# Computational Theory Problems

In [289]:
# Numerical arrays and methods
import numpy as np

np.seterr(over='ignore')

{'divide': 'warn', 'over': 'ignore', 'under': 'ignore', 'invalid': 'warn'}

## Introduction
The Secure Hash Standard (SHS) ([Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf)) uses a multitude of hash algorithms that use similar functions that are differenciated by the amount of bits taken in. They create message digests that are then used to determine the stability of the message which is applied in verifying the contents of the message and sender.

[NumPy's .uint32](https://numpy.org/doc/stable/reference/arrays.scalars.html#numpy.uint32) will be used to configure words to 32-bit unsigned integers.

## Problem 1: Binary Words and Operations

### Parity(x, y, z) Function
The `Parity(x, y, z)` function operates on three 32-bit words, with a single 32-bit word outputted as described in the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf). It is a SHA-1 and SHA-2 function and uses the bitwise `XOR` operation, written as:

$$
Parity(x, y, z) = x \oplus y \oplus z 
$$

It checks if the amount of bits a number has is [even (0) or odd (1)](https://www.geeksforgeeks.org/dsa/program-to-find-parity). It then compares the parity of the first two numbers against the third number to calculate the parity of all three numbers.

The time complexity of `Parity(x, y, z)` is $\textit{O(1)}$ since each number has guaranteed 32-bits with no recursion.

In [290]:
# Find the parity of three numbers of 32-bits
def Parity(x, y, z):
    """Find the parity between 3 different 32-bit integers
    Use XOR operator between the inputs
    The result is the XOR of all inputs together
    
    XOR is represented by the ^ operator """

    # Use XOR to calculate parity
    # 1 is outputted if an odd amount of corresponding bits in the three inputs are 1
    # 0 is outputted if an even amount of corresponding bits are 0
    return (np.uint32(x) ^ np.uint32(y) ^ np.uint32(z));

In [291]:
# Test Parity function
def test_parity():
    """ Test for correct calculations of Parity for groups of three hexadecimal numbers

    assert = will stop excecution if error is thrown (a result is not what is expected) """
    
    print("Testing Parity(x, y, z) function:\n")

    # Test only zeros
    x, y, z = 0x00000000, 0x00000000, 0x00000000
    result = Parity(x, y, z)
    print(f"Test zeros: \nParity({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0x00000000

    # Test one hex number with only 1 bit, rest zeros
    x, y, z = 0x00000001, 0x00000000, 0x00000000
    result = Parity(x, y, z)
    print(f"Test one hex with 1 bit: \nParity({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0x00000001

    # Test completely different hexadeciaml numbers
    x, y, z = 0xFFFFFFFF, 0x0F0F0F0F, 0x12345678
    result = Parity(x, y, z)
    print(f"Test different hex numbers: \nParity({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0xE2C4A688

    # Test only ones
    x, y, z = 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
    result = Parity(x, y, z)
    print(f"Test only ones: \nParity({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0xFFFFFFFF

    # Test only int one
    x, y, z = 1, 1, 1
    result = Parity(x, y, z)
    print(f"Test only int one: \nParity({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0x00000001

    # Will only print if all asserts previous are passed
    print("-" * 64 + "\nAll tests passed!")

# Run tests
test_parity()

Testing Parity(x, y, z) function:

Test zeros: 
Parity(0x00000000, 0x00000000, 0x00000000) = 0x00000000

Test one hex with 1 bit: 
Parity(0x00000001, 0x00000000, 0x00000000) = 0x00000001

Test different hex numbers: 
Parity(0xffffffff, 0x0f0f0f0f, 0x12345678) = 0xe2c4a688

Test only ones: 
Parity(0xffffffff, 0xffffffff, 0xffffffff) = 0xffffffff

Test only int one: 
Parity(0x00000001, 0x00000001, 0x00000001) = 0x00000001

----------------------------------------------------------------
All tests passed!


### Choice(x, y, z) Function
The `Ch(x, y, z)` function is used in the SHA-1, SHA-224 and SHA-256 algorithms, using three 32-bit words. It uses the bitwise `AND`, complement(`NOT`) and `XOR` operations. In the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf), it is written as:

$$
\mathrm{Ch}(x, y, z) = (x \land y) \oplus (\lnot x \land z)
$$

It chooses the bits in $\textit{x}$ and $\textit{y}$ that are $\textit{1}$, and chooses the bits in $\textit{z}$ and $\textit{x}$ that are $\textit{0}$. The `NOT` operator returns the bits of its opposite ie. $\textit{1}$ becomes $\textit{0}$, [$\textit{0}$ becomes $\textit{1}$](https://www.geeksforgeeks.org/python/python-bitwise-operators). The `XOR` operator returns $\textit{0}$ if the bits are the same and $\textit{1}$ if they are not.

In [292]:
# Function to find result of choice
def Ch(x, y, z):
    """ Calculate the result of the Ch(x, y, z) function
     
    If the current bit of x is 1, take the corresponding bit from y
    If the current bit of x is 0, take the corresponding bit from z """

    # Ensure 32-bit unsigned int
    firstCompare = np.uint32(x) & np.uint32(y) # Choose bits in y where x has 1
    secondCompare = ~np.uint32(x) & np.uint32(z) # Choose bits in z where x has 0

    # Use XOR to find final choice
    return firstCompare ^ secondCompare;

In [293]:
# Test Choose Function
def test_ch():
    """ Test for correct calculations of Choice 
    
    assert = will stop excecution if error is thrown (a result is not what is expected) """

    print("Testing Ch(x, y, z) function:\n")

    # Test only zeros
    x, y, z = 0x00000000, 0x00000000, 0x00000000
    result = Ch(x, y, z)
    print(f"Test zeros: \nCh({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0x00000000

    # Test one hex number with only 1 bit, rest zeros
    x, y, z = 0x00000001, 0x00000000, 0x00000000
    result = Ch(x, y, z)
    print(f"Test one hex with 1 bit: \nCh({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0x00000000

    # Test completely different hexadeciaml numbers
    x, y, z = 0xFFFFFFFF, 0x0F0F0F0F, 0x12345678
    result = Ch(x, y, z)
    print(f"Test different hex numbers: \nCh({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0x0F0F0F0F

    # Test only ones
    x, y, z = 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
    result = Ch(x, y, z)
    print(f"Test only ones: \nCh({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0xFFFFFFFF

    # Test only int one
    x, y, z = 1, 1, 1
    result = Ch(x, y, z)
    print(f"Test only int one: \nCh({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0x00000001

    # Will only print if all asserts previous are passed
    print("-" * 64 + "\nAll tests passed!")

    return;

test_ch();

Testing Ch(x, y, z) function:

Test zeros: 
Ch(0x00000000, 0x00000000, 0x00000000) = 0x00000000

Test one hex with 1 bit: 
Ch(0x00000001, 0x00000000, 0x00000000) = 0x00000000

Test different hex numbers: 
Ch(0xffffffff, 0x0f0f0f0f, 0x12345678) = 0x0f0f0f0f

Test only ones: 
Ch(0xffffffff, 0xffffffff, 0xffffffff) = 0xffffffff

Test only int one: 
Ch(0x00000001, 0x00000001, 0x00000001) = 0x00000001

----------------------------------------------------------------
All tests passed!


