Reddit Posts
Introducing Galleoncoin / GALE : PoW privacy coin with masternodes.
Comparing Supercomputer networks to Bitcoin - How to convert exaflop to exahash?
Comparing Supercomputer networks to BTC - How to convert exaflop to exahash?
Bitcoin computes this SHA-256 hash function 550,000,000,000,000,000,000x times EVERY second
Entropy: only 121 bits (vs 128) on Blockstream Jade using dice rolls?
Do you think that Quantum Computing poses a threat to BTC encryption, algorithm, and/or security?
Is it possible for the energy input to break the difficulty adjustment?
Are P2WSH addresses the most quantum-secure addresses?
Can anyone here explain how / why it is not possible to get AI involved in the bitcoin mining industry / process?
Decrypt the Shadows: Unearth a New Order of Decentralization [SERIOUS]
Bitcoin is such a large idea its hard to wrap my mind around it
Unexpected Record: Balance of 50k Bitcoins Found in Calculation - Seeking Advice
Potential Security Loophole for all cryptocurrency.
Funny story about WIRED magazine and how they threw away (and lost forever) 13.35 BTC in 2013
Funny story about WIRED magazine and how they threw away (and lost forever) 13.35 BTC in 2013
SHA3D (our algorithm) isn't prone to 51% attack.
Celebrating 12 Years of our Digital silver - Litecoin
ELI5: If Bitcoin Mining is really just guessing inputs to SHA256 until an output matching the difficulty comes up, how does a miner know what guesses to avoid (previous failed guesses) in order to mine most efficiently ?
Is The National Security Agency (NSA) Behind The Invention of Bitcoin?
This Engineer Is Creating a Bitcoin Game Changer
[1998] Hal Finney: A zero-knowledge proof of possession of a pre-image of a SHA-1 hash
[1998] Hal Finney: A zero-knowledge proof of possession of a pre-image of a SHA-1 hash
Bitcoin mining on the blockchain, what exactly does a miner do? What is an ASIC? How the mining difficulty is adjusted? What if two miners find the answers at the same time? This post aims for the complete beginners as it is explained in very simple terms.
A really well done & informative description of LTC by NDAX - A Canadian Exchange. Bravo!
Satoshi, NSA and the SHA CRYPTOGRAPHY Algorithms
Ken Shirriff showing how to mine bitcoin with pen and paper
ELIF - Why aren't ML and GNNs used to solve hashing in a Traveling Salesman Problem context?
One about UTXO's, new outputs, inputs and previous outputs.
One about UTXO's, new outputs, inputs and previous outputs.
Bitcoin can survive brute force attack it's infeasible or impossible?
One about HD-wallets, master keypair, child individual keys.
One about HD-wallets, master keypair, child individual keys.
One about master key pair, child individual keys, addresses and signatures.
One about master keypair, child individual keys, addresses and signatures.
One about HD-wallets, master keypair, child individual keys.
19 years ago today, Hal Finney officially released Reusable Proof of Work (RPoW)
What is a blockchain? - A noob explanation
Open Source Initative | Documenting Bitcoin in a new way
Writing a summary on HD wallets, first part done, correct so far ?
[ANN] AsicCoin (ASC) | SHA256 - The coin for ASIC Mining!
How to (instruction) quickly make wallet with right balance of safety and usability
[Serious] Is Bitcoin secure? A reaction to “BTC whales are waking up, were their wallets hacked?"
Countering all the major anti-crypto arguments in one post.
A quick explanation the CZ Interpol Red Notice Rumour
Can ChatGPT4 have the computational power to break the SHA-256 encryption? Or does that have nothing to do with it?
Quantum computing and crypto developments
SHA 256 is a cryptographic hash function that is used to secure and validate transactions on the Bitcoin network. This algorithm was originally developed by the National Security Agency (NSA) in the United States as part of a series of secure hash algorithms.
Who would've thought that the algorithm used by the world's most popular cryptocurrency was originally designed for space exploration? That's right, NASA's SHA-256 algorithm is the backbone of Bitcoin's security and immutability.
What do you guys think will happen to bitcoin if quantum computers break SHA256 and solve the discrete logarithm problem (ECDLP)?
SHA256 vs Scrypt: How Comparing Hash Rates is Misleading | NKMAG
Litecoin vs Ripple: Differences, and Everything You Need to Know
MoneyShow announces the Peercoin blockchain will be used as an important part of its new newswire service.
How do I generate master key from the root seed
Storing seed phrase on encrypted USB drives
Do this to verify your BTC holdings in Binance new Merkle Tree Proof of Reserves And Liabilities
Mentions
LN has nothing to do with what I said. What I was referring to is that Bitcoin's cryptography/encryption is based on SHA256/RIPEMD for hashing (block data, public keys to addresses) and ECDSA (for private to public key derivation). When (not if) quantum computing will break these algorithms, someone out there who owns the necessary tech will be able to "un-hash" the public addresses to the actual public keys of wallets with lost coins (keys), and then derive the private keys from those public keys. Of course, by that time hopefully the Bitcoin code will be upgraded to stronger encryption algorithms which should be "quantum-safe". This means that you and I will be able to move our coins to a new type of address and safer wallets. However, the wallets currently holding the 4M+ "lost coins" (including Satoshi's) cannot perform that upgrade since they probably don't own the private keys anymore, thus making them an easy prey at some point in the future. The discussion needs more details and what/ifs, but that's the main idea.
