ({y_example})")
print(f"z = {z_example:04b} ({z_example})")
print(f"x ⊕ y = {x_example ^ y_example:04b} ({x_example ^ y_example})")
print(f"(x ⊕ y) ⊕ z = {x_example ^ y_example ^ z_example:04b} ({x_example ^ y_example ^ z_example})")

Example XOR operation:
x = 1100 (12)
y = 1010 (10)
z = 1111 (15)
x ⊕ y = 0110 (6)
(x ⊕ y) ⊕ z = 1001 (9)


#### Testing the Parity Function

Now let's test the `Parity` function with actual 32-bit values as used in SHA-256:

In [4]:
# Test the Parity function with 32-bit hexadecimal values.
# Using hexadecimal notation (0x) as it's standard in cryptography.
x_test = 0x12345678
y_test = 0xABCDEF00
z_test = 0xFFFFFFFF

result = Parity(x_test, y_test, z_test)

print("Testing Parity Function:")
print(f"x = 0x{x_test:08x}")
print(f"y = 0x{y_test:08x}")
print(f"z = 0x{z_test:08x}")
print(f"Parity(x, y, z) = 0x{result:08x}")
print(f"Result type: {type(result)}")

Testing Parity Function:
x = 0x12345678
y = 0xabcdef00
z = 0xffffffff
Parity(x, y, z) = 0x46064687
Result type: <class 'numpy.uint32'>


#### My Understanding: Why Parity Works

After studying the Parity function, I understand that:

1. **XOR is associative**: `(a ⊕ b) ⊕ c = a ⊕ (b ⊕ c)`, so the order doesn't matter
2. **XOR is self-inverse**: `a ⊕ a = 0`, which makes it useful for cryptography
3. **Bit independence**: Each bit position is processed independently

Let me verify this with my own test case:

In [5]:
# My own test: Verify XOR properties
# Test 1: XOR with itself should give 0
a = np.uint32(0x12345678)
print(f"Test 1 - Self-inverse property:")
print(f"{a:08x} ⊕ {a:08x} = {a ^ a:08x} (should be 0)")
print()

# Test 2: XOR with 0 should give the original value
print(f"Test 2 - Identity property:")
print(f"{a:08x} ⊕ 00000000 = {a ^ np.uint32(0):08x} (should be {a:08x})")
print()

# Test 3: Associativity - order doesn't matter
x = np.uint32(0xAAAAAAAA)
y = np.uint32(0x55555555)
z = np.uint32(0xF0F0F0F0)
method1 = Parity(x, y, z)
method2 = (x ^ y) ^ z
method3 = x ^ (y ^ z)
print(f"Test 3 - Associativity:")
print(f"Parity(x,y,z) = {method1:08x}")
print(f"(x ⊕ y) ⊕ z   = {method2:08x}")
print(f"x ⊕ (y ⊕ z)   = {method3:08x}")
print(f"All equal: {method1 == method2 == method3}")

Test 1 - Self-inverse property:
12345678 ⊕ 12345678 = 00000000 (should be 0)

Test 2 - Identity property:
12345678 ⊕ 00000000 = 12345678 (should be 12345678)

Test 3 - Associativity:
Parity(x,y,z) = 0f0f0f0f
(x ⊕ y) ⊕ z   = 0f0f0f0f
x ⊕ (y ⊕ z)   = 0f0f0f0f
All equal: True


#### Verification

The test confirms that:
1. The function returns a `numpy.uint32` type, ensuring 32-bit operations
2. The XOR operation works correctly on full 32-bit words
3. The result is displayed in hexadecimal format, which is standard in cryptographic contexts

---


### Function 2: Ch(x, y, z)

#### What is the Ch Function?

The `Ch` function (short for "Choose") is defined in **Section 4.1.2, equation (4.2)** on page 10 of the standard:

$$\text{Ch}(x, y, z) = (x \land y) \oplus (\neg x \land z)$$

where:
- $\land$ represents bitwise AND
- $\oplus$ represents bitwise XOR
- $\neg$ represents bitwise NOT (complement)

#### Why is it Called "Choose"?

The Ch function is called "choose" because it uses `x` as a **selector**:
- When a bit in `x` is **1**, the corresponding bit from `y` is chosen
- When a bit in `x` is **0**, the corresponding bit from `z` is chosen

This can also be written as: **"x chooses between y and z"**

#### Logical Explanation

The formula works as follows:
1. `(x & y)` - Where x has 1's, keep the bits from y
2. `(~x & z)` - Where x has 0's (meaning ~x has 1's), keep the bits from z
3. XOR these together to get the final result

This function provides [confusion](https://en.wikipedia.org/wiki/Confusion_and_diffusion) in the cryptographic sense, making the relationship between the key and ciphertext complex.

In [6]:
def Ch(x, y, z):
    """
    Calculate the Ch (Choose) function for SHA-256.
    
    As defined in Section 4.1.2 (equation 4.2) of FIPS 180-4,
    this function chooses bits from y or z based on the bits in x.
    
    The formula is: Ch(x, y, z) = (x ∧ y) ⊕ (¬x ∧ z)
    
    Where x is 1, choose from y; where x is 0, choose from z.
    
    Parameters
    ----------
    x : int or numpy.uint32
        Selector word (32-bit)
    y : int or numpy.uint32
        First choice word (32-bit)
    z : int or numpy.uint32
        Second choice word (32-bit)
        
    Returns
    -------
    numpy.uint32
        Result of the choose operation
        
    References
    ----------
    FIPS 180-4, Section 4.1.2, page 10
    https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
    """
    # Convert to 32-bit unsigned integers.
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    # Calculate (x AND y) - where x is 1, use bits from y.
    # The & operator performs bitwise AND.
    part1 = x & y
    
    # Calculate (NOT x AND z) - where x is 0, use bits from z.
    # The ~ operator performs bitwise NOT (complement).
    part2 = (~x) & z
    
    # XOR the two parts together.
    return part1 ^ part2

#### Demonstrating How Ch "Chooses"

Let me show how the Ch function selects bits from y or z based on x:

In [7]:
# Simple example to demonstrate the "choose" behavior.
x_ch = 0b11110000  # Selector: 1111 0000
y_ch = 0b10101010  # First choice: 1010 1010
z_ch = 0b01010101  # Second choice: 0101 0101

result_ch = Ch(x_ch, y_ch, z_ch)

print("Demonstrating Ch function:")
print(f"x (selector) = {x_ch:08b}")
print(f"y (1st choice)= {y_ch:08b}")
print(f"z (2nd choice)= {z_ch:08b}")
print(f"Ch(x,y,z)    = {result_ch:08b}")
print()
print("Notice: where x=1, result takes from y (1010)")
print("        where x=0, result takes from z (0101)")

Demonstrating Ch function:
x (selector) = 11110000
y (1st choice)= 10101010
z (2nd choice)= 01010101
Ch(x,y,z)    = 10100101

Notice: where x=1, result takes from y (1010)
        where x=0, result takes from z (0101)


#### Testing Ch with 32-bit Values

In [8]:
# Test Ch with full 32-bit values.
result_ch_full = Ch(0x6a09e667, 0xbb67ae85, 0x3c6ef372)
print(f"Ch(0x6a09e667, 0xbb67ae85, 0x3c6ef372) = 0x{result_ch_full:08x}")

Ch(0x6a09e667, 0xbb67ae85, 0x3c6ef372) = 0x3e67b715


#### My Understanding: Ch as a Multiplexer

The Ch function acts like a digital multiplexer in hardware:
- `x` is the **selector signal**
- `y` and `z` are the **data inputs**
- The output selects from y when x=1, from z when x=0

This is more efficient than: `if x then y else z` because it works on all 32 bits simultaneously.

Let me verify with edge cases:

In [9]:
# Edge case tests for Ch function
print("Edge Case Tests for Ch:")
print()

# Case 1: When x is all 1's, should get y
x_all_ones = 0xFFFFFFFF
y_test = 0x12345678
z_test = 0xABCDEF00
result1 = Ch(x_all_ones, y_test, z_test)
print(f"When x = 0xFFFFFFFF (all 1s):")
print(f"Ch(x, 0x{y_test:08x}, 0x{z_test:08x}) = 0x{result1:08x}")
print(f"Should equal y: {result1 == y_test} ✓" if result1 == y_test else f"ERROR")
print()

# Case 2: When x is all 0's, should get z
x_all_zeros = 0x00000000
result2 = Ch(x_all_zeros, y_test, z_test)
print(f"When x = 0x00000000 (all 0s):")
print(f"Ch(x, 0x{y_test:08x}, 0x{z_test:08x}) = 0x{result2:08x}")
print(f"Should equal z: {result2 == z_test} ✓" if result2 == z_test else f"ERROR")
print()

# Case 3: When y and z are same, result should equal y (and z)
y_same = 0xAAAAAAAA
z_same = 0xAAAAAAAA
x_random = 0x12345678
result3 = Ch(x_random, y_same, z_same)
print(f"When y = z = 0x{y_same:08x}:")
print(f"Ch(0x{x_random:08x}, y, z) = 0x{result3:08x}")
print(f"Should equal y and z: {result3 == y_same} ✓" if result3 == y_same else f"ERROR")

Edge Case Tests for Ch:

When x = 0xFFFFFFFF (all 1s):
Ch(x, 0x12345678, 0xabcdef00) = 0x12345678
Should equal y: True ✓

When x = 0x00000000 (all 0s):
Ch(x, 0x12345678, 0xabcdef00) = 0xabcdef00
Should equal z: True ✓

When y = z = 0xaaaaaaaa:
Ch(0x12345678, y, z) = 0xaaaaaaaa
Should equal y and z: True ✓


---

### Function 3: Maj(x, y, z)

#### What is the Maj Function?

The `Maj` function (short for "Majority") is defined in **Section 4.1.2, equation (4.1)** on page 10 of the standard:

$$\text{Maj}(x, y, z) = (x \land y) \oplus (x \land z) \oplus (y \land z)$$

#### Why is it Called "Majority"?

The Maj function returns the **majority bit** at each position:
- If **two or more** of the corresponding bits in x, y, and z are 1, the result is 1
- If **two or more** of the corresponding bits are 0, the result is 0

Think of it as a **voting system** where each bit position votes, and the majority wins.

