👮
Contract Cops
  • Mastering Ethereum Book
    • What is ethereum?
    • Tokens
    • Oracles
    • Decenralized Applications(DApps)
    • The Ethereum virtual machine
    • Ethereum basics
    • Ethereum clients
    • Cryptography
    • Wallets
    • Transactions
    • Chapter 7 - Smart Contracts & Solidity
    • Side Notes
      • Tokens
      • Smart Contracts and Solidity
  • Cryptography
    • Ethereum Cryptography - Cheatsheet
    • Assymetric vs symmetric cryptography
    • ECDSA vs RSA
    • Elliptic curves and ECDSA
    • Sha-256 Example
    • Sha-256
    • What are the different steps in SHA-256?
  • Ethereum Blocks
    • Block Headers
  • Learning Solidity
    • Storage vs memory
    • Upgradeable contracts
      • Proxy pattern in smart contracts
  • PoS
    • Proof of stake
  • PoW
    • PoW
  • Tokens
    • ERC-1155
    • ERC20
  • Cryptonomics
    • Automated market makers
    • Collateral Tokens
    • Collateralized Stablecoin
    • Fiat currency
    • Liquidity pool
    • Open Position: Meaning and Risk in Trading
    • Slippage
    • Spot price
  • Common Attack Vectors
    • Checking access control
    • Access control issues on critical functions
    • Account Existence Check for low level calls
    • Account Existence Check
    • Common attacks with contract/EOA addresses
    • Arithmetic under/overflow
    • Assert Attack
    • Assert require revert
    • Assert Violation
    • Bad Interface DOS
    • Bad pragma and compiler
    • Block Timestamp Manipulation
    • Bypassing contract check
    • Code With No Effects
    • Code size check vulnerability
    • Constructors with Care
    • Default Visibilities
    • Delegatecall
    • Delegatecall
    • Denial of Service (DoS)
    • DoS with block gas limit
    • Entropy Illusion
    • External contract referencing
    • Flash Loan Attack
    • Floating Point and Precision
    • Function selector abuse
    • Function selector abuse
    • Smart contract gas griefing
    • Hash collision parameters
    • Hash Collisions With Multiple Variable Length Arguments
    • Imprecise arithmetic
    • Improper Array Deletion
    • Incorrect array deletion
    • Incorrect interface
    • Insufficient Gas Griefing
    • Loop through long arrays
    • Message call with hardcoded gas amount
    • Not enough gas for ether transfer
    • Precision Loss in Calculations
    • Oracle Manipulation
    • Public Burn Function
    • Read-only reentrancy
    • Race Conditions/Front Running
    • Reentrancy Attacks
    • Reentrancy
    • Requirement Violation
    • Right-To-Left-Override control character (U+202E)
    • Shadowing State Variables
    • Short Address / Parameter attack
    • Signature Malleability
    • Signature Replay
    • Transaction Order Dependence
    • Tx.Origin Authentication
    • Unchecked CALL Return Values
    • Unexpected ether
    • Uninitialized Storage Pointers
    • Unsafe Ownership Transfer
  • EIP's
    • EIP155
    • EIP55
  • PoW
    • Ethash
    • Scrypt - RFC 7914
  • Questions for self evaluation
    • Questions 23/04/2023 (Nr: 84)
    • Usability guide for questions
  • Frequently asked questions
    • What is the difference between transaction and message?
    • What is the use of a interface or function without implementation?
  • UsefulResources
Powered by GitBook
On this page
  • How is SHA-256 used in blockchain, and why?
  • What makes SHA-256 an ideal candidate for blockchain?
  1. Cryptography

Sha-256

PreviousSha-256 ExampleNextWhat are the different steps in SHA-256?

Last updated 2 years ago

How is SHA-256 used in blockchain, and why?

👉SHA-256 is one of the first and most used hashing algorithms in blockchains like Bitcoin, Bitcoin Cash, and Bitcoin SV. It moderates the creation and management of addresses, and is also used for transaction verification. Bitcoin uses double SHA-256, meaning that it applies the hash functions twice.

It’s used in various stages in a blockchain, most commonly in:

👉Consensus mechanism: Here the miners calculate the hash of new blocks to be created using the algorithm by varying the value of nonce in a bitcoin block until they reach the hash below the threshold. The that block can be accepted into the ledger

👉Chains of blocks: Each block in the ledger contains a hash generated by SHA-256 referring to the preceding block in the chain

👉Digital signatures: Transactions use digital signatures to maintain integrity, the information used in the transaction is hashed using SHA-256, and then it is encrypted with the sender’s private key to generate a signature. The miner then verifies the signature to validate the transaction

What makes SHA-256 an ideal candidate for blockchain?

👉Collision resistant: No two input values can produce the same hash output. This ensures that every block in the blockchain ledger is assigned a unique hash value

👉Preimage resistance: The input can’t be recreated given a hash value. This ensures that during the proof of work in bitcoin, the miners cannot guess the value of nonce by converting the acceptable hash back into input. Instead, they have to use the brute force method, which ensures that the work is done.

👉Deterministic: The hash function’s output should always remain the same, given that the input remains the same. This is a basic property of digital signatures, as the computed hash against a given input should remain consistent when calculated by the receiver and sender.

👉Large output: The 256-bit output adds up to 2^256 possibilities making it impossible to apply the brute force solution to crack the hash

👉Avalanche effect: If there is a small change in the input, the output changes dramatically. This makes sure that the hash value can’t be guessed based on the input values. This makes the hash more secure.

Due to the complexity of the modern computers, some of the hashing algorithms have already been broken down

SHA-256 - Bullet properties👉Length of the original message should be less than 2^64 bits👉2^256 number of possibilities👉It’s like fingerprint👉The output will always will be the same length no matter the size of the input👉256-bit output length👉Still considered secure - no exploitable vulnerabilities👉Relatively fastReal world use cases outside blockchain technology👉Anti-virus softwares👉word.exe + FP -> downloading the fingerprint with the file👉Token = sha256(username + key); (JWT MAC HMAC)

digital_signature
avalanche_effect