Someone will sell them (and the other millions of "lost" coins) once QC breaks SHA256 and ECDSA. Until then I highly doubt it.
Hash is an output. Input is the block header. It's "attacked" with SHA256 twice. SHA256(SHA256(Block_Header)) You can "attack" a letter "A" with it in some online examples in a browser. New BTC is a temporary subsidy. Fair coin release mechanism. Mining primarily isn't for mining coins.
>What sets the time between blocks, is it related to the halving of the currency supply? The actual time between blocks is set by the hash rate of the network. Faster hashing, less time between blocks. The expected time between blocks is about 10 minutes though, and this is an arbitrary number. Every 2016 blocks, roughly 2 weeks w/ 10min/block, the difficulty is adjusted to maintain this rate. This is unrelated to the halving of block rewards. >What is the limit of a block, and how is that determined? Do you mean size? If you go way back to the old days, blocks were very small. Now, theyre around 2mb. I'm unsure if a limit exists and whether that is a technical or arbitrary one. >Is the hash a combination of all the prime numbers that make up the transaction block, placed through an equation of some sort, and if so, what is that equation? is SHA 256 the set that determines transaction hashes? As far as I'm aware, when referring to hashing in bitcoin, the algorithm is always SHA-256. I dont know exactly how the algorithm works, but you can find tutorials on youtube and calculate hashes yourself if you'd like. >Another common analogy i've seen is 'solving sudoku puzzles that give you money', but that is too simplified to be backwards compatible with the truth it describes. What is the actual algorithm that verifies? I believe the question you're asking is basically how does Proof of Work actually function, but correct me if I'm wrong. In this analogy, a verifier only has to check that no number appears more than 1 time in a given row, column, or square, which is much easier than solving the sudoku. This is similar to mining, but not entirely correct, as you surmised. This is because the sudoku is a game of skill, and the operations a miner and verifier are doing are actually the same. Miners are randomly guessing and checking many potential blocks before finding one that exceeds the difficulty. This is computationally expensive because there is no known way to find a block other than through brute force guessing and checking (thus you broadcasting a block is *proving* you did *work* to find it). Verifying, on the other hand, is as simple as looking at the block being broadcast and hashing it a single time. If it's valid, you propogate that block to the network. Otherwise, you just ignore it.
Thank you for getting back to me! It frustrates me when people see complex data and don't attempt to digest it whatsoever, instead classifying it as simply 'obtuse', and blaming the person delivering the data. I'd love to further explore the material code and dynamics behind each of these different fundamentals. What sets the time between blocks, is it related to the halving of the currency supply? What is the limit of a block, and how is that determined? Is the hash a combination of all the prime numbers that make up the transaction block, placed through an equation of some sort, and if so, what is that equation? is SHA 256 the set that determines transaction hashes? my general impression of mining is utilizing electricity to send bits along specific code lines that calculates novel prime numbers from a combination of other prime numbers, but I fail to see how that is verified externally, except by the inherent dynamics of the specific equation that is used for the verification ( I forget its name). Another common analogy i've seen is 'solving sudoku puzzles that give you money', but that is too simplified to be backwards compatible with the truth it describes. What is the actual algorithm that verifies?
Moore's law says we should get there pretty quick. I will only invest in something with SHA384 AES256 aBFT.
No I don't like ETH. It was a stepping stone that brought the idea of smart contracts, that's it. I do not buy ETH or any L2 built on ETH. 1. Not a meme ✅ 2a. Ethereum uses Keccak-256, which is similar to SHA-256. ❌ 2b. Not aBFT ❌ 3. Not infinitely scalable, in fact it's maximum about 15 tps. ❌ 4. Block leader with mempools and MEV (Maximum extractable value). Basically, whales can snipe your trade if they pay extra. Very unfair. ❌ 5. Variable fees... If a new NFT or meme drops, and the network gets clogged up, gas fees go through the roof. It's not scalable and unpredictable fees. ❌ And just remember, any L2 is just a bandaid for the shitty L1. No matter what, the L1 will always be the bones. It's like putting a bunch of mods on a shitty car.
HTTPS (your bank account) uses the same encryption as bitcoin (SHA256) If bitcoin is vulnerable to quantum hacks, so is legacy finance. Every piece of data for every Amazon customer would be accessed simultaneously. Bitcoin would need to update its protocol. Legacy finance would need to work in tandem globally to update thousands of separate legacy finance protocols, a monstrous task compared to bitcoin
Oh, if I didn't want to answer you, I'd just ignore you. Far in the future b/c someone has to troll the blockchain to find inactive addresses, then has to figure out how to crack their keys so they can provide credentials to move the coins at the inactive address to another place. So I figure it'll take a while, if only because of the difficulty of cracking the key. Nothing prevents someone from finding it, the hard part is cracking the key so that you can move it. If you can't move it, you can engage in a transaction, so you can't buy anything. You'd have a lot of work to get the right key. Here's Gemini. "The Bitcoin blockchain primarily uses elliptic curve cryptography (ECC), specifically the "secp256k1" curve, to generate public and private key pairs, while relying on the SHA-256 (Secure Hash Algorithm 256-bit) hashing algorithm to encrypt data within blocks, ensuring data integrity and validating transactions on the network." A 256 bit key will take a hell of a lot of work to crack. That means there's 2^256 combinations of possible keys. Which... is a lot. So it would take a while to figure it out if you don't already have it. Yes you can theoretically just guess the key, but you have a 1/(2^256) chance of that, which is very, very small.
