SHA-256¶

Overview¶

SHA-256 (Secure Hash Algorithm 256-bit) is one of the most commonly used hash algorithms in the SHA-2 family. It was designed by the U.S. National Security Agency (NSA) and published in 2001 by the National Institute of Standards and Technology (NIST) as Federal Information Processing Standard (FIPS 180-2).

SHA-256 accepts input of arbitrary length and produces a fixed 256-bit (32-byte) hash value, typically represented as 64 hexadecimal characters.

Core Properties¶

One-way property: It is computationally infeasible to reverse-engineer the original input from a hash value; the only approach is brute-force enumeration.

Avalanche effect: A tiny change in the input (even a single bit) produces a completely different output.

Collision resistance: It is computationally impossible to find two different inputs that produce the same hash value. The collision probability of SHA-256 is approximately 2^(-256), making it practically impossible.

Determinism: The same input always produces the same output.

Applications in Bitcoin¶

Proof of Work (PoW) Core: Bitcoin mining is essentially a search for SHA-256 hash values that satisfy specific conditions.

Mining Process: 1. A miner constructs a block header (containing the previous block hash, transaction Merkle root, timestamp, nonce, etc.) 2. A double SHA-256 hash is applied to the block header: SHA-256(SHA-256(block_header)) 3. The miner checks whether the hash value is less than the current difficulty target (i.e., the number of leading zeros) 4. If the condition is not met, the nonce is incremented and the process is repeated

Difficulty Target: Requires the hash value to have n leading zeros, for example: - 0000000000000000000a1b2c... (approximately 19 leading zeros) - The higher the difficulty, the more leading zeros required

Difficulty Adjustment: Bitcoin adjusts the difficulty every 2,016 blocks (approximately 2 weeks) to maintain an average block time of around 10 minutes.

Block Linking: Each block contains the SHA-256 hash of the previous block, forming a tamper-proof chain structure.

Other Use Cases¶

Digital Signatures: Messages are hashed with SHA-256 before signing, reducing input length.

Data Integrity: Verifying whether a file download is complete by comparing hash values.

Password Storage: Storing the SHA-256 hash of a password rather than the plaintext (in practice, salted specialized algorithms like bcrypt are typically used).

Merkle Trees: Building transaction Merkle trees for efficient verification of transaction existence.

Address Generation: SHA-256 (combined with RIPEMD-160) is used in the Bitcoin address generation process.

Security¶

Brute-Force Difficulty: SHA-256 has 2^256 possible outputs. Even at 10^18 attempts per second (global computing power), it would take billions of years on average to find a collision.

Quantum Resistance: Grover's algorithm can reduce search complexity from O(2^n) to O(2^(n/2)), reducing SHA-256's security from 2^256 to 2^128, but this is still considered secure.

No Known Weaknesses: As of 2025, SHA-256 has no practically feasible attack methods and is considered secure.

SHA Family Comparison¶

Algorithm	Output Length	Security	Application
SHA-1	160 bits	Broken	Being phased out
SHA-256	256 bits	Secure	Bitcoin, TLS
SHA-512	512 bits	Secure	High-security scenarios
SHA-3	Variable	Secure	New standard

SHA-1 Deprecated: In 2017, Google demonstrated a SHA-1 collision attack; it is no longer recommended for use.

Performance Considerations¶

Computational Efficiency: SHA-256 has moderate speed in software implementations. Modern CPUs have dedicated instruction sets (such as Intel SHA Extensions) to accelerate computation.

ASIC Mining: Bitcoin mining is now dominated by ASICs (Application-Specific Integrated Circuits), with a single device capable of 100+ TH/s (10^14 hashes per second).

Energy Consumption: The entire Bitcoin network consumes approximately 150 TWh of electricity per year (equivalent to a medium-sized country), primarily for SHA-256 computation.