## About SHA512/224 hash

SHA-512/224 is a variant of the SHA-2 family of cryptographic hash functions. It is derived from SHA-512 and produces a shorter hash output of 224 bits (28 bytes), providing a compromise between the security of SHA-512 and the shorter output length of SHA-224.

### Characteristics of SHA-512/224

**Fixed-Length Output**:- SHA-512/224 produces a fixed-length output of 224 bits (28 bytes), regardless of the input data's length.

**Input Padding**:- Similar to other SHA-2 variants, the input message for SHA-512/224 is padded so that its length is congruent to 896 modulo 1024. Padding involves appending a single '1' bit, followed by '0' bits until the message length is 128 bits short of a multiple of 1024. The length of the original message (before padding) is then appended as a 128-bit integer.

**Processing in Blocks**:- SHA-512/224 processes the input message in 1024-bit (128-byte) blocks, similar to SHA-512.

**Initialization Vector (IV)**:- SHA-512/224 uses the same initial state as SHA-512, which consists of eight 64-bit words:
- H0 = 0x8C3D37C819544DA2
- H1 = 0x73E1996689DCD4D6
- H2 = 0x1DFAB7AE32FF9C82
- H3 = 0x679DD514582F9FCF
- H4 = 0x0F6D2B697BD44DA8
- H5 = 0x77E36F7304C48942
- H6 = 0x3F9D85A86A1D36C8
- H7 = 0x1112E6AD91D692A1

- SHA-512/224 uses the same initial state as SHA-512, which consists of eight 64-bit words:
**Compression Function**:- The compression function of SHA-512/224 is the same as SHA-512, involving 80 rounds of processing for each 1024-bit block. Each round uses different logical functions, constants, and message schedule operations:
- Logical functions include bitwise operations (AND, OR, XOR, NOT), additions, and shifts/rotations.
- Constants are derived from the first 64 bits of the fractional parts of the cube roots of the first 80 prime numbers.

- The compression function of SHA-512/224 is the same as SHA-512, involving 80 rounds of processing for each 1024-bit block. Each round uses different logical functions, constants, and message schedule operations:

### Algorithm Steps

**Initialization**:- Initialize the state variables (H0 to H7) to the predefined values.

**Padding**:- Pad the input message according to the specified padding rules.

**Processing**:- Divide the padded message into 1024-bit blocks.
- For each block, perform the 80 iterations of the compression function, updating the state variables.

**Output**:- After processing all blocks, use the first four state variables (H0 to H3) to produce the final 224-bit hash value.

### Security and Usage

**Security**:**Collision Resistance**: SHA-512/224 inherits strong collision resistance from SHA-512, making it highly secure against collision attacks.**Preimage Resistance**: SHA-512/224 is resistant to preimage attacks, ensuring that it is computationally infeasible to find an input that hashes to a given output.**Second-Preimage Resistance**: SHA-512/224 also offers strong resistance to second-preimage attacks, ensuring that it is difficult to find a second input with the same hash as a given input.- The longer output length compared to SHA-224 provides additional security margin.

**Usage**:- SHA-512/224 is used in various security applications where a compromise between the security of SHA-512 and the shorter output length of SHA-224 is desired.
- It is particularly suitable for applications requiring high security assurance and where the shorter hash length is advantageous, such as in digital signatures, SSL/TLS certificates, and integrity verification.

### Summary

SHA-512/224 is a cryptographic hash function derived from SHA-512, producing a 224-bit hash value. It offers strong security properties, including resistance to collisions, preimage attacks, and second-preimage attacks. SHA-512/224 strikes a balance between security and efficiency, making it suitable for a variety of cryptographic applications where a shorter but still robust hash output is required. Its adoption in modern security protocols reflects its reliability and effectiveness in ensuring data integrity and authenticity.