Sat. Apr 13th, 2024


Bitcoin never considers number of leading zeroes

As I understand it, proof of work requires nodes to “scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits” ([bitcoin paper]).

It is understandable why, after reading the famous white paper, you would think that. It is not true though. No bitcoin node actually cares about the number of leading zero bits. The test in Satoshi Nakamoto’s source code is if (hash <= hashTarget) — Nakamoto wrote one thing in the whitepaper but wrote something different in the actual Bitcoin software.

Therefore the situation is this:

Item Binary Comments / Verdict
Target 000000001100
Block A hash 000000001101 Larger ∴ Failure
Block B hash 000000001011 Smaller ∴ Success

Even though the block hashes have the same number of leading zeroes, one is a failure and the other a success.

However the core of your question is certainly an important one.

The test is not “has a specified number of zeroes”

Specifically, based on the 3Blue1Brown video, nodes are scanning for number such that, when it is appended to the block of transactions, the hash of the block has a specified number of zeros.

That is doubly wrong. Even in systems based on numbers of leading zeroes, like hashcash, I believe it is acceptable to have more than the specified number of zeroes.

Is SHA256(SHA256(n)) surjective?

No it is not.

according to an answer in cryptography.stackexchange.com to Is there a guarantee that for each possible hash y there exists a number x such that with hash function H, H(x) = y?

A notable exception is double-SHA-256 (SHA256d) used in Bitcoin mining, where overwhelmingly likely there are some unreachable outputs.

Therfore it might be possible that, for exceedingly small targets, there might be no reachable values smaller than the target



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *