How SHA-256 Works?

Introduction

SHA-256 is one of the most important cryptographic hash algorithms in the world. Not just because it's used by Bitcoin, but because it's fundamental to understanding how cryptographic security works. This guide will explain the internal operation of SHA-256, its security, collision resistance, and why it's an essential technical pillar of Bitcoin.

Important: This is an advanced level guide. We assume basic knowledge of cryptography, programming, and mathematics. If you're a beginner, we recommend first reading about hash and blockchain before advancing to this detailed technical content.

By the end of this guide, you'll understand how SHA-256 works internally, why it's secure, how it resists collisions, and why it's fundamental to Bitcoin's operation and mining.

What Is Hashing?

Basic Concept

Hash is a mathematical function that transforms data of any size into a fixed-size string.

Main characteristics:

• Deterministic: Same input always produces same output
• One-way: Impossible to reverse hash to get original input
• Fast to compute: Hash is computed quickly
• Avalanche effect: Small change in input causes drastic change in output
• Uniform: Distributes outputs uniformly in hash space

Simple analogy:

• Like a fingerprint for data
• Any input generates a unique "fingerprint" (ideally)
• Impossible to reconstruct original data from fingerprint
• Same data always produces same fingerprint

Practical Examples

Example 1: Hash of simple text:

Input: "Bitcoin"
SHA-256: 6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b

Example 2: Hash with small change:

Input: "Bitcoin"
SHA-256: 6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b

Input: "bitcoin" (lowercase letter)
SHA-256: b4056df6691f8dc72e56302ddad345d65fead3ead9299609a826e2344eb63aa4

Notice how a single change (uppercase to lowercase) produced a completely different hash!

Example 3: Hash of numbers:

Input: "1"
SHA-256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Input: "2"
SHA-256: d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA-256: Overview

What Is SHA-256?

SHA-256 means "Secure Hash Algorithm 256 bits":

• Part of SHA-2 family
• Produces 256-bit hash (32 bytes)
• Represented as hexadecimal string of 64 characters
• Developed by NSA and published by NIST

Technical specifications:

• Hash size: 256 bits (32 bytes)
• Block size: 512 bits (64 bytes)
• Internal key size: 256 bits
• Number of rounds: 64

Why Is SHA-256 Important for Bitcoin?

SHA-256 is fundamental to Bitcoin because:

1. Mining:

• Miners need to find hash that meets difficulty
• SHA-256 is used in Proof of Work
• Computationally expensive but quickly verifiable

2. Transaction Identifiers:

• Transactions are hashed to create TXID
• Ensures integrity and unique identification

3. Merkle Trees:

• Merkle trees use SHA-256
• Allows efficient transaction verification

4. Addresses (indirectly):

• SHA-256 is part of address creation
• Used in conjunction with other functions

5. Network Security:

• Bitcoin's security depends on SHA-256 security
• If SHA-256 were broken, Bitcoin would be at risk

Internal Operation of SHA-256

General Structure

SHA-256 works in stages:

1. Preprocessing:

• Padding of data
• Adds bit '1', zeros, and original size
• Ensures multiple of 512 bits

2. Division into Blocks:

• Data is divided into 512-bit blocks
• Each block is processed separately

3. Block Processing:

• Each block goes through 64 rounds
• Uses bitwise functions and constants
• Result is combined with internal hash

4. Final Hash Production:

• After processing all blocks, final hash is produced
• 256 bits of output in hexadecimal

Preprocessing (Padding)

Step 1: Data padding:

Padding rules:
1. Adds bit '1' at end of data
2. Adds zeros until size is multiple of 512 bits minus 64 bits
3. Adds 64 bits representing original size in bits

Simplified example:

If you have 447-bit message:

• Add bit '1': 448 bits
• Add zeros until 448 bits (already there)
• Add 64 bits of size: total 512 bits (1 block)

If you have 449-bit message:

• Add bit '1': 450 bits
• Add zeros until 960 bits
• Add 64 bits of size: total 1024 bits (2 blocks)

SHA-256 Constants

SHA-256 uses several constants:

1. Initial values (H0-H7):

• 8 values of 32 bits each
• Initial internal hash
• Standard values defined in algorithm

H0 = 0x6a09e667
H1 = 0xbb67ae85
H2 = 0x3c6ef372
H3 = 0xa54ff53a
H4 = 0x510e527f
H5 = 0x9b05688c
H6 = 0x1f83d9ab
H7 = 0x5be0cd19