Not OP but I can answer. 1. Yes those transactions in the red chain are gone and never happened as far as the other nodes are concerned. 2. Yes the entire block content is published in clear text. The other nodes can then very quickly verify that your block is actually valid. They just run the SHA function with the block content you published and check that their hash matches yours. Otherwise you could just make up a „valid“ hash. It is also necessary for the block content to be public clear text because otherwise your bitcoin wouldn‘t even exist. They only exist in the transaction content in a block. When you install a wallet, the only thing it does to display your balance is to look at all the blocks and add or subract the content of every transaction it can find for that address.
More so inputing random numbers to get an output that is between 1 and a target number. That target number is represented by difficulty. Essential if the target is 10 and the range of possible values is 100, the miner is inputing random nonces into SHA256 to get a result below 10. In this scenario, you would expect one in every ten guesses to get an output below the target. In real values, one bitcoin mining machine makes trillions of guesses a second and the amount of possible outcomes is immensely larger than 100, about 10^22. Thus, you have to use a lot of computing power to hit a block below the target.
Thank you for the great read! Can I ask you some follow up questions? In the last scenario pictured where red chain dies, does that mean anyone who submitted transactions would have to resubmit them? Or would both chains include all transactions since the both red and blue blocks began being worked on? I assume to verify the hash for any block is correct you would need the clear text before it undergoes the SHA256 function? If so, is that what gets submitted to the network? Or is it just the nonce it used?
> encryption Cryptography, not encryption. Nothing is encrypted on bitcoin. There are cryptographic functions though (SHA256 and ECDSA namely, of which the latter is not quantum resistant, so there's some probability that it'll need to be fixed at some point in the future).
It isn't true. It is called Willow and theoretically you could break some cryptographic algorithms with it, like ECDSA that's used for Bitcoin signatures used in transactions. The reality is that we aren't there yet, and if we get there, it isn't impossible to deploy quantum safe cryptography. SHA-256, the hashing algorithm used for some address formats and mining, is quantum safe.
A transaction block created by a miner is represented as a data structure containing a set of characters. In order to mine a block, a miner has to find a SHA-256 hash for the block with a certain number of leading zeros. SHA-256 is a hash function that calculates a 256 bit long hash value for a set of characters an input. The outcome of SHA cannot be predicted other than running it for the input. The miner starts by calculating the SHA-256 value for the block characters. If the value has the required number of leading zeros, the miner is done and has found a fitting hash. If not, the miner appends some characters to the input, again calculates SHA-256 for the combined input, checks if this has the correct number of leading zeros, and so on. These additional characters are called the nonce and it is this nonce that the miner has to guess, or find.
It's been years since I last mined a coin, but if you wanna start mining, the first thing you'll need is the hardware to mine the coins, bitcoin uses the SHA-256 algorithm, specifically an ASIC miner, and as of now the most profitable BTC ASIC is the **Bitmain Antminer S21E XP Hyd 3U,** which just came out last month. That specific miner would give you somewhere around 860.00 Th/s @ 11180W, which is an insane amount of electricity, but as of now it'll give you around $48/day (not factoring the mining pool fees, electricity, and assuming Bitcoin's price stays at 95k, and the difficulty not moving). And for the price, their website says that it'll cost you well over 10k per unit, and it wont be shipped until Q1 of next year. In conclusion, the cost of entry to mine bitcoin is VERY expensive, you're better off just DCA-ing into bitcoin.
Miners aren't doing anything useful per se for 99.9% of the time when they mine new blocks. They just try to find a hash that has many zeroes, by doing lots of very boring SHA-256 calculations with minor modifications of the block they want to find. You can do that even with no transactions in the block. If people don't want to transact, it's OK to just not create any blocks. But it is much more reasonable that someone owning some bitcoin will just continue mining, because the algorithm that decides how many zeroes the hash must have (i.e. how difficult it has to be to find one) adapts to the total hash power that's looking for the block (it looks how fast the last few blocks were found, and it adapts slowly and cannot adapt without new blocks being found). If people stop mining, it will be easier to find the next block for the remaining miners, until we are back to one block every 10 minutes on average. If you own 100 bitcoin, you'd be stupid not to continue the network with a few Satoshi of mining expenses. You might even create some fake transactions just to make it appear more used if you are winning all the blocks (and transaction fees) anyway.
Quantum computers breaking SHA256 would be the only legit catastrophic event but theres a lot of discussion regarding the viability of this. Also, if qubits can break bitcoin encryption, it also means they can break pretty much every other dogital system on earth so bigger things to worry about at that point. Satoshi's identity being revealed and confirmed that he is alive or Satoshi's coins moving would be a big short term negative catalyst as well. Other than that, I truly believe there's no stopping this thing.
Large farms of specialized hardware mining bitcoin was always Satoshi's end goal for bitcoin mining. "At first, most users would run network nodes, but as the network grows beyond a certain point, it would be left more and more to specialists with server farms of specialized hardware." ― Satoshi Nakamoto on 03 November 2008 Joe Shmoes were mining bitcoin just to get the network bootstrapped in its infancy. That was back when barely anybody used bitcoin. That was before the first GPU mining software was developed. That was before any company had designed specialized hardware to mine bitcoin (SHA256 hashing ASICs).