#### How It Works Mathematically

The formula can be understood as:
1. `(x & y)` - pairs where both x and y are 1
2. `(x & z)` - pairs where both x and z are 1  
3. `(y & z)` - pairs where both y and z are 1
4. XOR all three results

If a bit appears in at least two of the three inputs, it will survive the XOR operations.

In [None]:
def Maj(x, y, z):
    """
    Calculate the Maj (Majority) function for SHA-256.
    
    As defined in Section 4.1.2 (equation 4.1) of FIPS 180-4,
    this function returns the majority bit at each position.
    
    The formula is: Maj(x, y, z) = (x ∧ y) ⊕ (x ∧ z) ⊕ (y ∧ z)
    
    For each bit position, if two or more inputs have a 1, the result is 1.
    
    Parameters
    ----------
    x, y, z : int or numpy.uint32
        Three 32-bit words to compare
        
    Returns
    -------
    numpy.uint32
        The majority value at each bit position
        
    References
    ----------
    FIPS 180-4, Section 4.1.2, page 10
    https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
    """
    # Convert to 32-bit unsigned integers.
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)
    
    # Calculate all three AND combinations.
    # These represent positions where pairs of inputs agree.
    xy = x & y
    xz = x & z
    yz = y & z
    
    # XOR the three results.
    # This gives us the majority bit at each position.
    return xy ^ xz ^ yz

#### Demonstrating the Majority Function

Let's verify that Maj truly returns the majority bit:

In [11]:
# Example showing majority voting behavior.
x_maj = 0b11110000  # 1111 0000
y_maj = 0b11001100  # 1100 1100
z_maj = 0b10101010  # 1010 1010

result_maj = Maj(x_maj, y_maj, z_maj)

print("Demonstrating Maj function (majority voting):")
print(f"x = {x_maj:08b}")
print(f"y = {y_maj:08b}")
print(f"z = {z_maj:08b}")
print(f"Maj = {result_maj:08b}")
print()
print("Bit-by-bit analysis:")
print("Position  x y z  Majority")
for i in range(7, -1, -1):
    x_bit = (x_maj >> i) & 1
    y_bit = (y_maj >> i) & 1
    z_bit = (z_maj >> i) & 1
    maj_bit = (result_maj >> i) & 1
    count_ones = x_bit + y_bit + z_bit
    print(f"   {i}      {x_bit} {y_bit} {z_bit}    {maj_bit}  ({count_ones}/3 are 1)")

Demonstrating Maj function (majority voting):
x = 11110000
y = 11001100
z = 10101010
Maj = 11101000

Bit-by-bit analysis:
Position  x y z  Majority
   7      1 1 1    1  (3/3 are 1)
   6      1 1 0    1  (2/3 are 1)
   5      1 0 1    1  (2/3 are 1)
   4      1 0 0    0  (1/3 are 1)
   3      0 1 1    1  (2/3 are 1)
   2      0 1 0    0  (1/3 are 1)
   1      0 0 1    0  (1/3 are 1)
   0      0 0 0    0  (0/3 are 1)


#### Testing Maj with 32-bit Values

In [12]:
# Test with full 32-bit values (these are actually SHA-256 initial hash values).
result_maj_full = Maj(0x6a09e667, 0xbb67ae85, 0x3c6ef372)
print(f"Maj(0x6a09e667, 0xbb67ae85, 0x3c6ef372) = 0x{result_maj_full:08x}")

Maj(0x6a09e667, 0xbb67ae85, 0x3c6ef372) = 0x3a6fe667


---

### Rotation Functions Overview

The remaining four functions involve **bit rotation** and **bit shifting** operations. These are crucial for mixing the bits in SHA-256 and ensuring that small changes in input produce large changes in output (the [avalanche effect](https://en.wikipedia.org/wiki/Avalanche_effect)).

#### Understanding Bit Operations

Before implementing the functions, let's understand the three key operations defined in **Section 3.2** (page 9) of the standard:

1. **ROTR^n(x)** - Rotate right: circular shift n positions to the right
2. **SHR^n(x)** - Shift right: shift n positions right, filling with zeros
3. **ROTL^n(x)** - Rotate left: circular shift n positions to the left (not used in SHA-256)

The difference between **rotate** and **shift**:
- **Rotate**: Bits that fall off one end appear at the other end (circular)
- **Shift**: Bits that fall off are lost, and zeros fill the empty positions

# Problem 2: Fractional Parts of Cube Roots

# Problem 3: Padding

# Problem 4: Hashes

# Problem 5: Passwords

# End