How does Secure Hash Algorithm works?

The Secure Hash Algorithm (SHA) was invented by the National Security Agency (NSA) and published in 1993 through the National Institute of Standard and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS PUB 180).

SHA depends on and shares the similar building blocks as the MD4 algorithm. The design of SHA introduced a new process which develop the 16-word message block input to the compression function to an 80-word block between other things.

The processing of SHA works as follows −

Step 1Append padding bits − The original message is padded and its duration is congruent to 448 modulo 512. Padding is continually inserted although the message already has the desired length. Padding includes a single 1 followed by the essential number of 0 bits.

Step 2Append length − A 64-bit block considered as an unsigned 64-bit integer (most essential byte first), and defining the length of the original message (before padding in step 1), is added to the message. The complete message's length is a multiple of 512.

Step 3Initialize the buffer − The buffer includes five (5) registers of 32 bits each indicated by A, B, C, D, and E. This 160-bit buffer can be used to influence temporary and final outcomes of the compression function. These five registers are initialized to the following 32-bit integers (in hexadecimal notation).

A = 67 45 23 01

B = ef cd ab 89

C = 98 ba dc fe

D = 10 32 54 76

E = c3 d2 e1 f0

The registers A, B, C, and D are actually the same as the four registers used in MD5 algorithm. But in SHA-1, these values are saved in big-endian format, which define that the most essential byte of the word is located in the low-address byte position. Therefore the initialization values (in hexadecimal notation) occurs as follows −

word A = 67 45 23 01

word B = ef cd ab 89

word C = 98 ba dc fe

word D = 10 32 54 76

word E = c3 d2 e1 f0

Step 4Process message in 512-bit blocks − The compression function is divided into 20 sequential steps includes four rounds of processing where each round is made up of 20 steps.

The four rounds are structurally same as one another with the only difference that each round need a different Boolean function, which it can define as f1, f2, f3, f4 and one of four multiple additive constants Kt (0 ≤t ≤79) which is based on the step under consideration.

Step 5Output − After processing the final 512-bit message block t (considering that the message is divided into t 512-bit blocks), and it can obtain a 160-bit message digest.