SHA-1 Compression
Message schedule + 80 rounds (professor format)
Mission tie-in: SHA-1 Padding covered padding. This lesson matches your professor's SHA-1 doc: W expansion and the A–E round update.
512-bit block
→
W₀…W₁₅ (16 words)
→
Expand to W₀…W₇₉
→
80 rounds
→
160-bit hash
1. Initialize five registers
Before any round: fixed 32-bit constants for A, B, C, D, E (H₀…H₄). These update each round, then add back to initial values at the end.
2. Split block into 16 words
512 bits ÷ 32 = 16 words (W₀ through W₁₅), each 32 bits.
3. Expand to 80 words (professor's W₁₆ rule)
For t ≥ 16:
Wₜ = ROTL¹( Wₜ₋₃ ⊕ Wₜ₋₈ ⊕ Wₜ₋₁₄ ⊕ Wₜ₋₁₆ )
For t = 16, indices are W13, W8, W2, W0 — computed below (not W₄).
4. Compression rounds (×80)
One word Wₜ per round. Each round:
- Compute Temp from logical function + shifts + Wₜ + constant
- Shift registers: E←D, D←C, C←ROTL³⁰(B), B←A, A←Temp
| Register | After round |
|---|
| E | old D |
| D | old C |
| C | ROTL³⁰(old B) |
| B | old A |
| A | Temp (new) |
5. Final hash
After round 79: add each register to its original initial value. Concatenate A‖B‖C‖D‖E → 160-bit digest.
Multiple 512-bit blocks: repeat for each block; output of block N becomes input state for block N+1.
Retrieval practice
How many 32-bit words come from one padded block?
Path complete — return to
Study Plan for exam simulation.
Stuck? Ask: "Compute W₁₇ from given W₀…W₁₆" or match your professor's doc layout.