The precise status of the relevant number theoretic problems for SHA-256

[niniyo]

I was enjoying reading this discussion, even though I didn't 100% follow everything, and I think this is a really relevant and good discussion to be having in this community.  The fact that the constants are chosen systematically (roots of primes) rather than arbitrarily chosen, does give some confidence that there isn't some backdoor.

And then suddenly the thread turned hostile, with a really irrelevant post about stepping through an implementation of SHA-256 on a simulator?  That really had nothing to do with number theory which is the topic here.

Anyway, thanks for the good reading.  I learnt something.

[Altoidnerd]

I get the feeling you are ignorant to number theory. The zeros do not just appear out of then air - they are deterministically manifest in the calculation steps prior to their appearance.

I get the idea you do not understand 'irony'

As regards the rest of the drivel you posted..., I can see from the fact that you 'cited' 'prickypidia' that your education is most possibly below BA level, anything about that level, you would have been educated in 'research skills' which in turn would have lead you to several papers on partial 'cracks' of the SHA256 algorithm.. upto about 25 bits.
There is also research on Hash prediction, something I myself have been interested in.

The fact that you do not  appear to be aware of these research areas (as you used neither to try and negate my post)  would lead me to believe you are more likely to be a fuckwit
who managed to pickup a couple of buzzwords

You are a boner.  This comment in no way adds to the conversation.  I hate you.

[Altoidnerd]

I don't know why you think number theory can actually shine any light on this.
Taking the fractional part of a floating point number and multiplying it by 2**32 essentially gets you a nice garbage integer.
Because square/cube roots are believed to be normal numbers in base 2 http://mathworld.wolfram.com/NormalNumber.html (Their digit distribution certainly is random for the relevant part anyways), their decimal expansion is essentially a string of random (the important part) garbage. It has no interesting number theoretic properties left.
More importantly, the round constants are mixed through essentially bitwise operations, the number theory surrounding primes would have very little of interest to tell you, since it does not deal with the representations of numbers, while hash algorithms are essentially only bit twiddling, which mostly don't care about the numeric values used (only their binary representation).

Only because if there were anything "up the sleeve" of the first N-bits of truncations of the cube roots of primes, number theory is what would lead to the description.  That is, if these truncations have properties at all.

The fact that the numbers are normal is good but does no exclude the possibility that finite truncations of such numbers have predictable properties.  The whole spirit of my post is to try to pose the relevant questions...which I think now are probably pointed right at these truncations, and whether or not they have any slippery properties under the transformations specified by SHA-2.

[rritoch]

Please do not believe for a second that SHA256 is unbreakable. It is unbroken, as far as we know, but there are no mathematical proofs showing it is unbreakable and without that it is reasonable to conclude it can and will eventually be broken.  It makes a great deal of sense that SHA256 would have a back-door, and I believe that the choosing of these constants is a major clue.  If you are familiar with the π(), PI, function, also known as the prime counting function, you will see this function has not yet been completely solved, but it can be proven that if solved, the function can be used to solve P(n) where P is the function that produces the nth prime.  While the π() has not been solved, there are extremely close approximations that have been contrived which follow the exact value of π() for some number of digits before curling away from it.  I went down a rabbit hole on this under the false impression that ln(x) approaches  π(x) as x approaches infinity trying to create a curl adjustment function based on this fact in such a way that the curl would meet ln(x) at some logarithmic scale of x.  While I may have failed at solving the π(x) function my research shows that it is extremely likely that P(n) can be approximated with another function for small values of n (such as 72 used by SHA256).  I also want to note there is nothing particularly special about the rightshift function, it is simply floor(x/2^n) where n is the number of digits shifted.  The rotate right function can also be expressed using floor, subtraction, division, and powers. The XOR functions are used in triplicate so they define a relationship between the bits a_1 ^ b_1 ^ c_1 will be true if a_1 is different than b_1 and c_1 is false, but if c_1 is true than the result will be true if a_1 is the same as b_1.  This is about as far as I have gotten on cracking SHA256, but I assure you, it can be cracked. It will just take more time, and I am probably not the person to do it.