Blockchain cryptography I SHA-256

Gepubliceerd op 27 augustus 2023 om 09:30

Certain input is first converted to a hash. This is a kind of encrypted message whose contents you cannot see. This is useful for passwords because it ensures that others (such as a hacker) cannot do anything with the passwords when he or she sees the hash in the database.

Hashes are secure because they only work one way. This means that you can convert information to a hash, but you cannot convert the hash back to its contents (input to output). There are several hashing algorithms, one of which is SHA-256. Bitcoin (BTC), among others, uses the SHA-256 hashing protocol.

Please note that the hashing algorithm is the core of any blockchain system. If the hashing algorithm is vulnerable for hacks, then the whole blockchain ecosystem is at risk.

What is SHA-256?
SHA-256 is a hashing algorithm that belongs to the SHA family. SHA stands for Secure Hash Algorithm and provides encryption of information (input). This encryption is done according to a predetermined algorithm that is not known to anyone. This ensures that no one can reverse a hash back to its original content. It is only possible to convert information to a hash (one-way traffic).

With SHA-256, you can create a hash consisting of 256 bits. To do this, however, the text must be below 264 bits. Only then is it possible to keep the hash value random.

What is hashing used for?
Because the input determines what the output (the hash) looks like, one can check that the contents are the same. This is especially useful for passwords or sensitive, personal information. Many databases convert passwords to an SHA-256 hash before storing them in the database. Thus, people who have access to the database cannot see passwords. They see only the hash, which cannot be reversed. When someone enters his or her password, it is converted to the hash. Then an application checks if the hash of the entered password matches the hash of the password (stored in the database). See photo below.

Hashing is also used as an integrity verification tool to ensure that data has not been altered in transit. Suppose you send an e-mail to someone, you can have it converted to a hash. Upon receipt, it checks whether the hash of the received e-mail is the same as the hash of the sent e-mail. Is that not the case? Then someone has modified the e-mail along the way. If only one bit has been modified, the hash looks completely different.

Want to make your own SHA-256 hash? There are several websites where you can do that, including this one.

Let's for example hash 'Consensus Based' using the SHA-256 algorithm. The output will be:


If we slightly change the input to 'Consensus Based!', the output will be:


Want to use the SHA-256 algorithm yourself? Click here!

The SHA family tree
There are several hashing algorithms that fall under SHA:

SHA-256 was devised in 2001 by the National Security Agency (NSA) as a new variant of SHA-1. This was necessary because SHA-1 was becoming less secure. Each algorithm in the list above works in a slightly different way. Exactly what the difference is is hard to say. This is because the publisher of a hashing algorithm will never tell you exactly how an algorithm works. 

The biggest difference is that SHA-256 has a 256-bit string as its outcome. Although many new variants have come out after SHA-256, but SHA-256 is still considered the most secure and user-friendly algorithm in the SHA family.

What is SHA-256 used for?

  • Passwords
    SHA-256 is often used for password hashing. A password is first converted to an SHA-256 hash before it is stored in the database. This way, the password is protected from anyone who has access to the database.
  • SSL handshake
    SSL handshakes are also performed using SHA-256. An SSL handshake is the contact between the Web server and the browser. When a Web site has an SSL certificate (the https:// in front of the URL), a secure connection to the Web site can be established. This connection is established through cryptography (encryption of data) and hashing (which is what SHA-256 is used for).
  • Integrity verification
    SHA-256 is used to verify that the data looks the same when received as when it was sent, without looking at the content. If the hash has changed between transmission and receipt, it means that the content has been tampered with.
  • Verification of digital signatures
    Digital signatures use an asymmetric encryption method to verify the integrity of a file. Private key and public key are used to create these digital signatures. SHA-256 is used in this process.

SHA-256: the hashing algorithm of Bitcoin (BTC)
Bitcoin uses SHA-256 as its hashing algorithm. Within the Bitcoin blockchain, it is the miners who control transactions and verify blocks (which contain all transactions). They do this by providing computing power: the miners guess as many outcomes (hashes) as possible until their hash equals the correct answer (also a hash). This is  called the hashing puzzle.

  • Guessing hash outcomes
    The hash rate is the number of combinations a miner can guess per second. Often, the better the hardware, the higher the hash rate. Bitcoin's network has grown considerably in recent years, which also means an increase in computing power. So this would mean that the hash rate is increasing and blocks can be added faster. This is not good, because the faster blocks are added, the more vulnerable the blockchain will be to outside attacks. 
  • A chain of blocks
    In addition, SHA-256 creates a chain of blocks. Before a block is added to the blockchain, the hash of the previous block is added to the new block. After this, the new block is converted to a hash. This is done again continuously for each block that is added. This creates a chain of blocks. This is what we call the blockchain.

When someone tries to change the contents of a block (trying to give themselves more crypto, for example), the hash of the block will change. This causes a break in the chain. All nodes in the Bitcoin network know that this version of the blockchain is wrong, and thus will not adopt this version. In theory, it is possible to hack every block of the whole blockchain. But that will take a long time and not rewarding for the hacker. Because the hacker has to hack literally every hash. That's practically undoable. Instead, hackers try to exploit vulnerabilities in crypto exchanges, online wallets and computers. The chances of the hacker actually gaining access to people's crypto is much higher than hacking the blockchain. 

Is SHA-256 secure?
SHA-256 is a secure hashing algorithm. SHA-256 is considered one of the most secure hashing protocols in the world. To date, the algorithm has never been broken.

No one has yet succeeded in converting a hash back to its contents. When that is possible, we say the algorithm is "broken''. A broken algorithm is not secure, and is better never to be used again. MD5 is a well-known algorithm that is not secure, but is still used.

A small change creates a completely different hash. If you modify just one bit, the outcome of the hash will look completely different. Therefore, it is difficult for a hacker to hack the SHA-256.

  • Advantages
    SHA-256 can only be used one way (input to output). You can convert input to a hash, but it is impossible to convert a SHA-256 hash back to the contents of the hash.
  • The SHA-256 hashing algorithm is considered by many large organizations to be the most secure and useful hashing protocol in the world.
  • Many governments (including the United States and Australia) use SHA-256. This makes the hashing algorithm reliable.
  • Generating hashes with SHA-256 is fast.
  • Disadvantages
  • We are not sure if SHA-256 will remain an unbreakable (and therefore secure) hashing algorithm. Should stronger computers ever be developed, they could break the SHA-256 protocol (but we don't know for sure). The SHA-256 algorithm will be broken eventually, since computers are getting better. My expectation is that SHA-256 will be replaced by a better hashing algorithm in the future.

Reactie plaatsen


Er zijn geen reacties geplaatst.