We introduce CDP (Cyclic Digit-sum Projection), a structural analysis framework for SHA-256 that reveals previously undocumented mathematical properties of the hash function's output distribution. The core observation is that the hex-digit sum W (H) of any SHA-256 output H, when iteratively re-hashed through f (w) = W (SHA256 (str (w) ) ), converges deterministically into exactly two closed cycles. This cyclic structure, combined with a multi-component fingerprint, yields a bijective mapping over constrained input spaces enabling O (1) preimage lookup. Beyond the lookup application, we prove four theorems about SHA-256's internal structure: (1) a complement nibble sum invariant (sum = 38 for all complement byte pairs), (2) convergence of a 20% universal M-rate constant, (3) a universal collapse rule at SHA-256 padding word boundaries, and (4) an ergodic Markov property of SHA-256's compression function under the CDP projection. The Markov chain has transition matrix P = [0. 1812, 0. 8188, 0. 1677, 0. 8323] with stationary distribution piB = 0. 1700, independently of round constants Ki, initial values H0, and input class. We further identify a mathematical connection between SHA-256's output structure and AES GF (2⁸) arithmetic via the LFSR xtime operation. Version 2 additions: Extended basin topology analysis reveals the true C1 basin of attraction spans 84 values (16. 8% of domain) against C2's 416 values (83. 2%), with maximum convergence depths of 8 and 16 respectively. A new structural finding: W (H0) = 502, where H0 denotes SHA-256's NIST initialization constants, is +22. 2 units above the equilibrium mean (479. 8), creating a measurable round-0 basin-membership deficit of 16. 9% — a detectable structural signature of SHA-256's initialization. The universal M-rate theorem, Markov ergodicity claim, and sequence asymmetry observation are also revised with corrected parameters. The C1-basin definition is clarified (25-value core chain vs. 14 direct 1-step attractors vs. 84-value full basin). The convergence bound is corrected to ≤16 iterations. CDP rainbow chain merge behavior is empirically quantified: 1. 81× improvement over random reduction, with 66. 7% unique chains at saturation. Version 3 correction: Section 6. 2 (Complement Symmetry) is corrected. Prior versions incorrectly reported hw₇ C1% = 0. 0% and hw₁ C1% = 28. 6%. Exhaustive recomputation over all 64 combinations yields the opposite ordering: hw₇ C1% = 21. 9% (elevated, +2. 4% above baseline) and hw₁ C1% = 14. 1% (suppressed, −5. 4% below baseline). The full Hamming weight gradient (hw₁ through hw₇) is provided. A structural mechanism is identified: the Hamming weight of input bytes shifts the SHA-256 output W-mean (hw₁: 469. 1, hw₇: 483. 1), and C1-affinity tracks proximity to the C1-basin-core centre at 479. 36. The complement asymmetry is confirmed but the direction was inverted in prior versions. All four theorems and all other quantitative claims from v2 remain intact. None of these properties appear in the existing cryptographic literature. CDP does not break SHA-256's preimage or collision resistance; it reveals structural properties of the output distribution under a novel projection. Netacoding | Cybersecurity, Assembly & Network Research
Erenay Ozkan (Tue,) studied this question.