2. Round constants (K):

• 64 constants of 32 bits
• One for each round
• Derived from cube roots of first 64 primes

3. Auxiliary functions:

• Ch, Maj, Σ0, Σ1 (sigma)
• Bitwise functions to mix bits

Processing Rounds

Each block goes through 64 rounds:

Structure of each round:

For each round i (0-63):
1. Calculate W[i] (expanded message)
2. Calculate auxiliary functions (Ch, Maj, Σ0, Σ1)
3. Update temporary variables (T1, T2)
4. Update internal hash (a, b, c, d, e, f, g, h)
5. Rotate values

Bitwise functions used:

Ch (Choose):

• Chooses bit from e or f based on g
• Ch(e, f, g) = (e AND f) XOR (NOT e AND g)

Maj (Majority):

• Returns majority bit among three values
• Maj(a, b, c) = (a AND b) XOR (a AND c) XOR (b AND c)

Σ0 and Σ1 (Sigma):

• Bit rotations and shifts
• Mix values non-linearly

Step-by-Step Hashing Example

Let's hash "Bitcoin" step by step:

Step 1: Convert to bits:

"Bitcoin" = 01000010 01101001 01110100 01100011 01101111 01101001 01101110

Step 2: Add padding:

• Original size: 56 bits (7 bytes × 8)
• Add bit '1': 57 bits
• Add zeros until 448 bits
• Add 64 bits with size (56): total 512 bits

Step 3: Process block:

• Initialize H0-H7 values
• Process 64 rounds
• Apply bitwise functions
• Update internal hash

Step 4: Final hash:

6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b

Cryptographic Properties

SHA-256 has several important properties:

1. Avalanche Effect:

• Change of 1 bit in input causes change in ~50% of output bits
• Makes hash unpredictable

2. Pre-Image Resistance:

• Given hash H, computationally infeasible to find input M such that SHA-256(M) = H
• Complexity: 2^256 operations (impossible in practice)

3. Second Pre-Image Resistance:

• Given input M1, infeasible to find M2 ≠ M1 such that SHA-256(M1) = SHA-256(M2)
• Complexity: 2^256 operations

4. Collision Resistance:

• Infeasible to find two inputs M1 ≠ M2 such that SHA-256(M1) = SHA-256(M2)
• Complexity: 2^128 operations (birthday attack)
• Still infeasible in practice

SHA-256 Security

Security Levels

SHA-256 offers different security levels:

1. Pre-Image (One-way):

• Security: 2^256 operations
• Meaning: Impossible to reverse hash to find original input
• Status: Secure, no known attack

2. Second Pre-Image:

• Security: 2^256 operations
• Meaning: Given a hash, impossible to find another input that produces same hash
• Status: Secure

3. Collisions:

• Security: 2^128 operations (birthday paradox)
• Meaning: Finding two different inputs with same hash
• Status: Secure, but less secure than pre-image

Why Is SHA-256 Secure?

Security factors:

1. Large Hash Space:

• 2^256 possible hashes
• Astronomical number of combinations
• Impossible to test all in practice

2. Computational Complexity:

• Attacking SHA-256 requires 2^128-2^256 operations
• Current computers would take billions of years
• Practically impossible with current technology

3. Non-Linearity:

• Bitwise functions create non-linearity
• Impossible to predict analytical behavior
• Requires brute force

4. Avalanche Effect:

• Small changes cause large changes
• Impossible to make "small adjustments" to hash
• Makes targeted attack impossible

Known Attacks

Theoretical attacks (not practical):

1. Birthday Attack:

• Theoretically reduces collision complexity to 2^128
• Still infeasible in practice
• Requires 2^128 attempts (huge number)

2. Brute Force:

• Test all possible inputs
• 2^256 possibilities
• Completely infeasible

3. Mathematical Analysis:

• Try to find patterns or vulnerabilities
• No serious vulnerabilities found to date
• Algorithm is well studied

Current status: SHA-256 has no known vulnerabilities that make it insecure in practice. It's considered secure for use in Bitcoin and other cryptographic applications.

Collision Resistance

What Are Collisions?

Collision is when two different inputs produce same hash:

SHA-256(input1) = hash_abc123
SHA-256(input2) = hash_abc123

Input1 ≠ Input2, but same hash!