### Majority(x, y, z) Function
The `Maj(x, y, z)` function is used in SHA-1, SHA-224 and SHA-256 algorithms, using three 32-bit words. It uses the bitwise `AND` and `XOR` operators. In the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf), it is written as:

$$
\mathrm{Maj}(x, y, z) = (x \land y) \oplus (x \land z) \oplus (y \land z)
$$

It checks if the majority of inputs are $\textit{1}$. Firstly, it uses the `AND` operator to check if the pair of inputs current bit position has value of $\textit{1}$ or $\textit{0}$. It then uses `XOR` on the results of these three pairs, where if [at least two of the inputs](https://en.wikipedia.org/wiki/Majority_function) have $\textit{1}$ at a given position, the result is $\textit{1}$. If not, the result is $\textit{0}$. 

It has a time complexity of $\textit{O(1)}$ since there is a constant number of operations and no loops.

In [294]:
# Function to find result of majority
def Maj(x, y, z):
    """ Calculate the majority value of three 32-bit integers   
    
    In each position, return 1 for if two or more of the corresponding bits of the three inputs have 1
        - 0 if not """

    # Ensures inputs are 32-bits
    x = np.uint32(x)
    y = np.uint32(y)
    z = np.uint32(z)

    # Using the AND operator, check if the corresponding pair of bits are 1
    firstCompare = x & y
    secondCompare = x & z
    thirdCompare = y & z   

    # Using the XOR operator, calculate if at least 2 of the results are 1
    return firstCompare ^ secondCompare ^ thirdCompare;

In [295]:
# Test Majority Function
def test_maj():
    """ Test for correct calculations of Majority 
    
    assert = will stop excecution if error is thrown (a result is not what is expected) """

    print("Testing Maj(x, y, z) function:\n")

    # Test only zeros
    x, y, z = 0x00000000, 0x00000000, 0x00000000
    result = Maj(x, y, z)
    print(f"Test zeros: \nMaj({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0x00000000

    # Test one hex number with only 1 bit, rest zeros
    x, y, z = 0x00000001, 0x00000000, 0x00000000
    result = Maj(x, y, z)
    print(f"Test one hex with 1 bit: \nMaj({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0x00000000

    # Test completely different hexadeciaml numbers
    x, y, z = 0xFFFFFFFF, 0x0F0F0F0F, 0x12345678
    result = Maj(x, y, z)
    print(f"Test different hex numbers: \nMaj({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0x1F3F5F7F

    # Test only ones
    x, y, z = 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
    result = Maj(x, y, z)
    print(f"Test only ones: \nMaj({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0xFFFFFFFF

    # Test only int one
    x, y, z = 1, 1, 1
    result = Maj(x, y, z)
    print(f"Test only int one: \nMaj({x:#010x}, {y:#010x}, {z:#010x}) = {result:#010x}\n")
    assert result == 0x00000001

    # Will only print if all asserts previous are passed
    print("-" * 64 + "\nAll tests passed!")

    return;

test_maj();

Testing Maj(x, y, z) function:

Test zeros: 
Maj(0x00000000, 0x00000000, 0x00000000) = 0x00000000

Test one hex with 1 bit: 
Maj(0x00000001, 0x00000000, 0x00000000) = 0x00000000

Test different hex numbers: 
Maj(0xffffffff, 0x0f0f0f0f, 0x12345678) = 0x1f3f5f7f

Test only ones: 
Maj(0xffffffff, 0xffffffff, 0xffffffff) = 0xffffffff

Test only int one: 
Maj(0x00000001, 0x00000001, 0x00000001) = 0x00000001

----------------------------------------------------------------
All tests passed!


### ROTRn(x) Function
The `ROTRn(x)` function is the rotate right operation used in the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf), also known as the circlar right shift. It is used in SHA-224, SHA-256, SHA-384, SHA-512, SHA512/224 and SHA-512/256 algorithms. For this project, it will be used for the purpose of SHA-224 and SHA-256 as they deal with 32-bit words. It is written as:

$$
\textit{ROTR}^n(x)
$$

This is one of the helper functions for the `Sigma0`, `Sigma1`, `sigma0` and `sigma1` logical functions listed in [NIST.FIPS.180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) 4.1.2 section. It works by shifting all bits in the 32-bit word to the right. The shifted out bits are then wrapped around to the front, or the left end, of the bit string which creates a circluar rotation.

It has a time complexity of $\textit{O(1)}$, as it will only ever deals with 32-bit words.

In [296]:
# ROTR function (rotate right operation) to be used for the Sigma and sigma functions below
def rotrn(x, n):
    """  Rotate the 32-bit word (x) to the right by n bits  

    Manipulates the bits by performing a circlar right shift:
        Bits are rotated the right by n bits
        Excess bits are appended onto the left end
    
    As outlined in the SHS:
        ROTRn(x) = ( x >> n ) v ( x << w - n ) """

    # Ensure 32-bit unsigned int
    x = np.uint32(x)

    # Right shift by n bits 
    # Wrap shifted out bits to front
    # Combine the two parts
    return np.uint32((x >> n) | (x << (32 - n)));

In [297]:
# Test ROTRn function
def test_rotrn():
    """ Test for correct calculations of ROTRn(x) """

    print("Testing ROTRn(x) function:\n")

    # Test zeros
    x, n = 0x00000000, 1
    result = rotrn(x, n)
    print(f"Test zeros: \nrotrn({x:#010x}, {n}) = {result:#010x}\n")
    assert result == 0x00000000

    # Test 1 bit rotation
    x, n = 0x00000001, 1
    result = rotrn(x, n)
    print(f"Test 1 bit rotation: \nrotrn({x:#010x}, {n}) = {result:#010x}\n")
    assert result == 0x80000000

    # Test predetermined value rotation
    x, n = 0x12345678, 4 # Shift by 4 for readability
    result = rotrn(x, n)
    print(f"Test known value: \nrotrn({x:#010x}, {n}) = {result:#010x}\n")
    assert result == 0x81234567

    # Test 32-bit rotation
    x, n = 0x87654321, 32
    result = rotrn(x, n)
    print(f"Test full rotation: \nrotrn({x:#010x}, {n}) = {result:#010x}\n")
    assert result == 0x87654321

    # Will only print if all asserts are passed
    print("-" * 64 + "\nAll tests passed!")

    return;

test_rotrn()

Testing ROTRn(x) function:

Test zeros: 
rotrn(0x00000000, 1) = 0x00000000

Test 1 bit rotation: 
rotrn(0x00000001, 1) = 0x80000000

Test known value: 
rotrn(0x12345678, 4) = 0x81234567

Test full rotation: 
rotrn(0x87654321, 32) = 0x87654321

----------------------------------------------------------------
All tests passed!


