2

I was reading about hash functions, namely SHA, and I read that it is made of the Merkle-Damgård construction. And then the text said that the compression function used is based on the Davis-Meyer compression function. The text also mentioned that SHA-256 is based on the block cipher SHACAL-2.

I got a little bit confused about the building block that constitutes SHA-256. Is SHACAL-2 a block cipher or a compression function or both? And what are the advantages of using SHACAL-2 instead of AES-128?

Gilles 'SO- stop being evil'
  • 20,442
  • 4
  • 54
  • 97
BlaX
  • 746
  • 8
  • 18

2 Answers2

6

SHACAL-2 is a block cipher. One way compression functions are typically using block ciphers as a building block, but add some simple operation that make the function one way. In the case of SHA-256, the compression function is SHACAL-2 in Davies-Meyer mode. SHA-256 in turn, consists of this compression function with Merkle-Damgård padding and chaining.

Regarding your last question, SHACAL-2 has a 256 bit block size. This means that it is practically impossible that you would get a state collision by pure chance, when using the cipher in any of the common modes of operations. AES has a 128 bit block size, so the risk of a state collision might in some cases be too high for comfort, when encrypting very large quantities of data using the same symmetric key.

Henrick Hellström
  • 10,556
  • 1
  • 32
  • 59
0

I looked more into it and saw that the state input is the data input of the block cipher and the data (that is being hashed) is the key input to the underlying block cipher (SHACAL). Thanks anyway.

Evgeni Vaknin
  • 1,155
  • 8
  • 20