Bitcoin: What is SHA-256 used for?

All bitcoiners have heard of the SHA-256 algorithm. But what exactly is it for?

SHA-256 (Secure Hash Algorithm)

SHA-256 is an invention of the National Security Agency (NSA) published by the National Institute of Standards and Technology (NIST) in 2001.

In essence, SHA-256 is an algorithm that produces 256-bit hashes. For example :

b4f8dd11c7ad56c6e3ec33464ca087c61fe2d4a52a36b247eb62cf8686193788

Whatever you give as input to the function (a single letter or an entire bible), you will always get a 256-bit hash as output.

Furthermore, SHA-256 is a deterministic function. In other words, the same input data will always give the same output hash. But vary a single comma (in the bible example) and you’ll get a completely different hash.

Many technologies rely on SHA-256. This is the case of the Bitcoin protocol. It is for example used in the Proof of Work system.

For “find a block”, the miners take the header of the block in question and pass it through the SHA-256 function mill. Their goal is to frantically test different inputs by varying a number called nonce (“number used once”) until a valid hash is found.

What is a valid hash? Visit our article: Bitcoin Mining – How does it work?

SHA-256 is also used to produce the root of the Merkle tree which is used to compile all transactions in a block into a single hash that will go into the block header.

What is a block header? Visit our article: Bitcoin – What’s in a block?

Another lesser-known cryptographic algorithm is also at the heart of how Bitcoin works: secp256k1 Elliptic-curve cryptography (ECC). The latter is crucial since it is used to create the pairs of private/public keys essential to the operation of the transactions.

To produce a Bitcoin address, a private key (a randomly chosen 256-bit number) is multiplied using an elliptic curve to produce a public key. This is called asymmetric cryptography, more commonly known as public key cryptography or one-way cryptography.

These designations come from the fact that a public key can be calculated from a private key while the reverse is not possible. The private key cannot be calculated from the public key.

Unless you have immense computing power like quantum computers…

Can we overcome 2²⁵⁶ bits?

To break the elliptic curve cryptography used to generate the public keys requires a brute force attack. In other words, you have to try all the possibilities.

Each bit can be either a 1 or a 0. So there are 2²⁵⁶ possibilities, which gives us 1.1579 x 10^77 potential combinations in the decimal system (0,1,2,3,4,5,6 ,7,8,9).

It’s impossible. To put this number into perspective, it equals the estimated number of atoms in the universe. However, some fear that quantum computers could achieve this.

Clearly, it would be possible to find private keys (seed) corresponding to public keys. A quantum computer capable of handling Shor’s algorithm could find the private key of any Bitcoin address.

Our article on the seed: Can someone discover my seed?

Four years ago, physicists at Google claimed their quantum computer could outperform classical machines. Verification made, it was only a niche calculation without practical application.

Today, IBM physicists claim to have proof that quantum computers will soon surpass ordinary computers in useful tasks, such as calculating the properties of materials or the interactions of elementary particles.

In a proof of concept described in the journal Nature June 14, the researchers succeeded in simulating the behavior of a magnetic material on IBM’s Eagle quantum processor.

Instead of manipulating bits, quantum computing uses “quantum bits,” or qubits, which allows it to process data much more efficiently. Qubits can be zero, one, and most importantly, a combination of zero and one.

The researchers believe that at least a million qubits to break RSA public key cryptography which is based on the factorization of large prime numbers. However, the largest quantum computer available today (Osprey), announced in November by IBM, has only 433 qubits. So we have time to prepare the parade.

The question of quantum risk was raised at the BitcoinPrague 2023 conference. There were no experts on the subject, but some participants such as Bitcoin Core developer Peter Todd showed little concern.

Especially since post-quantum cryptographic algorithms are currently being developed by NIST. For general encryption, NIST chose the CRYSTALS-Kyber algorithm.

For signatures, NIST has selected three algorithms that could replace the Schnorr algorithm used by Bitcoin:

-CRYSTALS-Dilithium,
-FALCON,
-SPHINCS+.

The standardization of post-quantum cryptographic algorithms is underway and should happen within two years.

The interest of developing such algorithms for general security is crucial. Many systems depend on it. SHA-256, Schnorr and secp256k1 will be no exception.