SHA-256
Generated by DeepSeek V3.2Expansion Funnel Raw 55 → Dedup 0 → NER 0 → Enqueued 0
| SHA-256 | |
|---|---|
| Name | SHA-256 |
| Designers | National Security Agency |
| Publish date | 2001 |
| Series | SHA-2 |
| Related to | SHA-1, SHA-512 |
| Digest sizes | 256 bits |
| Structure | Merkle–Damgård construction |
| Rounds | 64 |
SHA-256. It is a member of the SHA-2 family of cryptographic hash functions designed by the National Security Agency and published in 2001 by the National Institute of Standards and Technology as part of the Federal Information Processing Standard FIPS PUB 180-4. The algorithm produces a fixed-size 256-bit (32-byte) hash value, typically rendered as a 64-digit hexadecimal number, and is widely considered the successor to the older SHA-1 hash function. Its design is based on the Merkle–Damgård construction and it operates on 512-bit message blocks through a series of 64 compression function rounds.
● Overview
SHA-256 was developed during a period of increasing cryptanalytic attacks against its predecessor, SHA-1, and was introduced alongside other variants like SHA-512 within the SHA-2 standard. The creation of this function was a direct response to vulnerabilities identified by researchers at events like the CRYPTO (conference) and published in forums such as the Journal of Cryptology. Its adoption was accelerated by its inclusion in important security protocols including Transport Layer Security and the Internet Engineering Task Force standards for IPsec. The algorithm's integrity and collision resistance quickly made it a cornerstone for verifying data in systems ranging from the Git (software) version control system to the Bitcoin network, where it secures the blockchain through proof-of-work.
● Algorithm description
The processing of a message begins with padding to ensure its length is a multiple of 512 bits, appending a representation of the original length as defined in the Merkle–Damgård construction. The padded message is then parsed into sequential 512-bit blocks. For each block, the algorithm uses a compression function that updates an eight-word state (initialized to specific constants derived from the fractional parts of the square roots of the first eight prime numbers) through 64 rounds. Each round employs bitwise operations such as AND, XOR, and rotates, and incorporates a 64-entry constant array derived from the fractional parts of the cube roots of the first 64 prime numbers. The final hash value is the state after all message blocks have been processed.
● Security and cryptanalysis
As of current public knowledge, no practical collision or preimage attacks have been demonstrated against the full SHA-256 algorithm, a fact regularly affirmed by researchers at institutions like the Massachusetts Institute of Technology and in publications from the International Association for Cryptologic Research. The best-known theoretical attacks, such as those discussed in papers from Eurocrypt, reduce the security margin but remain computationally infeasible, requiring effort far beyond the capabilities of existing technology like the Frontier (supercomputer). Its security strength is formally estimated at 128 bits against collision attacks, making it resistant to threats from both classical computing and theoretical future quantum computers running Grover's algorithm. This robustness has led to its certification for use in sensitive U.S. government applications by the National Security Agency under the Suite B cryptography guidelines.
● Applications
SHA-256 is ubiquitously deployed across the global digital infrastructure. It forms the backbone of certificate validation in the X.509 public key infrastructure used by Transport Layer Security to secure web traffic for entities like Google and Mozilla Foundation. Within the financial technology sector, it is the primary hash function for the Bitcoin protocol, used in mining and for creating transaction identifiers on the blockchain. It is also integral to the Git (software) system created by Linus Torvalds for ensuring data integrity in version control. Furthermore, it is specified in standards for document signing like PDF/Adobe and for verifying software updates in operating systems such as Microsoft Windows and macOS.
● Comparison with other hash functions
Compared to the older SHA-1, which was officially deprecated by the National Institute of Standards and Technology following the public SHAttered attack, SHA-256 offers a significantly larger internal state and a more complex compression function. It differs from its sibling SHA-512 primarily in its word size (32-bit vs. 64-bit) and the resulting output length, making it more efficient on common 32-bit and 64-bit architectures like those from Intel and Advanced Micro Devices. While newer functions like SHA-3 (selected through the NIST hash function competition) offer a different sponge construction design, SHA-256 remains more widely implemented in current systems and protocols such as Transport Layer Security due to its earlier standardization and extensive real-world validation.
● Implementations
Optimized implementations of SHA-256 are available in nearly all major cryptographic libraries and programming languages. Core performance-optimized versions are found in libraries like OpenSSL, used extensively in projects such as the Apache HTTP Server, and in the GNU Compiler Collection's intrinsic functions. Many modern central processing units, including those from Intel (via the SHA extension instruction set) and ARM, provide dedicated hardware instructions to accelerate computation. The algorithm is also implemented in hardware security modules from manufacturers like Thales Group and is a fundamental component of secure boot processes in devices ranging from Android (operating system) phones to PlayStation 4 consoles.
Category:Cryptographic hash functions Category:Computer security Category:Computer networking