I'm currently trying to implement sha256 from a scratch.
I'm implementing ch() function whose definition is ch(x,y,z) = (x&y) ^ (~x&z)
(&:indicate and gate, ^:indicate xor gate, ~:is negate)
I implemented like this:
function ch(x,y,z){
(x&y) ^ (~x&z)
}
but after I implemented it, when I saw some other implementation such ashttp://point-at-infinity.org/jssha256/, the implementation is like this (below)
function SHA256_Ch(x, y, z) {
return z ^ (x & (y ^ z));
}
what is this conversion?
can I obtain the same result from wikipedia's?
Could you tell me the path ?
Thank you for answeing!
ch() stands for choose: x chooses y or z. When x is 0, z is chosen, and when x is 1, y is chosen
This is a critical sentence for me. I wanted to know how the desiner find second form ch function.
but I guess, if I obtain the view of your advise then, that is obvious.
if a designer of sha256 want to use ch function like it, that makes sense.when x is zero, y is 0, and z is left, because x and z is connected with xor gate,and x and y is connected with and gate.when x is one, y is y and z is nothing, because there are two z connected with xor gate;
I should start my guess from the perspective of the one who structured SHA256 algorythm.
Thanks for teaching!!
kouji
If you write out the truth table for x, y, z and the 2 expressions, you will see that they are identical.
In both cases (I've left out the intermediate results for brevity):
x y z (x&y)^(~x&z) z^(x&(y^z))
0 0 0 0 0
0 0 1 1 1
0 1 0 0 0
0 1 1 1 1
1 0 0 0 0
1 0 1 0 0
1 1 0 1 1
1 1 1 1 1
ch() stands for choose: x chooses y or z. When x is 0, z is chosen, and when x is 1, y is chosen
The second form uses 1 less bitwise operation; but I'd guess that any speed improvement would be implementation specific.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments