Bitcoin Forum
May 29, 2024, 06:37:48 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Need mathematical proof for CH and MAJ functions in SHA256
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Need mathematical proof for CH and MAJ functions in SHA256  (Read 179 times)
Coding Enthusiast (OP)
Legendary
*
Offline Offline

Activity: 1039
Merit: 2783


Bitcoin and C♯ Enthusiast


View Profile WWW
May 04, 2019, 06:41:18 AM
Last edit: May 04, 2019, 07:13:27 AM by Coding Enthusiast
Merited by HeRetiK (1), ABCbits (1)
 #1
The SHA256 implementation that bitcoin-core is using has a different set of functions for CH and MAJ operations done in this hash function. While they both are nice little optimizations for skipping 1 bitwise operation, I can't figure out the mathematical proof for them being the same.

For reference:
Code:
CH = (x & y) | ((~x) & z)
CH_alt = z ^ (x & (y ^ z))
Code:
MAJ = (x & y) ^ (x & z) ^ (y & z)
MAJ_alt = (x & y) | (z & (x | y))

CH and MAJ are the functions from FIPS 180-3 while CH_alt and MAJ_alt are from bitcoin-core source code
Projects List+Suggestion box
Donate: 1Q9s or bc1q
|
|
|
FinderOuter(0.19.1)Ann-git
Denovo(0.7.0)Ann-git
Bitcoin.Net(0.26.0)Ann-git
|
|
|
BitcoinTransactionTool(0.11.0)Ann-git
WatchOnlyBitcoinWallet(3.2.1)Ann-git
SharpPusher(0.12.0)Ann-git
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4186
Merit: 8435



View Profile WWW
May 04, 2019, 08:14:42 AM
Merited by darosior (2), ABCbits (1)
 #2

These functions are just simply three-bit input boolean functions (used bitslice style in SHA2).

With only 8 possible inputs exhaustion is a perfectly valid proof technique:

Code:
#include <stdio.h>
#include <stdlib.h>
int CH(int x,int y,int z) { return (x & y) | ((~x) & z); }
int CH_alt(int x,int y,int z) { return z ^ (x & (y ^ z)); }
int MAJ(int x,int y,int z) { return (x & y) ^ (x & z) ^ (y & z);}
int MAJ_alt(int x,int y,int z) { return (x & y) | (z & (x | y));};
int main(void){
  int x,y,z;
  for (x=0; x<2; x++) {
    for (y=0; y<2; y++) {
      for (z=0; z<2; z++) {
        if((CH(x,y,z) != CH_alt(x,y,z)) || (MAJ(x,y,z) != MAJ_alt(x,y,z))) {
          printf("quod est absurdum\n");
          exit(1);
        }
      }
    }
  }
  printf("QED\n");
  return 0;
}
darosior
Sr. Member
****
Offline Offline

Activity: 279
Merit: 435


View Profile
May 04, 2019, 10:12:26 AM
Merited by ABCbits (1), aliashraf (1)
 #3
Quote from: Coding Enthusiast on May 04, 2019, 06:41:18 AM
The SHA256 implementation that bitcoin-core is using has a different set of functions for CH and MAJ operations done in this hash function. While they both are nice little optimizations for skipping 1 bitwise operation, I can't figure out the mathematical proof for them being the same.

For reference:
Code:
CH = (x & y) | ((~x) & z)
CH_alt = z ^ (x & (y ^ z))
Code:
MAJ = (x & y) ^ (x & z) ^ (y & z)
MAJ_alt = (x & y) | (z & (x | y))

CH and MAJ are the functions from FIPS 180-3 while CH_alt and MAJ_alt are from bitcoin-core source code

Code:
CH_alt = z ^ (x & (y ^ z))
CH_alt = (~z) & (x & (y ^ z)) | z & ((~x) | ~(y ^ z))  
CH_alt = x & (~z) & (y ^ z) | (z & (~x)) | (z & ~(y ^ z))
CH_alt = x & y | (z & (~x)) | (z & ~(y ^ z))
CH_alt = (x & y) | ((~x) & z)
CH_alt = CH
Hint :
Code:
(~z) & (y ^ z) = 0
z & ~(y ^ z) = 0
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Need mathematical proof for CH and MAJ functions in SHA256
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!