1

If I have a set of $N$-byte input values to be hashed using SHA-256, then what are the mapping functions for each of the 256 bits of the output?

It seems to me that hashes are one-way partially because we don't know the input size, but if we did know the size to be $N$, then I expect to find a generalized mapping functions for each of the 256 output bits as functions of the $N$ input bits.

To be clear, I am not trying to find an input for a given output - I am happy for a mapping to still be a 1-way function. Say, for 1000 bits of input, each output bit may be a function of all 1000 bits, or perhaps fewer, or perhaps with extra variables (S-box etc): 

ox = f(i0, i1,...1N, s0, s1,...)
for the Xth output bit as a function of up to $N$ input bits and other variables.

In theory, should this be possible? If not, why not? If yes, what are some tips to learning all 256 mapping functions from the algorithm?

hamx0r
  • 111
  • 3

1 Answers1

1

No this is not possible.

Basically SHA-2 consists of many rounds where the input is confused using irreversible functions. Each time such an irreversible function is called another variable is introduced. Furthermore these functions are not operating on a single input/output bit (of course) - they are dependent on all the input bits due to the inherent transposition.

So the reverse function will consist of many many variables, that cannot be simplified to a function without one. Any SAT solver will happily break its teeth on it. And that's why you cannot just create a generalized mapping function.

For attacks usually a reduced number of rounds are used, trying to expand them to the full hash later. And if your input $N$ is small enough then you could simply use brute force or an attack using a rainbow table... but that's about it.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323