### **Quantum Computing** - **Risk**: Bitcoin’s cryptographic algorithms (SHA-256 and ECDSA) could become vulnerable to quantum attacks. A sufficiently advanced quantum computer could break wallet keys or forge transactions. - **Impact**: This would erode trust in Bitcoin’s security, triggering mass panic and devaluation. - **Likelihood**: Moderate in the long term (15–20 years), but perception of the threat could destabilize markets sooner. - **Mitigation**: Transition to quantum-resistant cryptographic standards, though implementation across the network would be slow and contentious.
I disagree. Satoshi didnt predict the rapid emergence of SHA-256 ASICs. He was aware of Moores law and that mining ops could be large and networked into pools. He never mentioned ASICs (hardware specifically designed for SHA-256 computations) or how they would make graphic card and normal PC processor mining completely absolute within years. If he had seen this coming, he could have done a system like many other cryptos have done that prevent ASICs and make regular graphic cards viable. Then anyone with a gaming computer could mine semi-competitively. You can turn on a regular computer to mine bitcoin but it doesnt make sense, would be better to mine another coin, due to ASICs.
I would guess one of the two: - SHA256 being broken, but that's major mess for the whole Internet since nearly every confidential transmission relies on it - it turns out that Satoshi is North Korea or some Somalian pirate entity, lol
> It is still theoretical and likely decades away. I don't know about that. Anyway, my point was to discern between SHA256 and ECDSA in that regard. SHA256 is not the concern here.
This doesn't have anything to do with SHA256 (which is considered quantum-safe), but with ECDSA (which is quantum un-safe). Old coins, like Satoshis, are sitting on unhashed public keys, without the protection of SHA256. Same for re-used addresses etc. Those can be extracted with a sufficiently powerful quantum computer.
You vastly underestimate the energy required to crack SHA256.
I'm going answer someone else'a assertions of surety about swapping in replacement hashing algorithms or encryption curves here: at what block height can you, for certain, determine that a nefarious act occurred or not? Wouldn't you work to evade detection if you found a network vulnerability? Bitcoin is a thing of wonder. Truly. But when it was invented nobody knew about even the concept of internet money. Now every script kid knows how a blockchain works. But even more, now any enterprising script kid can spin up a literal army of pHd's that will work singlemindedly towards solving a problem. SHA256 and secp256k1 might have been impossible to beat in 2012 and $2 a coin. But 2025 and $100k+ per coin? That's the moment when 'impossible' becomes 'really hard' and starts looking real profitable.
Alright folks let's use the questions ☝️ I listed out... Let's see if we learned anything about how to evaluate projects ... 1. Memes? No - for Kas, no - for TRAC. Both have use cases.✅ 2.a. Security - SHA 384? Neither are, no ❌. Throw it out 2.b. aBFT security? Neither are, no ❌. Throw it out. 3. Infinite? No. Kas 300-3000 TPS Max. TRACs only use case is transacting BTC, which itself is slow by design and a very limited use case. ❌ Throw it out. 4. Decentralized - TRAC is Bitcoin transactions, I would think fairly decentralized ✅. Kaspa leaderless ✅. 5. Fixed fees in USD: can companies precisely forecast their costs on either? The fees might be low, but they're not fixed. ❌ My vote? THROW IT OUT!
I’ve been on BTC since 2010. I’m not hodling because of poor life choices of my ex. However; SHA256 is being depreciated by 2030 by Australia they aren’t the only ones. BTC relies on SHA256. The reason it is being depreciated is because in the advent of quantum computing it is no longer secure. I welcome responses that prove me wrong
Welp. If you're indeed the creator of Syscoin that definitely adds a ton of credibility. I made a little money off SYS holding from 2015 to 2017 or so. Very pleasant, I just wish the team went through with the marketplace instead of hyping it forever with announcements. Either way, I will be watching. Not sure BTC price will matter if SHA is broken of course, but I'll definitely have some popcorn for everything else burning in the world. Cheers.
I did a little digging. Conspiracy nut. Seems like he "saw" some signs or something that cryptography as we know it will be broken soon, probably via quantum computers if I had to take a guess. What he fails to acknowledge or perhaps doesn't know (unless he's that guy that knows everything of course /s) is that bitcoin can have its algorithm modified to be quantum-resistant and/or proof in the event something breaks SHA-256. I acknowledge it'd a be clusterfuck, but it wouldn't drive bitcoin to 0. A swap of some kind would occur while price undoubtedly tumbled, but the new and improved bitcoin would prevail again eventually, and I'd even argue much more quickly since everyone for the last 10+ years won't want to miss that ship again.
Read past the headlines and listen to someone informed about BTC SHA-256 cryptography, the actual qubit count needed vs the chip that got made and the ability to upgrade to a quantum hardened public-private key system. If you are worried AND you self custody then pay attention and be ready to migrate to a new hardened key system in \~5 years.
In 10,000 years, Bitcoin likely won’t exist due to several factors. Advances in quantum computing could break SHA-256, making the network insecure. Energy-intensive proof-of-work mining may become unsustainable. New technologies and economic systems will likely replace Bitcoin’s design. Physical infrastructure, like nodes and miners, may decay without maintenance. If humanity expands to interstellar systems, Bitcoin’s global synchronization will fail due to communication delays. Cultural and societal shifts could render its fixed-supply model irrelevant, and governments or other systems may suppress or outcompete it. Lastly, humanity itself may evolve or cease to exist, making Bitcoin obsolete.
While there is fear from quantum computing, we are far far away from a powerful enough quantum computer cracking SHA-256. This drop is mostly following the overall stock market drop, because the federal reserve has updated their outlook on the world economy, and it’s a little more bleak than it was before.
Answered by Grok: The Bitcoin network's safety in comparison to the combined computational power of the top 500 supercomputers, including Google's Willow quantum chip, involves complex considerations around cryptography and computational capabilities: * Bitcoin's Security: Bitcoin's security relies on cryptographic algorithms like SHA-256 for mining and ECDSA for signatures. These are designed to be secure against classical computers but are theoretically vulnerable to quantum computers if they scale to millions of qubits with low error rates. * Google's Willow Chip: Google's Willow has 105 qubits. While this represents a significant advancement in quantum computing, it is far from the scale needed to compromise Bitcoin's encryption. Various analyses suggest that breaking Bitcoin's encryption would require around 13 million to 1.9 billion qubits to do so within a practical timeframe. Currently, Willow's capabilities are not sufficient to pose an immediate threat to Bitcoin's cryptography. * Comparison to Top 500 Supercomputers: Historically, Bitcoin's network hash rate has surpassed the combined performance of the top 500 supercomputers, but this comparison is somewhat misleading. Bitcoin mining uses integer operations, while supercomputer performance is often measured in floating-point operations (FLOPS). The hashing power of Bitcoin's network is vast, but it's not directly comparable to the versatility and computational diversity of supercomputers. * Quantum Computing Risks: While current quantum computers like Willow do not pose an immediate threat, the development trajectory of quantum computing is a concern for future security. The Bitcoin community is already exploring quantum-resistant encryption methods to safeguard against future quantum threats. In summary, as of the latest information, the Bitcoin network is considered safer than the combined power of the top 500 supercomputers, including Google's Willow chip, due to the scale and error correction currently achievable in quantum computing. However, this assessment assumes that quantum technology does not advance to a point where it can effectively break current cryptographic standards. The security of Bitcoin would mainly hold until quantum computing reaches a significantly higher level of sophistication, which, based on current technology, is still some time away.
It will. Thankfully, bitcoin can always fork to a new consensus algo, which may be necessary in the next decade. However, if quantum computers can crack SHA-256, you have a lot more to worry about then ur bitcoin holdings
This is the official NIST spec for SHA256: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf ...and there's a good explanation here: https://medium.com/bootdotdev/how-sha-2-works-step-by-step-sha-256-90ecd4f09e4d I've implemented it from scratch *in code* before (just as a learning exercise), but doing it entirely *by hand* seems like torture. It involves *thousands* of bitwise operations. *Mining* just involves running it twice against a block header. https://mempool.space/ has a useful option to get the block header of a previous block. e.g. to get the actual header of block 277316, go to the url: https://mempool.space/api/block/0000000000000001b6b9a13b095e96db41c4a928b97ef2d944a9b31b2cc7bdc4/header ...which gives (hex): 0200000069054f28 012b4474caa9e821 102655cc74037c41 5ad2bba702000000 000000002ecfc74c eb512c5055bcff7e 57735f7323c32f8b bb48f5e96307e526 8c001cc93a09be52 0ca3031988261c37 After hashing this with SHA256 *twice*, you should get (hex): c4bdc72c1bb3a944 d9f27eb928a9c441 db965e093ba1b9b6 0100000000000000 ...which can be confirmed here: https://emn178.github.io/online-tools/double_sha256.html ..and this is the correct hash (in reverse byte order because big/little endian is always a pain).
Theoretically, you can look up all of the math and algorithms involved. [The Bitcoin Wiki](https://en.bitcoin.it/wiki/) and [Learn Me a Bitcoin](https://learnmeabitcoin.com/technical/) are good resources, though they probably don't cover everything. Then you could try implementing it. From a human perspective, it's a *huge amount* to calculate, so it would take quite a while on paper, although the vast majority of the computation is calculating the SHA-256 hashes of candidate block headers. Also, you can realize that a SHA-256 calculation (just the hashing, not the other stuff needed to build the block header) that you do for one candidate block (i.e. without changing any data, including the nonce), a single Bitcoin miner that is profitable now does *hundreds of trillions of times per second*! And even then, it only really works if you have *really cheap* electricity, you participate in a pool, and probably have multiple miners. Otherwise, it could take months or years before you're lucky enough to get just one block.
It's mainly an academic exercise. You can't really mine. You can do one hash in a couple of days with [paper and pencil](http://www.righto.com/2014/09/mining-bitcoin-with-pencil-and-paper.html), flipping bits and such. See SHA256 spec. And do SHA256(SHA256(Block_Header)).
Start with calculating a single SHA256 result to learn why that is a terrible idea.
Because it isn’t cracking SHA-256, it’s cracking the mechanism the wallets use to authenticate. Please, once again, go and read what was shared, and don’t reply until you do. SHA-256 is not the target here.
