# SHA-256

May 20, 2023

SHA-256, or Secure Hash Algorithm 256-bit, is a widely used cryptographic hash function designed by the National Security Agency (NSA) in the United States. It is the successor to SHA-1 and is part of the SHA-2 family of hash functions, which also includes SHA-224, SHA-384, SHA-512, SHA-512/224, and SHA-512/256. With its 256-bit level of security, SHA-256 provides a higher degree of data integrity and resistance to attacks compared to its predecessor.

## Overview

SHA-256, like other hash functions, takes an input and generates a fixed-size output, which is a unique representation of the input data. It is designed to be a one-way function, meaning that it is computationally infeasible to reverse the process and retrieve the original input from the hash output. Hash functions are commonly used in various security applications, such as digital signatures, message authentication codes (MACs), and password hashing.

The output of the SHA-256 function is a 256-bit (32-byte) hash, which is typically represented by a 64-character hexadecimal string. The algorithm is based on the Merkle-Damgård construction, which is a design principle for many hash functions, including SHA-1 and MD5. It processes the input data in 512-bit blocks and uses a series of mathematical operations to produce the final hash value.

## Design

SHA-256 is built upon a series of operations that transform the input message in a deterministic and irreversible manner. The algorithm comprises four main steps:

**Preprocessing**: The input message is padded with a 1-bit followed by a number of 0-bits, such that the length of the message becomes congruent to 448, modulo 512. Next, a 64-bit block is added, containing the original length of the message. This step ensures that the total length of the preprocessed message is a multiple of 512 bits.**Message parsing**: The preprocessed message is divided into 512-bit blocks, which are then operated upon sequentially.**Block processing**: Each 512-bit block is processed through a series of operations called a “round”. SHA-256 uses 64 rounds, and each round consists of bitwise operations, modular arithmetic, and logical functions. The operations include bitwise AND, OR, XOR, NOT, addition modulo 2^32, and bitwise rotations.**Hash output**: After all the rounds are completed, the final output is a 256-bit hash value, which is the concatenation of eight 32-bit words obtained from the block processing step. This hash output is unique to the input message, and even a small change in the input data will produce a completely different output.

## Security

SHA-256 is widely regarded as a secure hash function due to its resistance to various types of attacks. Some of the properties that contribute to its security are:

**Preimage resistance**: Given a hash output, it should be computationally infeasible to find the original input message. This property ensures that an attacker cannot generate the original data from the hash value.**Second preimage resistance**: Given an input message, it should be computationally infeasible to find another message with the same hash output. This property prevents an attacker from finding a different input that produces the same hash, and therefore, protects against forgery.**Collision resistance**: It should be computationally infeasible to find two different messages with the same hash output. This property is crucial to ensure data integrity, as it prevents an attacker from generating two different inputs that have the same hash value.

The security of SHA-256 is mainly attributed to its large output size (256 bits) and the complexity of its underlying operations. Although there have been some theoretical attacks on the SHA-2 family, none of them have been practically successful in breaking the security of SHA-256.

## Applications

SHA-256 is widely used in various security applications and protocols, including:

**Digital signatures**: Hash functions like SHA-256 are used to compute a unique representation of a document or message, which is then signed using a private key. The signature can be verified using the corresponding public key, ensuring the integrity and authenticity of the message.**Message authentication codes (MACs)**: A MAC is generated by hashing a message concatenated with a secret key. The recipient, who also has the secret key, can verify the authenticity of the message by recomputing the MAC and comparing it with the received MAC.**Password hashing**: Storing passwords in plaintext is a security risk, as an attacker who gains access to the storage can easily use the passwords for unauthorized access. Instead, passwords are hashed using functions like SHA-256 before being stored, and when a user enters a password, it is hashed and compared to the stored hash.**Cryptocurrency**: SHA-256 is the underlying hash function used in the proof-of-work algorithm for Bitcoin and other cryptocurrencies. Miners must find a nonce that, when hashed with the block data, produces a hash output with a specific number of leading zeros.