Need mathematical proof for CH and MAJ functions in SHA256

Coding Enthusiast (OP)

Legendary

Offline

Activity: 1039
Merit: 2783

Bitcoin and C♯ Enthusiast

Need mathematical proof for CH and MAJ functions in SHA256

May 04, 2019, 06:41:18 AM
Last edit: May 04, 2019, 07:13:27 AM by Coding Enthusiast

Merited by HeRetiK (1), ABCbits (1)

The SHA256 implementation that bitcoin-core is using has a different set of functions for CH and MAJ operations done in this hash function. While they both are nice little optimizations for skipping 1 bitwise operation, I can't figure out the mathematical proof for them being the same.

For reference:

Code:

CH = (x & y) | ((~x) & z)
CH_alt = z ^ (x & (y ^ z))

Code:

MAJ = (x & y) ^ (x & z) ^ (y & z)
MAJ_alt = (x & y) | (z & (x | y))

CH and MAJ are the functions from FIPS 180-3 while CH_alt and MAJ_alt are from bitcoin-core source code

Projects List+Suggestion box
Donate: 1Q9s or bc1q

|
|
|

FinderOuter(0.19.1)Ann-git
Denovo(0.7.0)Ann-git
Bitcoin.Net(0.26.0)Ann-git

|
|
|

BitcoinTransactionTool(0.11.0)Ann-git
WatchOnlyBitcoinWallet(3.2.1)Ann-git
SharpPusher(0.12.0)Ann-git

1714062259

Hero Member

Offline

Posts: 1714062259

Ignore

1714062259

1714062259


	Report to moderator

Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1714062259

Hero Member

Offline

Posts: 1714062259

Ignore

1714062259


	Report to moderator

gmaxwell

Moderator
Legendary

Offline

Activity: 4158
Merit: 8382

Re: Need mathematical proof for CH and MAJ functions in SHA256

May 04, 2019, 08:14:42 AM

Merited by darosior (2), ABCbits (1)

These functions are just simply three-bit input boolean functions (used bitslice style in SHA2).

With only 8 possible inputs exhaustion is a perfectly valid proof technique:

Code:

#include <stdio.h>
#include <stdlib.h>
int CH(int x,int y,int z) { return (x & y) | ((~x) & z); }
int CH_alt(int x,int y,int z) { return z ^ (x & (y ^ z)); }
int MAJ(int x,int y,int z) { return (x & y) ^ (x & z) ^ (y & z);}
int MAJ_alt(int x,int y,int z) { return (x & y) | (z & (x | y));};
int main(void){
  int x,y,z;
  for (x=0; x<2; x++) {
    for (y=0; y<2; y++) {
      for (z=0; z<2; z++) {
        if((CH(x,y,z) != CH_alt(x,y,z)) || (MAJ(x,y,z) != MAJ_alt(x,y,z))) {
          printf("quod est absurdum\n");
          exit(1);
        }
      }
    }
  }
  printf("QED\n");
  return 0;
}

darosior

Sr. Member

Offline

Activity: 279
Merit: 435

Re: Need mathematical proof for CH and MAJ functions in SHA256

May 04, 2019, 10:12:26 AM

Merited by ABCbits (1), aliashraf (1)

Quote from: Coding Enthusiast on May 04, 2019, 06:41:18 AM

Code:

CH = (x & y) | ((~x) & z)
CH_alt = z ^ (x & (y ^ z))

Code:

MAJ = (x & y) ^ (x & z) ^ (y & z)
MAJ_alt = (x & y) | (z & (x | y))

CH and MAJ are the functions from FIPS 180-3 while CH_alt and MAJ_alt are from bitcoin-core source code

Code:

CH_alt = z ^ (x & (y ^ z))
CH_alt = (~z) & (x & (y ^ z)) | z & ((~x) | ~(y ^ z))  
CH_alt = x & (~z) & (y ^ z) | (z & (~x)) | (z & ~(y ^ z))
CH_alt = x & y | (z & (~x)) | (z & ~(y ^ z))
CH_alt = (x & y) | ((~x) & z)
CH_alt = CH

Hint :

Code:

(~z) & (y ^ z) = 0
z & ~(y ^ z) = 0

Pages: [1]

Bitcoin Forum > Bitcoin > Development & Technical Discussion > Need mathematical proof for CH and MAJ functions in SHA256

« previous topic next topic »