Ideally: Each input should produce unique hash. In practice, collisions are mathematically inevitable (more possible inputs than possible hashes), but should be impossible to find.

Birthday Paradox

Birthday paradox explains why collisions are easier to find:

Classic problem:

• How many people need to be in a room for 50% chance of two having same birthday?
• Answer: 23 people (not 365!)

Applied to SHA-256:

• For 50% collision chance: would need ~2^128 hashes
• Hash space: 2^256 possible values
• Birthday attack reduces complexity from 2^256 to 2^128
• Still infeasible in practice!

Why Are Collisions Dangerous?

If collisions were easy to find:

1. Lack of Integrity:

• Could replace document with another with same hash
• Digital signatures would lose validity
• Integrity checks would fail

2. Attacks on Bitcoin:

• Could create malicious transaction with same hash as valid transaction
• Could mine fraudulent blocks
• Would break fundamental Bitcoin security

3. Digital Certificates:

• Could create fake certificate with same hash
• Would break authentication

Collision Security Level

SHA-256 has collision resistance of 2^128 operations:

For context:

• Current computer: ~10^12 operations per second
• To find collision: 2^128 / 10^12 = ~3 × 10^26 seconds
• = ~10^19 years (10 quintillion years!)
• More than age of universe (13.8 billion years)

Conclusion: SHA-256 is collision-resistant enough for practical use. There's no real risk of collisions being found with current or foreseeable technology.

SHA-256 in Bitcoin

Use in Mining

SHA-256 is used doubly in Bitcoin (double-SHA-256 or SHA-256d):

SHA-256d(x) = SHA-256(SHA-256(x))

Why double hash?:

• Adds additional security
• Mitigates hash extension attacks
• Pattern used since Bitcoin's beginning

How it works in mining:

1. Miner collects transactions in candidate block
2. Creates block header with nonce
3. Calculates SHA-256d(header)
4. Checks if hash meets difficulty (leading zeros)
5. If not, changes nonce and tries again
6. Repeats until finds valid hash

Simplified example:

Block header: [version] [previous hash] [Merkle root] [timestamp] [difficulty] [nonce]

Header hash: SHA-256d(header)

If hash starts with enough zeros (ex: 00000000...), block is valid!

Use in Transactions

SHA-256 is used to create TXID (Transaction ID):

How it works:

1. Transaction is serialized (converted to bytes)
2. Double hash is calculated: SHA-256d(transaction)
3. Result is unique TXID
4. TXID identifies transaction on network

Example:

Transaction: [inputs] [outputs] [locktime]

TXID = SHA-256d(serialized transaction)

TXID used as unique identifier on blockchain

Merkle Trees

SHA-256 is used in Merkle trees:

Structure:

• Leaves: hashes of individual transactions
• Internal nodes: hash of two children
• Root: final hash (Merkle root)

Simplified example:

Transactions: TX1, TX2, TX3, TX4

H1 = SHA-256(TX1)
H2 = SHA-256(TX2)
H3 = SHA-256(TX3)
H4 = SHA-256(TX4)

H12 = SHA-256(H1 + H2)
H34 = SHA-256(H3 + H4)

Merkle Root = SHA-256(H12 + H34)

Benefits:

• Efficient transaction verification
• Don't need to download entire blockchain
• Compact inclusion proof

Practical Examples

Example 1: Text Hash

Let's hash different texts:

Text: "Bitcoin"
SHA-256: 6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b

Text: "Bitcoin is secure"
SHA-256: a1b2c3d4e5f6... (completely different hash)

Observation: Any change in text produces completely different hash.

Example 2: Number Hash

Hash of consecutive numbers:

"0": 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
"1": 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
"2": d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
"3": 4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Notice that very close numbers produce completely different hashes!

Example 3: File Hash

Hash can identify unique files:

File: document.pdf (1 MB)
SHA-256: abc123def456... (64 hex characters)

File: document_modified.pdf (1 MB)
SHA-256: xyz789uvw012... (different hash)

Even if files have same size, any difference produces different hash.

Example 4: Integrity Verification

Practical use to verify integrity:

Original file:
SHA-256 = abc123def456...