The Bitcoin White Paper and its literal code would disagree. Yes, the block is a collection of transactions. The miners arrange the ones with highest fees into the block with limited size. No, that’s not what the miners are using energy for. They are competing to guess that random hash. Literally just ask chat gpt what miners are doing. I’ll do it for you here’s its answer: “*Bitcoin miners are trying to solve a cryptographic puzzle called the Proof of Work. Specifically, they are searching for a valid hash (a 64-character hexadecimal number) that meets the Bitcoin network’s current difficulty target. Here’s how it works: The Goal: Miners must find a hash value that is below the target value set by the network. This is done by hashing the block’s data along with a changing number, called the nonce, until the hash meets the target. What Miners Hash: 1. Block Header Data: • The hash of the previous block. • A Merkle root (a hash of all the transactions in the block). • The current timestamp. • The difficulty target. • The nonce (a number miners change to get different hashes). 2. SHA-256 Algorithm: • Bitcoin uses the SHA-256 hashing algorithm. Miners input the block header and the nonce into the SHA-256 algorithm repeatedly, producing different outputs (hashes). The Puzzle: • The resulting hash must have a certain number of leading zeros in its binary representation, determined by the difficulty target. • For example, if the target starts with 0000, only hashes that begin with these zeros are valid. Why This Is Hard: • SHA-256 is deterministic but unpredictable. The only way to find a valid hash is through trial and error. • Miners perform trillions of guesses per second, adjusting the nonce with each attempt, until one miner finds a valid hash. Reward for Solving: • The miner who successfully solves the puzzle and finds a valid hash earns the block reward (newly minted bitcoins) and the transaction fees from all transactions in the block. The difficulty of this puzzle adjusts approximately every 2 weeks (every 2016 blocks) to ensure blocks are mined roughly every 10 minutes, regardless of how much computational power is on the network.*”
No, given it’s not cracking SHA256 and you clearly didn’t read what they revealed last week.
> Then what will happen to the lost coins who will be stuck in old addresses that can easily be brute forced by quantum computer. Some coins (f.ex Satoshi's coins), which sit on a specific, obsolete address format, which is basically just the raw public key, unhashed. Those type of addresses (P2PK - Pay 2 Public Key) were in use until 2011 or so, then it became common practice to hash them with SHA256, which is supposedly quantum safe (or at least less attackable than ECDSA algorithm).
From my understanding, quantum computing is not relevant to mining (SHA256). It's more relevant to calculating private keys from public keys (cracking ECDSA algorithm).
Not now, years or decades. It is being worked on. Just search quantum in the r/bitcoin search bar. This subject has been widely discussed. "breaking SHA-256 encryption would require 317 million qubits for a one-hour attack or 13 million qubits for a single-day breach. " at the moment they have a 10 minute window to try destroy the blockchain
Didn't take the time to verify the SHA256...
You should read more about that... Even with the Google announcement it would have to be at least a 1000 x quantum computer compared to what Google has put out recently and Bitcoin is upgradable... There is no Moore's law for quantum computing... Understanding the encryption of a Bitcoin private key is phenomenal enough... Basically the ability to flip a coin 256 times in a row predicting whether it's heads or tails... SHA 256... And something about all the atoms in the universe comparison blah blah blah...lol
I don't feel comfortable arguing Andreas the Boss, but I believe he is wrong here. Generating the public key does NOT involve SHA256, it only involves ECDSA: https://learnmeabitcoin.com/technical/keys/public-key/ Perhaps Andreas confused it with libsec256k, which is involved in this operation? I'm very far from being any sort of expert here, so maybe I'm misunderstanding something myself.
You’re partially correct, but to clarify: even though Satoshi’s coins have never been moved and the public keys for those addresses are now known (since they were revealed when transactions were signed), they are still secure. To move those coins, an attacker would need to break both SHA-256 and ECDSA. Here’s why: The private key is not directly derived from the public key. The process involves two layers of hashing (double SHA-256) to create the Bitcoin address, and even if the public key is exposed, an attacker cannot reverse-engineer the private key because of the cryptographic strength of SHA-256. So, knowing just the public key isn’t enough—you need to break both the hash function (SHA-256) and the signature scheme (ECDSA) to compromise the coins. In short, Satoshi’s coins remain secure because breaking both SHA-256 and ECDSA is computationally infeasible with current technology, including quantum computers in their current state. You may be right i can only repeat what i just listend. Im not that deep into to judge on my own experience. Just wanted to share this with you :)
> He says you need to brake bothe sha256 and ECDSA to move funds that never been from an adresse that havent been reused or spent. That's right, but the problem is that Satoshi's coins (and other pre-2011 era coins) are not protected by SHA256, "only" by ECDSA. Same goes for coins that are sitting in the mempool but are unconfirmed and coins on modern Taproot addresses.
> sathois coins never got a transaction so they where never signed by a private key. Sorry, I'm not sure what you are trying to say? Satoshi's coins sit on exposed public keys (unprotected by SHA256), which makes them the prime target for any quantum computer attacker.
He's not admitting anything that is uncomfortable. It's always been known that if SHA256 can be cracked that "lost" coins could be recovered/stolen. This isn't new information, this has literally always been known. No one should look at this as some new revelation, and no one should be uncomfortable to admitting it. The work around would be to increase the security and then send coins to a new address with higher security, obviously "lost" coins would not be able to be sent.
Are you talking about SHA256? This is not the threat here.. ECDSA vulnerability is. Not saying it's urgent or even certain with 100% to get there, but it might be within the realm of possibilities, from what I understand.
SHA256 is not relevant here (unfortunately). The coins are theoretically vulnerable because the "old" way to send bitcoin was to send them directly to a public key, *without* the extra protection of SHA256. Satoshi's coins sit on those exposed public keys. I'm not making a statement if it's a realistic danger or not, just trying to address the technical side of things.
