LLMpediaThe first transparent, open encyclopedia generated by LLMs

SHA-2

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: SRI International Hop 3
Expansion Funnel Raw 65 → Dedup 34 → NER 12 → Enqueued 8
1. Extracted65
2. After dedup34 (None)
3. After NER12 (None)
Rejected: 22 (not NE: 22)
4. Enqueued8 (None)
Similarity rejected: 4
SHA-2
NameSHA-2
DesignersNational Security Agency
Publish date2001
SeriesSHA-1, SHA-3
Digest sizes224, 256, 384, 512 bits
StructureMerkle–Damgård construction
Rounds64 or 80

SHA-2. SHA-2 is a family of cryptographic hash functions designed by the National Security Agency and published in 2001 by the National Institute of Standards and Technology as a U.S. Federal Information Processing Standard. It is the successor to the earlier SHA-1 algorithm and comprises several hash functions with different digest lengths, including the widely used SHA-256 and SHA-512. The development of SHA-2 was motivated by the discovery of theoretical weaknesses in its predecessors, aiming to provide a more secure foundation for digital security protocols.

Overview

The SHA-2 family builds upon the design principles of its predecessors but incorporates significant enhancements to resist known cryptanalytic attacks. It is structured using the Merkle–Damgård construction, a method also used in MD5 and SHA-1, but with a more complex compression function and increased internal state size. The primary variants are defined by their output bit length, with SHA-224, SHA-256, SHA-384, and SHA-512 being the most common, and additional versions like SHA-512/224 and SHA-512/256 introduced later. These algorithms process input messages in blocks, employing a series of logical operations and modular additions to produce a fixed-size hash value, or digest, which acts as a unique digital fingerprint for the input data.

Algorithm details

The core operation of SHA-2 involves processing message blocks through a compression function that updates an internal state represented by eight 32-bit or 64-bit words, depending on the variant. For SHA-256, the algorithm uses 64 rounds of processing, each applying a combination of bitwise operations such as Ch (function), Maj (function), and Σ functions, along with the addition of constants derived from the fractional parts of cube roots of prime numbers. The message schedule expands each 512-bit block into sixty-four 32-bit words, providing the necessary input for each round. In contrast, SHA-512 operates on 1024-bit blocks, uses 80 rounds, and employs 64-bit words throughout its computation, making it more suitable for 64-bit architectures like those from Intel and Advanced Micro Devices.

Security and cryptanalysis

As of current public knowledge, no practical collision attack or preimage attack has been demonstrated against the full rounds of any SHA-2 hash function, making it resistant to threats that compromised MD5 and SHA-1. However, theoretical reduced-round cryptanalysis has shown vulnerabilities in simplified versions, such as attacks on 46 rounds of SHA-256 by researchers like Xiaoyun Wang. The security of SHA-2 relies on its complex round function and large internal state, which defend against differential cryptanalysis and length extension attacks. The National Institute of Standards and Technology recommends transitioning to SHA-3 for long-term security, but SHA-2 remains robust for most applications, including those securing the Transport Layer Security protocol and the Bitcoin network.

Variants

The SHA-2 family includes several distinct hash functions, primarily differentiated by their output length and internal parameters. SHA-224 is essentially SHA-256 with a different initialization vector and truncated output, while SHA-384 and SHA-512/224 are similarly derived from SHA-512. The SHA-512/256 variant offers a 256-bit output using the SHA-512 engine but with different initial values to provide domain separation. These variants allow for a balance between security level, performance, and compatibility with existing systems, such as those requiring specific output sizes for digital signature schemes like RSA (cryptosystem) or Elliptic Curve Digital Signature Algorithm.

Applications

SHA-2 hash functions are extensively deployed in a wide array of security protocols and systems. They form a critical component of Transport Layer Security versions 1.2 and 1.3, used to secure web traffic on platforms like Google Chrome and Mozilla Firefox. In the realm of cryptocurrency, SHA-256 is the foundational algorithm for the Bitcoin proof-of-work system, securing the blockchain and enabling mining (cryptocurrency). Other applications include verifying software integrity in projects like the Linux kernel, generating key derivation functions in Password-Based Key Derivation Function 2, and supporting certificate authorities within the Public Key Infrastructure framework.

Standardization and adoption

The SHA-2 family was formally standardized by the National Institute of Standards and Technology in FIPS PUB 180-2, and later updates in FIPS PUB 180-4, establishing it as a U.S. Federal Information Processing Standard. Its adoption was accelerated by the deprecation of SHA-1 by major organizations, including Microsoft, Google, and the Certificate Authority/Browser Forum, which mandated a transition for X.509 certificates. International standards bodies like the International Organization for Standardization and the International Electrotechnical Commission have also incorporated SHA-2 into standards such as ISO/IEC 10118-3. Widespread implementation in operating systems like Microsoft Windows, macOS, and Linux ensures its integration into global digital infrastructure.

Category:Cryptographic hash functions Category:Computer security standards Category:National Institute of Standards and Technology