4

I'm currently trying to implement sha256 from a scratch.

I'm implementing ch() function whose definition is ch(x,y,z) = (x&y) ^ (~x&z)

(&:indicate and gate, ^:indicate xor gate, ~:is negate)

I implemented like this:

function ch(x,y,z){
 (x&y) ^ (~x&z)
}

but after I implemented it, when I saw some other implementation such ashttp://point-at-infinity.org/jssha256/, the implementation is like this (below)

function SHA256_Ch(x, y, z) {
  return z ^ (x & (y ^ z));
}

what is this conversion?

can I obtain the same result from wikipedia's?

Could you tell me the path ?

---------------------------------------------------------

Thank you for answeing!

ch() stands for choose: x chooses y or z. When x is 0, z is chosen, and when x is 1, y is chosen

This is a critical sentence for me. I wanted to know how the desiner find second form ch function.

but I guess, if I obtain the view of your advise then, that is obvious.

if a designer of sha256 want to use ch function like it, that makes sense.when x is zero, y is 0, and z is left, because x and z is connected with xor gate,and x and y is connected with and gate.when x is one, y is y and z is nothing, because there are two z connected with xor gate;

I should start my guess from the perspective of the one who structured SHA256 algorythm.

Thanks for teaching!!

kouji

Improve this question
3
  • How does accepting an answer work? Commented Mar 14, 2016 at 8:33
  • Dear mitch. I'm sorry. Althogh you helped me a lot. I was rude to you, because of my ignorance. I'll accept your graceful answer, as you suggest. Is it worked? Thank you for advises!! Commented Mar 15, 2016 at 14:19
  • You weren't rude. Just a new stackoverflower! Commented Mar 15, 2016 at 14:58

1 Answer 1

Reset to default
3

If you write out the truth table for x, y, z and the 2 expressions, you will see that they are identical.

In both cases (I've left out the intermediate results for brevity):

x  y  z  (x&y)^(~x&z)  z^(x&(y^z))
0  0  0  0             0
0  0  1  1             1
0  1  0  0             0  
0  1  1  1             1  
1  0  0  0             0  
1  0  1  0             0  
1  1  0  1             1  
1  1  1  1             1

ch() stands for choose: x chooses y or z. When x is 0, z is chosen, and when x is 1, y is chosen

The second form uses 1 less bitwise operation; but I'd guess that any speed improvement would be implementation specific.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.