### SHRn(x) Function
The `SHRn(x)` function is the right shift operation used in the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf). It is used in SHA-224, SHA-256, SHA-384, SHA-512, SHA512/224 and SHA-512/256 algorithms, alongside the `ROTRn(x)` function. For this project, it will be used for the purpose of SHA_224 and SHA-256 as they deal with 32-bit words. It is written as:

$$
\textit{SHR}^n(x) 
$$
This is the another helper function, only used for `sigma0` and `sigma1` logical functions listed in [NIST.FIPS.180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) 4.1.2 section. It works similarly to `ROTRn(x)` by shifting the all the bits in the 32-bit word to the right by $\textit{n}$ positions. In this case, the bits shifted out are now lost and replaced with zeros on the left end.

It has a time complexity of $\textit{O(1)}$ as it only ever deals with 32-bit words.


In [298]:
# SHR function (right shift operation) to be used for Sigma and sigma functions below
def shrn(x, n):
    """ Shift the 32-bit word (x) to the right by n bits
        
    Manipulates the bits by: 
        Shifting the bits by n positions
        Replacing the shifted out bits by zeros on the left end

    As outlined in the SHS:
        SHRn(x) = x >> n """
    
    # Ensure 32-bit unsigned int
    x = np.uint32(x)

    # Shift x right by n bits
    # Insert 0 on left side for every bit moved over
    return x >> n;

In [299]:
# Test SHR function
def test_shrn():
    """ Test for correct calculations of SHRn(x) """

    print("Testing SHRn(x) function:\n")

    # Test zeros
    x, n = 0x00000000, 1
    result = shrn(x, n)
    print(f"Test zeros: \nshrn({x:#010x}, {n}) = {result:#010x}\n")
    assert result == 0x00000000

    # Test 1-bit value
    x, n = 0x00000001, 1
    result = shrn(x, n)
    print(f"Test 1-bit value: \nshrn({x:#010x}, {n}) = {result:#010x}\n")
    assert result == 0x00000000

    # Test 1-bit shift
    x, n = 0x10000000, 1
    result = shrn(x, n)
    print(f"Test 1-bit shift value: \nshrn({x:#010x}, {n}) = {result:#010x}\n")
    assert result == 0x08000000

    # Test 32-bit shift
    x, n = 0x87654321, 32
    result = shrn(x, n)
    print(f"Test 32-bit shift: \nshrn({x:#010x}, {n}) = {result:#010x}\n")
    assert result == 0x00000000

    # Test partial shift
    x, n = 0xFFFFFFFF, 8
    result = shrn(x, n)
    print(f"Test partial shift: \nshrn({x:#010x}, {n}) = {result:#010x}\n")
    assert result == 0x00FFFFFF

    # Will only print if all asserts are passed
    print("-" * 64 + "\nAll tests passed!")

    return;

test_shrn()

Testing SHRn(x) function:

Test zeros: 
shrn(0x00000000, 1) = 0x00000000

Test 1-bit value: 
shrn(0x00000001, 1) = 0x00000000

Test 1-bit shift value: 
shrn(0x10000000, 1) = 0x08000000

Test 32-bit shift: 
shrn(0x87654321, 32) = 0x00000000

Test partial shift: 
shrn(0xffffffff, 8) = 0x00ffffff

----------------------------------------------------------------
All tests passed!


### Sigma0(x) Function
The `Sigma0(x)` function is a logical function in the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) used in SHA-224, SHA-256, SHA-384, SHA-512, SHA512/224 and SHA-512/256 algorithms, using both 32-bit and 64-bit words. It uses one of the helper functions (`ROTRn(x)`) and is written as:

$$
\Sigma_0^{256}(x) = \textit{ROTR}^2(x) \oplus \textit{ROTR}^{13}(x) \oplus \textit{ROTR}^{22}(x)
$$
It rotates the given word (x) to the right using the `ROTRn(x)` function by $\textit{2}$, $\textit{13}$ and $\textit{22}$ bits. It then uses the `XOR` operator on the results of the shifted bits as described in [NIST.FIPS.180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) 4.1.2 section.

It has a time complexity of $\textit{O(1)}$ as it will only deal with 32-bit words and it has no recursion.

In [300]:
# Function of inverse sigma of a bitwise integer with XOR of three right rotations by 2, 13 and 22.
def Sigma0(x):
    """ Rotate the 32-bit word by 2, 13 and 22 using the ROTRn(x) function
    Use the XOR operator on the results
    Works to provide diffusion
    
    As outlined in the SHS:
        ROTR2(x) ^ ROTR13(x) ^ ROTR22(x) """

    # Ensure 32-bit unsigned bit
    x = np.uint32(x)

    # 3 right rotations
    rotr2 = rotrn(x, 2)
    rotr13 = rotrn(x, 13)
    rotr22 = rotrn(x, 22)

    # Use XOR to find final result
    return rotr2 ^ rotr13 ^ rotr22;

In [301]:
# Test Sigma0 function
def test_Sigma0():
    """ Test for correct calculations of Sigma0(x) """

    print("Testing Sigma0(x) function:\n")

    # Test zeros
    x = 0x00000000
    Sigma0x = Sigma0(x)
    print(f"Test zeros: \nSigma0({x:#010x}) = {Sigma0x:#010x}\n")
    assert Sigma0x == 0x00000000

    # Test 1-bit value
    x = 0x00000001
    Sigma0x = Sigma0(x)
    print(f"Test 1-bit value: \nSigma0({x:#010x}) = {Sigma0x:#010x}\n")
    assert Sigma0x == 0x40080400

    # Test all ones
    x = 0xFFFFFFFF
    Sigma0x = Sigma0(x)
    print(f"Test all ones: \nSigma0({x:#010x}) = {Sigma0x:#010x}\n")
    assert Sigma0x == 0xFFFFFFFF

    # Test a random value
    x = 0x12345678
    Sigma0x = Sigma0(x)
    print(f"Test random value: \nSigma0({x:#010x}) = {Sigma0x:#010x}\n")
    assert Sigma0x == 0x66146474

    # Will only print if all asserts are passed
    print("-" * 64 + "\nAll tests passed!")

    return;

test_Sigma0()

Testing Sigma0(x) function:

Test zeros: 
Sigma0(0x00000000) = 0x00000000

Test 1-bit value: 
Sigma0(0x00000001) = 0x40080400

Test all ones: 
Sigma0(0xffffffff) = 0xffffffff

Test random value: 
Sigma0(0x12345678) = 0x66146474

----------------------------------------------------------------
All tests passed!


