ChainTutorial
Hash Functions

Common algorithms

Beginner LevelBy Pratima Sharma

1. SHA-256

SHA-256 (Secure Hash Algorithm – 256 bits) is part of the SHA-2 family, designed by the U.S. National Security Agency (NSA). It produces a fixed-size 256-bit output (32 bytes) regardless of the input size, making it a deterministic hash function. The algorithm follows a Merkle–Damgård construction, which means it processes messages in fixed-size blocks (512 bits) and applies a compression function repeatedly.

SHA-256 is best known for its role in Bitcoin, where it secures transactions and underpins the Proof-of-Work mining algorithm. Miners must repeatedly compute SHA-256 hashes with different nonce values until they find one that meets the required difficulty. Beyond blockchain, SHA-256 is also widely used in digital signatures, TLS/SSL certificates, and integrity verification of data.

Working Principle

  1. Message Preprocessing
    • Padding: Input message is padded so that its length is a multiple of 512 bits.
    • Appending message length (64 bits).
  2. Initialize Hash Values
    • Eight 32-bit constants (from fractional parts of square roots of primes).
  3. Processing in Blocks
    • Message is divided into 512-bit chunks.
    • Each chunk is processed with 64 rounds of operations involving:
      • Bitwise logical functions (AND, OR, XOR).
      • Modular additions.
      • Constants derived from cube roots of primes.
  4. Final Hash
    • After all blocks are processed, the concatenated result gives a 256-bit digest.

Example

Example Input:

"abc"

Step 1: Convert input to binary

  • ASCII of "abc" → 01100001 01100010 01100011
  • Binary length = 24 bits.

Step 2: Padding

  • SHA-256 requires input length ≡ 448 mod 512.
  • Append 1 bit + enough 0 bits + final 64-bit message length.

Result (512 bits total):

01100001 01100010 01100011 1000...000 (with padding) ... 00000000000011000
(11000 = decimal 24, the original message length).

Step 3: Initialize Constants

  • SHA-256 uses 8 initial hash values (H0–H7).
  • H0 = 6a09e667
  • H1 = bb67ae85
  • ...
  • H7 = 5be0cd19

Step 4: Process Message in 64 Rounds

  • Divide 512-bit block into 16 words of 32 bits.
  • Expand to 64 words using bitwise rotations.
  • For each round:
    • Ch = (E AND F) XOR ((NOT E) AND G)
    • Maj = (A AND B) XOR (A AND C) XOR (B AND C)
    • Σ0 = ROTR^2(A) XOR ROTR^13(A) XOR ROTR^22(A)
    • Σ1 = ROTR^6(E) XOR ROTR^11(E) XOR ROTR^25(E)
    • Update working variables A–H.

Step 5: Final Digest

  • After 64 rounds, update hash values H0–H7.
  • Concatenate → 256-bit hash.
ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad

2. Keccak-256

Keccak-256, on the other hand, is the hash function at the heart of Ethereum. It is a variant of SHA-3, designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche, which won the NIST SHA-3 competition in 2012.

Unlike SHA-256, Keccak-256 uses a sponge construction rather than the Merkle–Damgård structure. In the sponge model, the algorithm maintains a large internal state of 1600 bits, divided into 5 × 5 lanes of 64 bits each. The input message is absorbed into the state by XORing it block by block, and each absorption step is followed by a permutation function. Once the entire input has been processed, the algorithm enters the squeezing phase, where bits are extracted from the state to form the output hash.

In Ethereum, Keccak-256 plays multiple roles. It is used to generate account addresses (the last 20 bytes of the Keccak-256 hash of a public key), to calculate transaction and block hashes, and to ensure the integrity of smart contract operations. Before Ethereum transitioned to Proof-of-Stake, it was also part of the mining algorithm.

Working Principle (Sponge Construction)

  1. Absorbing Phase
    • Message is split into blocks and XORed into the "state."
    • Each block is processed through a permutation function.
  2. Squeezing Phase
    • After absorbing, the algorithm squeezes out the final hash by reading parts of the state.
    • Can output arbitrary-length digests (but 256 bits are common).
  3. Permutation Function
    • Involves bitwise XOR, AND, rotation, and permutation operations.
    • State size = 1600 bits, divided into lanes of 64 bits each.

Example Input:

"abc"

Step 1: Pad Message

  • Keccak uses multi-rate padding (pad10*1).
  • Append 01 followed by 1 at the end.
  • Ensures message fits into 1088-bit blocks (for Keccak-256).

Step 2: Absorb Phase

  • State size = 1600 bits (5 × 5 × 64 array).
  • XOR message blocks into the state.
  • Apply permutation function f (24 rounds).

Step 3: Permutation (θ, ρ, π, χ, ι steps)

  1. θ (theta) – XOR each bit with parity of column.
  2. ρ (rho) – Bitwise rotations.
  3. π (pi) – Permutation (reshuffling lanes).
  4. χ (chi) – Non-linear substitution.
  5. ι (iota) – XOR with round constant.