It’s not possible to crack Satoshi’s wallet. Any progression in computing power will be met with security. Literally why we have SHA-256.
tldr; Google's announcement of its new quantum computing chip "Willow" has sparked concerns about Bitcoin's security. Quantum computers, which use qubits for faster calculations, could theoretically threaten Bitcoin's cryptography. However, current quantum technology is far from capable of cracking Bitcoin's SHA-256 encryption. Bitcoin's design anticipates quantum threats, and developers have strategies to enhance its security if needed. Despite the hype, quantum computing remains in its infancy, and Bitcoin's cryptography is more secure than many traditional systems. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
Usually they say about "mathematical calculations", but this is only mentioned when people do not have any clue about what they're talking about. ELI5: >The string "Hello Bitcoin" has the following SHA256: `0d8e23812e57a72c4d93c75d08846ceceba8045178ef177ad14d408d4c9568f5` >What do miners do? >They do not know the string (new block), and they try to guess the SHA256 of that block. SHA256 generator: [https://tools.keycdn.com/sha256-online-generator](https://tools.keycdn.com/sha256-online-generator) I hope this is simple, and accurate, enough.
There is no problem in learning , Problem is Those things I mentioned can be easily learnt in simplify launguage and are widely available in books , ( that's how I learnt mainly) and internet, problem with crypto it's very hard to explain , not in books , and many things like POS / POW , SHA256 algorithm , etc are not properly explained anywhere infact if you ask someone who use bitcoin for trading most of time they don't even know much or unable to explain .. The course for crypto is expensive as hell , I have heard most of em being scam ..
I did in my above comment if you need **Decentralized -** Equal consensus power among all nodes. Transparent and equal governance among all (up to) 39 GC members. Governance separate from consensus. Entire codebase is open source and was donated to the Linux Foundation **Fair -** Leaderless fair ordering. All transactions travel at exponential speed into the network, whoever reaches the majority first gets ordered first. No centralized "block leaders" who order your transactions. No MEV. No sniping trades. No bullshit. You'll soon learn ANY chain (99.99%) with a block leader is inferior to this model. **Fixed fees/Infinite Scalability -** Any chain (99.99%) that have their fees as a percentage of their coin price are inherently designed not to scale. This acts as a throttle to slow the network. Hedera is fixed fees priced in USD. It's the only chain actually designed to scale infinitely. **Security -** Asynchronous Byzantine Fault Tolerance is the highest security possible for a decentralized system. Hedera is the ONLY chain to achieve this highest possible form of security, and add in that it's SHA384 quantum proof. **True finality -** Most chains only reach Probabilistic Finality, meaning that they only become "more sure over time" (99% sure) that your transaction went through and is validated. Hedera comes to full consensus and reaches True Finality in under 3 seconds, meaning the transaction is 100% finalized. **Carbon negative -** Because Hashgraph is so efficient it uses the least amount of energy of any chain, and therefore has the lowest carbon footprint of any chain. Hedera then purchases carbon credits to make the network Carbon Negative. Greenest chain. I could go on but there's a good start for ya.
**Decentralized -** Equal consensus power among all nodes. Transparent and equal governance among all (up to) 39 GC members. Governance separate from consensus. Entire codebase is open source and was donated to the Linux Foundation **Fair -** Leaderless fair ordering. All transactions travel at exponential speed into the network, whoever reaches the majority first gets ordered first. No centralized "block leaders" who order your transactions. No MEV. No sniping trades. No bullshit. You'll soon learn ANY chain (99.99%) with a block leader is inferior to this model. **Fixed fees/Infinite Scalability -** Any chain (99.99%) that have their fees as a percentage of their coin price are inherently designed not to scale. This acts as a throttle to slow the network. Hedera is fixed fees priced in USD. It's the only chain actually designed to scale infinitely. **Security -** Asynchronous Byzantine Fault Tolerance is the highest security possible for a decentralized system. Hedera is the ONLY chain to achieve this highest possible form of security, and add in that it's SHA384 quantum proof. **True finality -** Most chains only reach Probabilistic Finality, meaning that they only become "more sure over time" (99% sure) that your transaction went through and is validated. Hedera comes to full consensus and reaches True Finality in under 3 seconds, meaning the transaction is 100% finalized. **Carbon negative -** Because Hashgraph is so efficient it uses the least amount of energy of any chain, and therefore has the lowest carbon footprint of any chain. Hedera then purchases carbon credits to make the network Carbon Negative. Greenest chain. I could go on but there's a good start for ya.
Anyone here who studied for and passed the world's simplest cybersecurity certification (CompTIA Security+ Sy0-701) could tell you that SHA-256 is not in any danger of being broken by quantum computing in our lifetimes, and a soft fork could solve this problem. This is not a personal attack on yourself, I'm simply highlighting that spending about 100 hours studying for a certtification could reveal this knowledge. The real issue, that could become a problem in 5-10 years, is quantum computers being able to get the priivate keys for bitcoin wallets that have non-zero balances in them. People are already working on ways to fix that: https://github.com/cryptoquick/bips/blob/e186b52cff5344c789bc5996de86697e62244323/bip-p2qrh.mediawiki
Putting "Fact" in your title doesn't make your misconceptions true. If you do a little more research into ECDSA, SHA-256, P2PKH, P2SH, P2WPKH and P2WSH you'll understand why your prediction is wrong.