### Sigma1(x) Function
The Sigma1(x) is another logical function in the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf), used in the same algorithms as `Sigma0(x)`. It uses the same helper function `ROTRn(x)`. It is written as:

$$
\Sigma_1^{256}(x) = \textit{ROTR}^6(x) \oplus \textit{ROTR}^{11}(x) \oplus \textit{ROTR}^{25}(x)
$$
It works the same as `Sigma0(x)` but rotates by different amounts, instead using $\textit{6}$, $\textit{11}$ and $\textit{25}$ as described in [NIST.FIPS.180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) 4.1.2 section.

As it works the same, it has the same time complexity of $\textit{O(1)}$.

In [302]:
# Function of inverse sigma of a bitwise integer with XOR of three right rotations by 6, 11, 25.
def Sigma1(x):
    """ Rotate the 32-bit word by 6, 11 and 25 using the ROTRn(x) function
    Use the XOR operator on the results
    Works to provide diffusion
    
    As outlined in the SHS:
        ROTR6(x) ^ ROTR11(x) ^ ROTR25(x) """

    # Ensure 32-bit unsigned int
    x = np.uint32(x)

    # 3 right rotations
    rotr6 = rotrn(x, 6)
    rotr11 = rotrn(x, 11)
    rotr25 = rotrn(x, 25)

    # Use XOR to find final result
    return rotr6 ^ rotr11 ^ rotr25;

In [303]:
# Test Sigma1 function
def test_Sigma1():
    """ Test for correct calculations of Sigma1(x) """

    print("Testing Sigma1(x) function:\n")

    # Test zeros
    x = 0x00000000
    Sigma1x = Sigma1(x)
    print(f"Test zeros: \nSigma1({x:#010x}) = {Sigma1x:#010x}\n")
    assert Sigma1x == 0x00000000

    # Test 1-bit value
    x = 0x00000001
    Sigma1x = Sigma1(x)
    print(f"Test 1-bit value: \nSigma1({x:#010x}) = {Sigma1x:#010x}\n")
    assert Sigma1x == 0x04200080

    # Test all ones
    x = 0xFFFFFFFF
    Sigma1x = Sigma1(x)
    print(f"Test all ones: \nSigma1({x:#010x}) = {Sigma1x:#010x}\n")
    assert Sigma1x == 0xFFFFFFFF

    # Test a random value
    x = 0x12345678
    Sigma1x = Sigma1(x)
    print(f"Test random value: \nSigma1({x:#010x}) = {Sigma1x:#010x}\n")
    assert Sigma1x == 0x3561ABDA

    # Will only print if all asserts are passed
    print("-" * 64 + "\nAll tests passed!")

    return;

test_Sigma1()

Testing Sigma1(x) function:

Test zeros: 
Sigma1(0x00000000) = 0x00000000

Test 1-bit value: 
Sigma1(0x00000001) = 0x04200080

Test all ones: 
Sigma1(0xffffffff) = 0xffffffff

Test random value: 
Sigma1(0x12345678) = 0x3561abda

----------------------------------------------------------------
All tests passed!


### sigma0(x) Function
The `sigma0(x)` function is another logical function in the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) used in the same algorithms as `Sigma0(x)` and `Sigma1(x)`. It uses both of the helper functions, `ROTRn(x)` and `SHRn(x)`. It is written as:

$$
\sigma_0^{256}(x) = \textit{ROTR}^7(x) \oplus \textit{ROTR}^{18}(x) \oplus \textit{SHR}^3(x)
$$
It rotates the given word $\textit{x}$ to the right by $\textit{7}$ and $\textit{18}$ bits, and then shifts to the right by $\textit{3}$ bits using the `>>` operator. The `XOR` operator is then used on the results of the two rotations and the shift, as described in [NIST.FIPS.180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) 4.1.2 section. It is used during the algorithm's [message schedule expansion](https://medium.com/biffures/part-5-hashing-with-sha-256-4c2afc191c40) which helps to mix bits.

It has a time complexity of $\textit{O(1)}$ as it is not dependent on input size and there is no loops or recursion.

In [304]:
# Function XOR of two right rotations, by 7 and 18,  and a right shift by 3.
def sigma0(x):
    """ Rotate the 32-bit word by 6 and 11 using the ROTRn(x) function
    Perform a right shift by 3 bits using the SHRn(x) function
    Use the XOR operator on the results

    Used during message schedule expansion

    As outlined in the SHS:
        ROTR7(x) ^ ROTR18(x) ^ SHR3(x) """

    # Ensure 32-bit unsigned int
    x = np.uint32(x)

    # 2 right rotations
    rotr7 = rotrn(x, 7)
    rotr18 = rotrn(x, 18)
    # 1 right shift
    shr3 = shrn(x, 3)

    # Use XOR to find final result
    return rotr7 ^ rotr18 ^ shr3;

In [305]:
# Test sigma0 Function
def test_sigma0():
    """ Test for correct calculations of sigma0(x) """

    print("Testing sigma0(x) function:\n")

    # Test zeros
    x = 0x00000000
    sigma0x = sigma0(x)
    print(f"Test zeros: \nsigma0({x:#010x}) = {sigma0x:#010x}\n")
    assert sigma0x == 0x00000000

    # Test 1-bit value
    x = 0x00000001
    sigma0x = sigma0(x)
    print(f"Test 1-bit: \nsigma0({x:#010x}) = {sigma0x:#010x}\n")
    assert sigma0x == 0x02004000

    # Test all ones
    x = 0xFFFFFFFF
    sigma0x = sigma0(x)
    print(f"Test all ones: \nsigma0({x:#010x}) = {sigma0x:#010x}\n")
    assert sigma0x == 0x1FFFFFFF

    # Test random value
    x = 0x12345678
    sigma0x = sigma0(x)
    print(f"Test random: \nsigma0({x:#010x}) = {sigma0x:#010x}\n")
    assert sigma0x == 0xE7FCE6EE

    # Will only print if all asserts are passed
    print("-" * 64 + "\nAll tests passed!")
    
    return;

test_sigma0()

Testing sigma0(x) function:

Test zeros: 
sigma0(0x00000000) = 0x00000000

Test 1-bit: 
sigma0(0x00000001) = 0x02004000

Test all ones: 
sigma0(0xffffffff) = 0x1fffffff

Test random: 
sigma0(0x12345678) = 0xe7fce6ee

----------------------------------------------------------------
All tests passed!