Step 4: Squeeze Phase

  • Read first 256 bits of state → digest.
4e03657aea45a94fc7d47ba826c8d667c0d1e6e33a64a036ec44f58fa12d6c45

4. Comparison: SHA-256 vs Keccak-256

Feature          SHA-256                         Keccak-256 (SHA-3 variant)
Structure        Merkle–Damgård construction     Sponge construction
State size       512 bits per block              1600 bits
Output size      256 bits                        256 bits
Used in          Bitcoin, TLS, SSL, digital certs Ethereum, SHA-3 standard
Collision attacks No known practical attacks     No known practical attacks
Design origin    NSA (2001)                      Independent cryptographers (2012)

Example: How Bitcoin uses SHA-256

Bitcoin, the first decentralized cryptocurrency, relies heavily on the SHA-256 cryptographic hash function for its security, integrity, and consensus mechanism. SHA-256 is not just used in one place—it plays multiple roles in ensuring that Bitcoin transactions are secure, blocks are tamper-proof, and mining is fair.

Let’s explore in detail how Bitcoin uses SHA-256 in its system.

1. Hashing Transactions

Every Bitcoin transaction—whether it’s sending or receiving coins—is represented digitally as a structured dataset. To uniquely identify each transaction and secure it against tampering, Bitcoin applies the SHA-256 hash function.

  • A raw transaction includes details like inputs (where the coins came from), outputs (where the coins are going), amounts, and digital signatures.
  • This transaction is then serialized (converted into a standard format) and hashed using SHA-256.
  • The result is a transaction hash (txid), a unique 64-character hexadecimal identifier that acts like a fingerprint of the transaction.

If even one bit in the transaction changes, the hash will completely change due to the avalanche effect of SHA-256. This ensures transaction immutability.

Example:

Transaction Data → SHA-256 → Transaction Hash (txid)

2. Merkle Tree Construction

A Bitcoin block may contain thousands of transactions. To efficiently store and verify these transactions, Bitcoin uses a Merkle tree, which is built using SHA-256 hashes.

  • Each transaction hash forms a leaf node of the tree.
  • Pairs of transaction hashes are concatenated and then double-hashed with SHA-256.
  • The process continues upward until a single hash remains: the Merkle root.

The Merkle root summarizes all transactions in the block in a single 256-bit value. If even one transaction changes, the Merkle root changes, making tampering detectable.

This allows lightweight Bitcoin clients to verify transactions without downloading the entire blockchain—a feature known as Simplified Payment Verification (SPV).

3. Block Hashing and Mining (Proof of Work)

The most famous use of SHA-256 in Bitcoin is in its Proof-of-Work (PoW) mining algorithm.

Step 1: Constructing the Block Header

  • Version number
  • Previous block’s hash
  • Merkle root (hash of all transactions)
  • Timestamp
  • Difficulty target
  • Nonce (a 32-bit arbitrary number miners can change)

Step 2: Double SHA-256 Hashing

Block Header → SHA-256 → SHA-256 → Block Hash

The double hashing provides an extra layer of protection against certain cryptographic attacks (like length-extension attacks).

Step 3: Proof of Work

For the block to be valid, its hash must be less than or equal to the target difficulty.

  • Target: 0000ffffffffffffffff...
  • Miner keeps hashing block headers with different nonces until output starts with at least 4 zeros.

This is what secures Bitcoin’s consensus: finding a valid nonce proves that real computational work was done.

4. Bitcoin Addresses and Keys

SHA-256 also plays a role in Bitcoin’s address generation process, combined with RIPEMD-160 (another hash function).

  1. Start with a public key derived from the private key.
  2. Apply SHA-256 to the public key.
  3. Apply RIPEMD-160 to the SHA-256 hash (producing a shorter 160-bit hash).
  4. Add version byte + checksum (again using double SHA-256).
  5. Encode in Base58Check → Bitcoin address.

5. Why SHA-256 Works Well for Bitcoin

  • Collision resistance: Impossible to find two different inputs with the same hash.
  • Pre-image resistance: Impossible to reverse a hash to find the original input.
  • Avalanche effect: A small change in input produces a drastically different hash.
  • Determinism: The same input always produces the same output.

These features ensure that:

  • Transactions and blocks cannot be altered undetectably.
  • Mining remains fair and unpredictable.
  • Addresses and keys remain secure against forgery.

Summary

  1. To create unique transaction identifiers.
  2. To build Merkle trees summarizing block transactions.
  3. To secure blocks via Proof-of-Work mining (double SHA-256).
  4. To generate Bitcoin addresses in combination with RIPEMD-160.

This heavy reliance on SHA-256 makes the algorithm the cryptographic foundation of Bitcoin, ensuring its decentralization, immutability, and security.

Previous: Role of hashing in blockchain
Next: What is cryptography?

Continue Learning

Explore more topics in Cryptography in Blockchain or browse other tutorials.

Back to Cryptography in BlockchainBrowse All Tutorials