Downloaded file:
SHA-256 = abc123def456... ✅ (same hash = file intact)

Corrupted file:
SHA-256 = xyz789uvw012... ❌ (different hash = file altered)

Comparison with Other Hash Functions

SHA-256 vs SHA-1

SHA-1 (160 bits, deprecated):

• Smaller hash size (160 vs 256 bits)
• Less secure (known vulnerabilities)
• Not recommended for modern use

SHA-256:

• Larger hash size
• More secure
• Current standard

SHA-256 vs SHA-3

SHA-3 (Keccak, different structure):

• Different internal structure (sponge construction)
• Not developed by NSA
• Complementary, not replacement
• Bitcoin uses SHA-256, not SHA-3

SHA-256 continues to be standard in Bitcoin.

SHA-256 vs MD5

MD5 (128 bits, insecure):

• Small hash (128 bits)
• Known vulnerabilities
• Easy to find collisions
• Not secure for cryptographic use

SHA-256:

• Much more secure
• Larger hash (256 bits)
• No known vulnerabilities

Practical Implementation

How to Calculate SHA-256

In Python:

import hashlib

# Hash of text
text = "Bitcoin"
hash_obj = hashlib.sha256(text.encode())
hash_hex = hash_obj.hexdigest()
print(hash_hex)
# Output: 6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b

# Hash of file
with open('file.txt', 'rb') as f:
    hash_obj = hashlib.sha256()
    for chunk in iter(lambda: f.read(4096), b''):
        hash_obj.update(chunk)
    hash_hex = hash_obj.hexdigest()

In command line (Linux/Mac):

echo -n "Bitcoin" | sha256sum
# Output: 6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b

sha256sum file.txt

In JavaScript (Node.js):

const crypto = require('crypto');

const text = 'Bitcoin';
const hash = crypto.createHash('sha256').update(text).digest('hex');
console.log(hash);
// Output: 6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b

Frequently Asked Questions

Can SHA-256 be broken?

Currently no. SHA-256 has no known vulnerabilities that make it insecure for practical use. Breaking SHA-256 requires 2^128-2^256 operations, which is computationally infeasible with current or foreseeable technology.

Why does Bitcoin use SHA-256 twice?

Bitcoin uses SHA-256d (double SHA-256) to add additional security and mitigate hash extension attacks. It's an extra security pattern since protocol's beginning.

Is SHA-256 secure enough for Bitcoin?

Yes. SHA-256 is considered secure enough for use in Bitcoin. Bitcoin's security depends on SHA-256 security, and there's no reason to believe SHA-256 will be broken in near future.

What's difference between SHA-256 and SHA-3?

SHA-256 and SHA-3 are different algorithms. SHA-3 uses different "sponge" structure. Bitcoin uses SHA-256, not SHA-3. SHA-3 is complementary, not replacement.

Can I create reversible hash?

No. SHA-256 is one-way function. Given hash, computationally impossible to find original input. This is fundamental property of cryptographic hash functions.

Does hash always have same size?

Yes. SHA-256 always produces 256-bit hash (32 bytes), regardless of input size. Can be 1 byte or 1 terabyte, output will always be 256 bits.

Conclusion

SHA-256 is a fundamental cryptographic hash algorithm for Bitcoin and many other applications. Understanding how it works, its security, and collision resistance is essential to understand Bitcoin's technical pillars.

The main points you need to understand are:

1. SHA-256 is one-way function - Impossible to reverse hash to find original input
2. Produces 256-bit hash - Always same size, regardless of input
3. Is secure - Resistance of 2^128-2^256 operations, infeasible in practice
4. Is collision-resistant - Finding two inputs with same hash requires 2^128 attempts
5. Is fundamental to Bitcoin - Used in mining, transactions, and Merkle trees
6. Has avalanche effect - Small changes cause drastic changes in hash

SHA-256 is one of the most important and secure cryptographic algorithms ever created. Its security is the basis for Bitcoin's security and many other cryptographic applications.

The internal operation of SHA-256, with its 64 rounds, bitwise functions, and mathematical constants, creates an extremely secure and reliable function. Collision resistance, even considering birthday paradox, is still sufficient for practical use for many years.

Bitcoin depends on SHA-256 security for its operation. Mining, transaction identification, Merkle trees, and overall network security depend on this algorithm. Understanding SHA-256 is understanding a fundamental pillar of Bitcoin technology.

If you want to work with Bitcoin, cryptographic security, or understand how mining works, understanding SHA-256 is essential. It's advanced technical knowledge that opens doors to understanding many other aspects of cryptography and Bitcoin.