### sigma1(x) Function
The `sigma1(x)` function is another logical function in the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf), used in the same algorithms as `Sigma0(x)`, `Sigma1(x)` and `sigma0(x)`. It uses the same helper functions, `ROTRn(x)` and `SHRn(x)` It is written as:

$$
\sigma_0^{256}(x) = \textit{ROTR}^{17}(x) \oplus \textit{ROTR}^{19}(x) \oplus \textit{SHR}^{10}(x)
$$
It works the same as the `sigma0(x)` function but instead rotates the given word $\textit{x}$ by $\textit{17}$ and $\textit{19}$ bits, and right shifts by $\textit{10}$ bits using the `>>` operator as described in [NIST.FIPS.180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) 4.1.2 section

As it works the same as `sigma0(x)`, it also has a time complexity of $\textit{O(1)}$.

In [306]:
# Function XOR of two right rotations, by 17 and 19, and a right shift by 10.
def sigma1(x):
    """ Rotate the 32-bit word by 17 and 19 using the ROTRn(x) function
    Perform a right shift by 10 bits using the SHRn(x) function
    Use the XOR operator on the results

    Used during message schedule expansion

    As outlined in the SHS:
        ROTR17(x) ^ ROTR19(x) ^ SHR10(x) """

    # Ensure 32-bit unsigned int
    x = np.uint32(x)

    # 2 right rotations
    rotr17 = rotrn(x, 17)
    rotr19 = rotrn(x, 19)
    # 1 right shift
    shr10 = shrn(x, 10)

    # Use XOR to find final result
    return rotr17 ^ rotr19 ^ shr10;

In [307]:
# Test sigma1 Function
def test_sigma1():
    """ Test for correct calculations of sigma0(x) """

    print("Testing sigma0(x) function:\n")

    # Test zeros
    x = 0x00000000
    sigma1x = sigma1(x)
    print(f"Test zeros: \nsigma1({x:#010x}) = {sigma1x:#010x}\n")
    assert sigma1x == 0x00000000

    # Test 1-bit value
    x = 0x00000001
    sigma1x = sigma1(x)
    print(f"Test 1-bit: \nsigma1({x:#010x}) = {sigma1x:#010x}\n")
    assert sigma1x == 0x0000A000

    # Test all ones
    x = 0xFFFFFFFF
    sigma1x = sigma1(x)
    print(f"Test all ones: \nsigma1({x:#010x}) = {sigma1x:#010x}\n")
    assert sigma1x == 0x003FFFFF

    # Test random value
    x = 0x12345678
    sigma1x = sigma1(x)
    print(f"Test random: \nsigma1({x:#010x}) = {sigma1x:#010x}\n")
    assert sigma1x == 0xA1F78649

    # Will only print if all asserts are passed
    print("-" * 64 + "\nAll tests passed!")
    
    return;

test_sigma1()

Testing sigma0(x) function:

Test zeros: 
sigma1(0x00000000) = 0x00000000

Test 1-bit: 
sigma1(0x00000001) = 0x0000a000

Test all ones: 
sigma1(0xffffffff) = 0x003fffff

Test random: 
sigma1(0x12345678) = 0xa1f78649

----------------------------------------------------------------
All tests passed!


## Problem 2: Fractional Parts of Cube Roots

The SHA-224 and SHA-256 algorithms uses 64 fixed contants taken from prime numbers, as shown in [NIST.FIPS.180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) 4.2.2 section, to make their output values appear to be random, but can be mathematically calculated, making it have better defense against cryptographic attacks. However, it does not take the full prime number, but instead it takes the first 32-bits of the fractional parts of the cube roots of these numbers. 

Prime numbers must be greater than $1$, and can only be [divisable by itself and one](https://www.britannica.com/science/prime-number).

Instead of using brute force to calculate the 64 prime numbers, **trial division** will be used for the calculations. 

The process goes as follows:

1. **Store values.**
    - `primes` stores $n$ amount of prime numbers.

2. **Start at $2$ as is the first prime number.**
    - `candidate = 2` excludes $0$ and $1$ as they are not classed as primes.

3. **Iterate through numbers until $n$ primes are calculated.**
    - `while` ensures the loop continues until conditions are met.
    - Continues until the length of $n$ is reached in `primes`.
    - `candidate` is a scalar value, increasing by $1$ every loop iteration.

4. **Use trail division to determine if a candidate is prime.**
    - Set as prime initially `is_Prime = True`.
    - Divide `candidate` by numbers from 2, up to itself minus 1.
    - `candidate % i == 0` means that if the remainder is $0$, `candidate` cannot be prime.

5. **Set non prime number to False.**
    - If the remainder is $0$, set `is_Prime` to `False`.
    - `break` stops the loop.

6. **Add prime numbers to prime list.**
    - If not set to `False`, `candidate` is a prime number.
    - `.append(candidate)` adds the prime to `primes` list.

7. **Continue process until $n$ primes are found.**
    - After appending the previous candidate number, `candidate` is incremented by $1$.
    - Repeat process above until $n$ primes are appended to `primes`.

8. **Return list of prime numbers.**
    - After $n$ amount of primes, return `primes` values.

In [308]:
# Generate the first n prime numbers
def primes(n):
    """ Generate the first n prime numbers using trial divison 
    
    Checks if each number is divisable by 2:
        If it is, returns false as to not add to primes array (excluding 2)
        If it is not, returns true and added to primes array 
        
    Continues process until n primes are generated 
    Returns 0 if n is empty """

    # If the length of the prime number list is equal to 0, return empty list
    if n == 0:
        return []
    
    primes = [] # Store list of prime numbers
    candidate = 2 # First prime number

    # Generate prime numbers until length of n is reached
    while len(primes) < n:
        is_prime = True

        # Check if current number can be divided by 2
        for i in range(2, candidate):
            # If so, its not a prime, don't add it to list
            if candidate % i == 0:
                is_prime = False
                break
        
        # If current number passes check above, add it to primes list
        if is_prime:
            primes.append(candidate)

        # Move onto next number
        candidate += 1

    return primes

In [309]:
# Calculate the first 64 prime numbers
first_primes = primes(64)

# Print out result
print("Prime numbers:")
for i in range(len(first_primes)):
    print(first_primes[i], end=", ")
    if (i + 1) % 8 == 0: # New line every 8 values
        print()

Prime numbers:
2, 3, 5, 7, 11, 13, 17, 19, 
23, 29, 31, 37, 41, 43, 47, 53, 
59, 61, 67, 71, 73, 79, 83, 89, 
97, 101, 103, 107, 109, 113, 127, 131, 
137, 139, 149, 151, 157, 163, 167, 173, 
179, 181, 191, 193, 197, 199, 211, 223, 
227, 229, 233, 239, 241, 251, 257, 263, 
269, 271, 277, 281, 283, 293, 307, 311, 


### Calculating the Fractional Parts
After generating the first 64 prime numbers using trial division, we now have to calculate the fractional part of the cube roots of these numbers as describe in Section 4.2.2 of the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf). 