I already told you. Someone has to code the new encryption in. For that to happen the QC resistant encryption tech needs to be disseminated, which it won't be. The best hope is that the powers that be have enough vested interest to do it themselves, but it is unclear what that encryption tech might look like. Bitcoin is open source so if it is an algorithm, coding it in might reveal how it works. If it some sort of centralised encryption that using it would essentially centralise bitcoin. There's a lot of unknowns, but the point being that governments and institutions will possibly eliminate their exposure to bitcoin when they get the signal that the QC is about to break SHA256, and they will likely know well in advance of public consciousness.
Yes and my point is that crypto will be left behind. QC resistance encryption will make it to all defence and finance and other critical infrastructure systems. Everything being based on SHA256 isn't a defence of crypto. It doesn't make address the risk to crypto itself.
You fail to understand Bitcoin is not only digital asset running on SHA-256 it is an idea, at the current moment of time, it is the best one.
if google breaks SHA-256, the last thing u will think about is your bitcoin, cause the world would be on fire.
Agreed, but when SHA256 and the qubit race intersect, every trade on Wall Street and the entire industry of banking will have to make changes to exponentially increase the security of transactions not just the crypto industry.
Bitcoin will inevitably upgrade to cryptography that can withstand quantum attacks. You can’t kill an idea. The network will move beyond SHA-256. If necessary, the chain will roll back to the last pre-attack block. The network strives to exist and will find a way to do so—it bootstrapped itself from just a few nodes into hundreds of thousands, and evolving into a post-quantum era will be glorious. Remember that what doesn’t kill Bitcoin makes it stronger. You can’t kill an idea.
A fork will have the same vulnerability to QC if it uses traditional encryption methods. Satoshi is talking about possible cracks of SHA256 the same way previous encryption methods were broken, not about a possibility that prime number factorisation is going to become trivial. A fork would have to use in-development QC proof encryption methods but the question is...who's going to code it? New encryption methods are as much a bleeding edge technology that nations are going to keep incredibly secret as QC itself, as they will be an edge countries have. It the new nuclear arms race where defence and detection is as much a of state secret as the weapons themselves
They dread that SHA-256 will be cracked by Shor's and Grover's algos ☠️😅. These big boys are ever doing these things. They wait to see if things gain momentum, they throw in FUD, they buy in during panic episodes, then they pump. Some nations now want btc as reserve 😅😅
How would this work in practice? If SHA-256 would be broken, even if given time to migrate, the migrated funds would be tied/originate/pre-migrated to/from your broken SHA-256 private key, so all unmigrated funds could be stolen, no?
SHA-512 is generally considered more secure than SHA-256 because it produces a larger hash value (512 bits compared to 256 bits), making it computationally harder to find collisions, which is the primary measure of a hash function’s security. However, SHA-256 is still considered very secure for most applications and is often preferred due to its faster processing speed. That is, until it isn’t, of course. On a side note, while more secure, SHA-512 is typically slower to compute than SHA-256. You answered your the question already though: SHA-512 generates a larger hash value, making it theoretically more resistant to brute-force attacks.
Public keys and encryption protocols (SHA256) of blockchain are public/known and are static - all that is needed to break it is great compute power to calculate in reverse to get private keys. This static nature of Bitcoin is its Achilles. All this computation can be done without any attempts of using it. Good encryptions and authentications today already use dynamic (always changing) passwords, tokens, ciphers...
A Hash or "Trapdoor"-Function. You give it any input for example "i am a frog", you get a pseudorandom output like "cab17d5b33b1c1a012b0a209487ddda0a8a5fd17a63187c2379ba8fcd67a0fbf" No one can predict what your input produces. No one can restore your input from the output. If you change or add even a single letter, you get a completely different output. The same input will always produce the same output. You can try it [here](https://emn178.github.io/online-tools/sha256.html). Bitcoin mining is effectively: 1. Put blockdata and any additional input of your choice into SHA-256 2. If your output starts with X amount of 0s you win the block. Where X is what we call "block difficulty". 3. If your output didn't start with enough zeros, change your random input and repeat.
A month after satoshi wrote this, bitcoin was hacked and I think we did pretty much exactly this tough. And I also think for bitcoin specifically that was much worse and more difficult to handle than SHA-256 breaking would be. The thing with SHA-256 is, its use is ubiquitous and bitcoin is simply not even close to being the softest target, which makes transitioning before being compromised way easier.
For starters, he could have picked SHA-512.
I am wondering, if tomorrow the community would decide to do a hard fork and switch the whole thing to SHA-512, would any of those hardware miners still efficiently work or would the mining infrastructure need to be built from scratch?
This is true! The issue people are concerned about isn't mining (which uses SHA-256 and is QC resistant) but the ECDSA and public keys. So any exposed public keys would be vulnerable due to ECDSA's vulnerability to QC (ECDSA is used to link the private key to the public key). Most public keys aren't exposed because they are hashed making them QC resistant. The exception is the very first transactions that did not hash the public keys to make addresses and are QC vulnerable.
SHA-256 is mostly QC resistant (Grover’s algorithm may help a little, but nowhere near enough to make it worthwhile)
Well, you would have to break ECDSA, SHA256, and RIPEMD160 to crack accounts that haven't reused addresses
SHA-3 and BLAKE3 are among the most secure and efficient modern hash functions for general use right now.
Did you even read the article you posted. No one is concerned about SHA256. It's P2PK addresses and ECDSA that they're concerned about.