The process goes as follows:

1. **The cube roots of the 64 numbers must be calculated.**
    - `np.cbrt()` [(see official documentation)](https://numpy.org/devdocs/reference/generated/numpy.cbrt.html) is used to return the cube root for each element in the array. For example the cube root of 2 is:
        - $∛2$ ≈ $1.2599210498948732$ 

2. **Collect the fractional part of the result.**
    - `np.modf()[]` [(see official documentation)](https://numpy.org/devdocs/reference/generated/numpy.modf.html) is used to return the fractional and integral parts of the cube root array. The fractional part is that on the right side of the decimal point, the integral being on the right side. [0] ensures only the fractional part is extracted. For example:
        - `np.modf(cube_roots)[0]`
        - $1.2599210498948732$ = $0.2599210498948732$

3. **Shift the result 32 bits to the right.**
    - `frac * (2 ** 32)` shifts it into an integer value. Example:
        - $0.2599210498948732$ x $2^{32}$ ≈ $1116352408.8030787$

4. **Change the 32-bit value into an integer.**
    - `np.uint32(frac)` makes the value into an unsigned 32-bit integer and drops the remaining fractional value. Example:
        - $[1116352408.8030787]$ = $1116352408$

5. **Convert `np.uint32` value into Python int and append to fractional array.**
    - `int(bits)` converts the NumPy value into a Python value for more reliable hex conversion.
    - `.append()` adds each fractional value onto `frac32` array.

In [310]:
def frac_cube_root(first_primes):
    """ Extract first 32-bits of fractional part of cube roots of generated prime numbers 
    
    Returns a list of 32-bit integers calculated from the fractional parts """

    frac32 = [] # Store 32-bit fractional parts

    # Loop through all prime numbers in array
    for prime in first_primes:
        root = np.cbrt(prime) # Calculates cube root of each prime number
        frac = np.modf(root)[0] # Collects fractional part of cube root
        frac = (frac * (2 ** 32)) # Move over 32 bits
        bits = np.uint32(frac) # Change into unsigned integer
        frac32.append(int(bits)) # Add it to array of fractional parts as int to allow hex conversion
    return frac32

In [311]:
# Display the resulting fractional parts in hexadecimal
frac32 = frac_cube_root(first_primes)

# Converts fractional values to native Python hex
# See: https://realpython.com/ref/builtin-functions/hex/
frac_hex = [hex(frac) for frac in frac32]
print(frac_hex)

['0x428a2f98', '0x71374491', '0xb5c0fbcf', '0xe9b5dba5', '0x3956c25b', '0x59f111f1', '0x923f82a4', '0xab1c5ed5', '0xd807aa98', '0x12835b01', '0x243185be', '0x550c7dc3', '0x72be5d74', '0x80deb1fe', '0x9bdc06a7', '0xc19bf174', '0xe49b69c1', '0xefbe4786', '0xfc19dc6', '0x240ca1cc', '0x2de92c6f', '0x4a7484aa', '0x5cb0a9dc', '0x76f988da', '0x983e5152', '0xa831c66d', '0xb00327c8', '0xbf597fc7', '0xc6e00bf3', '0xd5a79147', '0x6ca6351', '0x14292967', '0x27b70a85', '0x2e1b2138', '0x4d2c6dfc', '0x53380d13', '0x650a7354', '0x766a0abb', '0x81c2c92e', '0x92722c85', '0xa2bfe8a1', '0xa81a664b', '0xc24b8b70', '0xc76c51a3', '0xd192e819', '0xd6990624', '0xf40e3585', '0x106aa070', '0x19a4c116', '0x1e376c08', '0x2748774c', '0x34b0bcb5', '0x391c0cb3', '0x4ed8aa4a', '0x5b9cca4f', '0x682e6ff3', '0x748f82ee', '0x78a5636f', '0x84c87814', '0x8cc70208', '0x90befffa', '0xa4506ceb', '0xbef9a3f7', '0xc67178f2']


### Test Hexadecimal Results

In [312]:
# Test the hexadecimal results against the SHA-256 constants
""" Tests the hexadecimal results of the fractional parts against the offical constant hexademical values provided 
by the Secure Hash Standard Section 4.2.2

These constants stand for the fractional parts of the cube roots of the first 64 prime numbers 

Returns MATCH if the calculated results match SHA constants 
        NO MATCH if not """

# SHA Constants provided by the SHS
sha_constants = [
    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
]

# Print out results to console
print(f"{'Index':>5} | {'frac32':>12} | {'sha_constants':>12} | {'MATCH':>8}")
print("-" * 50)

# Iterate through both fractional parts and SHA constants
for i in range(len(frac32)):
    match = "MATCH" if frac32[i] == sha_constants[i] else "NO MATCH"
    print(f"{i:5} | {frac32[i]:12} | {sha_constants[i]:12} | {match:>8}")

# Check if the calculated cube roots match the SHA constants
if (np.array_equal(frac32, sha_constants)):
    print(f"\nThe hexadecimal results of the fractional parts match the SHA-256 constants.") # Prints if every value matches
else:
    print(f"\nThe hexadecimal results of the fractional parts do not match the SHA-256 constants.") # Prints if at least one does not match


Index |       frac32 | sha_constants |    MATCH
--------------------------------------------------
    0 |   1116352408 |   1116352408 |    MATCH
    1 |   1899447441 |   1899447441 |    MATCH
    2 |   3049323471 |   3049323471 |    MATCH
    3 |   3921009573 |   3921009573 |    MATCH
    4 |    961987163 |    961987163 |    MATCH
    5 |   1508970993 |   1508970993 |    MATCH
    6 |   2453635748 |   2453635748 |    MATCH
    7 |   2870763221 |   2870763221 |    MATCH
    8 |   3624381080 |   3624381080 |    MATCH
    9 |    310598401 |    310598401 |    MATCH
   10 |    607225278 |    607225278 |    MATCH
   11 |   1426881987 |   1426881987 |    MATCH
   12 |   1925078388 |   1925078388 |    MATCH
   13 |   2162078206 |   2162078206 |    MATCH
   14 |   2614888103 |   2614888103 |    MATCH
   15 |   3248222580 |   3248222580 |    MATCH
   16 |   3835390401 |   3835390401 |    MATCH
   17 |   4022224774 |   4022224774 |    MATCH
   18 |    264347078 |    264347078 |    MATCH
   19 | 

## Problem 3: Padding
### Message Padding
Padding is calculated before hashes are computed to ensure messages are at the required length. It is done to make sure a message is a multiple of 512 bits (64 bytes) or 1024 bits (128 bytes), depending on which algorithm is used. In this project, since SHA-256 is implemented, the message must be a multiple of 512 bits, as described in the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) Sections 5.1 and 5.1.1. This process ensures that any message can be handled, when length requirements are met.

The process goes as follows:

1. **Add a '1' bit to the end of the original message.**
    - `msg + b'\x80'`
    - `\x80` represents the length of a '$1$' bit in bytes
    
2. **Add 0's to the end of the message.**
    - Add enough zeros to the message, after the '$1$' bit, so that the length of the message is equal to $448$ modulo $512$.
    - `(56 - appended_length % 64) % 64` finds the amount of $0s$ to be added.

3. **Append the original message as a 64-bit integer.**
    - Convert original message length into 64-bit big-endian integer.
    - `original_msg_bits.to_bytes(8, byteorder='big')` appends big-edian integer to the end of padded message.

4. **Ensures message is now a multiple of 512.**
    - Can now be split into 512-bit blocks for parsing.

### Message Parsing
After the padding is done, this allows for the message to be parsed into $N$ 512-bit blocks, as describe in [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) Section 5.2.1. Each 512-bit block can constitute for sixteen 32-bit words, since SHA-256 is being implemented.
- `yield` [keyword](https://realpython.com/ref/keywords/yield/) allows this function to become a **generator** function. It returns values as it iterates through them when requested instead of returning them at all at the same time.  

In [313]:
def block_parse(msg):
    """ Generator function that processes messages according to SHA-256 specifications 
    Sections 5.1.1. and 5.2.1 and implement message padding

    Append 1 bit with 0x80 byte, have seven zeros
    Append 0 bits to reach 448 length

    Once calculated, append appropriate amount of zeros to padded message
    Append original message to be 64-bit big-edian integer """
    
    # Store the original message bit length
    original_msg_bits = len(msg) * 8

    # Append 1 bit (10000000 in binary, 0x80 in bytes) with seven zeros
    appended_msg = msg + b'\x80'

    # Find the number of zero needed to get to length 448 (mod 512) bits / 56 bytes (mod 64)
    appended_length = len(appended_msg)
    zeros_needed = (56 - appended_length % 64) % 64 

    # Append the zero bytes to padded message
    appended_msg += b'\x00' * zeros_needed

    # Append original message bit length as a 64-bit big-endian int
    appended_msg += original_msg_bits.to_bytes(8, byteorder='big')

    # Compute and yield 512-bit / 64-byte blocks (parsing)
    for i in range(0, len(appended_msg), 64):    
        yield appended_msg[i:i + 64]

### Test Generator Function

In [314]:
def test_block_parse():
    """ Test if the block_parse generator function works as expected

    Test with different lengths of messages to see the extent of its functionality """

    # Test empty message
    msg = b""
    blocks = list(block_parse(msg))
    print("Test empty message:")
    for i in range(len(blocks)):
        print(f"Block {i}: {blocks[i].hex()}")
        print(f"Length: {len(blocks[i])}")
    print(f"Total blocks: {len(blocks)}")
    print("-" * 64 + "\n")

    # Test short message
    msg = b"abc"
    blocks = list(block_parse(msg))
    print("Test 'abc':")
    for i in range(len(blocks)):
        print(f"Block {i}: {blocks[i].hex()}")
        print(f"Length: {len(blocks[i])}")
    print(f"Total blocks: {len(blocks)}")
    print("-" * 64 + "\n")

    # Test 1 block message, maximum 55 bytes
    msg = b"a" * 55
    blocks = list(block_parse(msg))
    print("Test 1 block message at 55 bytes:")
    for i in range(len(blocks)):
        print(f"Block {i}: {blocks[i].hex()}")
        print(f"Length: {len(blocks[i])}")
    print(f"Total blocks: {len(blocks)}")
    print("-" * 64 + "\n")


    # Test 2 block message, minimum 56 bytes
    msg = b"a" * 58
    blocks = list(block_parse(msg))
    print("Test 2 block message:")
    for i in range(len(blocks)):
        print(f"Block {i}: {blocks[i].hex()}")
        print(f"Length: {len(blocks[i])}")
    print(f"Total blocks: {len(blocks)}")
    print("-" * 64 + "\n")

    # Test message with exactly 64 bytes, 2 blocks
    msg = b"a" * 64
    blocks = list(block_parse(msg))
    print("Test 64-byte message:")
    for i in range(len(blocks)):
        print(f"Block {i}: {blocks[i].hex()}")
        print(f"Length: {len(blocks[i])}")
    print(f"Total blocks: {len(blocks)}")
    print("-" * 64 + "\n")

# Run tests
test_block_parse()


Test empty message:
Block 0: 80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Length: 64
Total blocks: 1
----------------------------------------------------------------

Test 'abc':
Block 0: 61626380000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018
Length: 64
Total blocks: 1
----------------------------------------------------------------

Test 1 block message at 55 bytes:
Block 0: 616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161618000000000000001b8
Length: 64
Total blocks: 1
----------------------------------------------------------------

Test 2 block message:
Block 0: 61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161800000000000
Length: 64
Block 1: 0000000000000000000000000000000000000000000000000000000000000

## Problem 4: Hashes

To compute hashes of a padded message, a compression function is applied as described in the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) Section 6.2.2. To allow this algorithm to work, the `hash(current, block)` compression function takes in each 512-bits of the padded message and the current hash value, which are eight hash values provided by the Secure Hash Standard Section 5.3.3 that can also be manually calculated using Problem 2. 

It breaks down the initial 512-bit block into 16 32-bit words, which are transformed into 64 words. It performs the message schedule expansion, computing 64 rounds of compression operations using bitwise and logical operations defined above, to calculate the new hash values.

It then continues the process until all blocks of a message have been processed. After all blocks have been processed, it returns eight 32-bit words which create a 256-bit message digest.

Below are the inital hash values we are provided in the [Secure Hash Standard](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf) Section 5.3.3 specifically in the SHA-256 algorithm.

In [315]:
# Initial hash values provided by the Secure Hash Standard
initial_hash = [
    np.uint32(0x6a09e667),
    np.uint32(0xbb67ae85),
    np.uint32(0x3c6ef372),
    np.uint32(0xa54ff53a),
    np.uint32(0x510e527f),
    np.uint32(0x9b05688c),
    np.uint32(0x1f83d9ab),
    np.uint32(0x5be0cd19),
]

### Hash Function

In [316]:
def hash(current, block):
  """ Compute next hash from previous hash and next 512-bit / 64-byte block, Section 6.2.2. """

  # Convert block into an array of 16 big endian 32-bit unsigned integers
  block = np.frombuffer(block, dtype='>u4')

  # Make an array for 64 words for message schedule
  W = np.zeros(64, dtype=np.uint32)

  # Assign the 16 words of W from the message block
  for t in range(16):
    W[t] = block[t]
  
  # Add the next 48 words of W using the sigma0 and sigma1 functions
  for t in range(16, 64):
    W[t] = (int(sigma1(W[t-2])) + int(W[t-7]) + int(sigma0(W[t-15])) + int(W[t-16])) & 0xFFFFFFFF

  # Declare and initialise the temporary hash value variables
  a = current[0]
  b = current[1]
  c = current[2]
  d = current[3]
  e = current[4]
  f = current[5]
  g = current[6]
  h = current[7]

  # Loop 64 times performing the SHA-256 compression 
  for t in range(64):
    # Calculate temporary values for T1, T2 using Sigma0, Sigma1 and Maj functions
    # Use SHA-256 constants from Problem 3 (K in SHS)
    T1 = (int(h) + int(Sigma1(e)) + int(Ch(e, f, g)) + int(sha_constants[t]) + int(W[t])) & 0xFFFFFFFF
    T2 = (int(Sigma0(a)) + int(Maj(a, b, c))) & 0xFFFFFFFF

    # Update temporary hash variables
    h = g
    g = f
    f = e
    e = (d + T1) & 0xFFFFFFFF # Ensures 32-bits, in case of overflow
    d = c
    c = b
    b = a
    a = (T1 + T2) & 0xFFFFFFFF # Ensures 32-bits, in case of overflow

  # Assign the updated hash values to previously declared variables
  H = np.array([
    (current[0] + a) & 0xFFFFFFFF,
    (current[1] + b) & 0xFFFFFFFF,
    (current[2] + c) & 0xFFFFFFFF,
    (current[3] + d) & 0xFFFFFFFF,
    (current[4] + e) & 0xFFFFFFFF,
    (current[5] + f) & 0xFFFFFFFF,
    (current[6] + g) & 0xFFFFFFFF,
    (current[7] + h) & 0xFFFFFFFF,
  ], dtype=np.uint32) # 32-bit integer

  # Return the hash value
  return H

In [317]:
# Test messages
test_messages = {
    "empty": b"",
    "abc": b"abc",
    "789": b"789",
    "One block": b"abcdefgh",
    "Multiple blocks": b"a" * 56
}

def test_hash():
    for name, msg_bytes in test_messages.items():
        # Start with initial hash
        H = initial_hash.copy()

        # Process each 512-bit block
        for block in block_parse(msg_bytes):
            H = hash(H, block)

        # Convert final hash state to hexadecimal string
        hash_hex = ''.join(f"{word:08x}" for word in H)

        # Display results with full message
        print(f"Test: {name}")
        print(f"Message (full bytes): {msg_bytes}")
        print(f"Number of blocks: {len(list(block_parse(msg_bytes)))}")
        print(f"Final hash state: {H}")
        print(f"SHA-256 hash: {hash_hex}")
        print("-" * 50)

# Run the tests
test_hash()

Test: empty
Message (full bytes): b''
Number of blocks: 1
Final hash state: [3820012610 2566659092 2600203464 2574235940  665731556 1687917388
 2761267483 2018687061]
SHA-256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
--------------------------------------------------
Test: abc
Message (full bytes): b'abc'
Number of blocks: 1
Final hash state: [3128432319 2399260650 1094795486 1571693091 2953011619 2518121116
 3021012833 4060091821]
SHA-256 hash: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
--------------------------------------------------
Test: 789
Message (full bytes): b'789'
Number of blocks: 1
Final hash state: [ 900326273 2980214119 1419468682 1870150678 2126479519  474835614
  913457224 1301078657]
SHA-256 hash: 35a9e381b1a27567549b5f8a6f783c167ebf809f1c4d6a9e367240484d8ce281
--------------------------------------------------
Test: One block
Message (full bytes): b'abcdefgh'
Number of blocks: 1
Final hash state: [2622934097 3010773

## Problem 5: Passwords

In [318]:
# Hashes provided in Problem 5
provided_hashes = [
    "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8",
    "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34",
    "b03ddf3ca2e714a6548e7495e2a03f5e824eaac9837cd7f159c67b90fb4b7342"
]

# 50 of some of the most common passwords
common_passwords = [ 
    "123456", "12345679", "admin", "1234", "password", "qwerty",
    "Aa@123456", "P@ssw0rd", "Pass@123", "iloveyou", "dragon",
    "monkey", "letmein", "secret", "football", "shadow", "sunshine",
    "princess", "superman", "batman", "trustno1", "liverpool", "soccer", 
    "harley", "starwars", "matthew", "summer", "friday", "cheese", "cookie", "guitar",
    "Minecraft", "newuser", "temppass", "test", "test123", "guest", "pass", "passw0rd",
    "Password1", "Password123", "50cent", "slipknot", "barbie", "thor",
    "987654321", "112233", "121212", "131313", "696969"
]

def sha256(msg):
    H = np.array(initial_hash, dtype=np.uint32)
    for block in block_parse(msg):
        H = hash(H, block)
    return ''.join(f"{x:08x}" for x in H)

# Track cracked hashes
cracked = {}
attempt = 0

# Dictionary attack on passwords provided above
for password in common_passwords:
    attempt += 1
    hash_hex = sha256(password.encode("utf-8"))

    # If the hash of a password matches one of those provided, and hasn't already matched
    # Then display it and marked as found
    if hash_hex in provided_hashes and hash_hex not in cracked:
        cracked[hash_hex] = (password, attempt)
        print(f"Match found!\n  Hash: {hash_hex}")
        print(f"  Password: {password!r}")
        print(f"  Attempts: {attempt}\n")

# If hash was not matched to a password
for h in provided_hashes:
    if h not in cracked:
        print(f"\nHash: {h}")
        print("  Not found in candidate list")


Match found!
  Hash: 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
  Password: 'password'
  Attempts: 5

Match found!
  Hash: b03ddf3ca2e714a6548e7495e2a03f5e824eaac9837cd7f159c67b90fb4b7342
  Password: 'P@ssw0rd'
  Attempts: 8

Match found!
  Hash: 873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34
  Password: 'cheese'
  Attempts: 29



## References 
### Secure Hash Standard
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf

### Problem 1:
https://www.geeksforgeeks.org/dsa/finding-the-parity-of-a-number-efficiently  


### Problem 2:
https://dev.to/xfbs/generating-prime-numbers-with-python-and-rust-4663  
https://en.wikipedia.org/wiki/Trial_division  
https://docs.python.org/3/library/math.html