TERM_DEF // MODULE_5_CRYPTO_PRIMITIVES / PREIMAGE
PREIMAGE
Preimage. The original input to a hash function.
A preimage is the input value that was hashed to produce a given digest. In a hash commitment script, a locking script embeds a hash H and the spender must reveal the preimage P such that hash(P) = H. This is the mechanism behind Hash Time-Locked Contracts (HTLCs) in the Lightning Network — the recipient proves knowledge of a payment preimage to claim funds.
This page sits in the Module 5 — Crypto Primitives section — Vocabulary introduced in the Crypto Primitives module. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
A preimage is the input value that was hashed to produce a given digest. In a hash commitment script, a locking script embeds a hash H and the spender must reveal the preimage P such that hash(P) = H. This is the mechanism behind Hash Time-Locked Contracts (HTLCs) in the Lightning Network — the recipient proves knowledge of a payment preimage to claim funds.
This page sits in the Module 5 — Crypto Primitives section — Vocabulary introduced in the Crypto Primitives module. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
WHAT_PREIMAGE_IS
Preimage — at a glance
MODULE 5
Preimage is a cryptographic component of Bitcoin. The original input to a hash function. Like every cryptographic building block in Bitcoin, it is fundamentally a piece of math — not a feature provided by a server, not a permission granted by an authority, but a deterministic function that any machine can compute and any other machine can verify.
A preimage is the input value that was hashed to produce a given digest. In a hash commitment script, a locking script embeds a hash H and the spender must reveal the preimage P such that hash(P) = H. This is the mechanism behind Hash Time-Locked Contracts (HTLCs) in the Lightning Network — the recipient proves knowledge of a payment preimage to claim funds.
Why it exists
DESIGN
Bitcoin has no central authority to vouch for ownership, prove identity, or guarantee that a message has not been tampered with. Cryptography fills all three roles. Preimage exists because the alternative — trusting a third party with custody, signatures, or random number generation — would re-introduce exactly the single points of failure Bitcoin was designed to eliminate. The security of every coin in existence depends on these primitives behaving as advertised.
HOW_IT_WORKS
Mechanism
HOW IT WORKS
The mechanism rests on a one-way function: easy to compute forward, computationally infeasible to reverse. For signature schemes that asymmetry comes from the elliptic-curve discrete logarithm problem on the secp256k1 curve; for hash functions like SHA-256 it comes from collision-resistance. Preimage is built on top of these primitives and inherits their security: every node/">full node can independently verify a result in microseconds, but no attacker can fabricate a fake one in any realistic amount of time, even with all the computers on Earth working together.
1. Generate or receive the input bytes (a private key, a message, a public key, a signature — depending on the operation).
2. Apply the cryptographic primitive — typically built on SHA-256, RIPEMD-160, secp256k1, or Schnorr/ECDSA.
3. Encode the result in the expected form: 32-byte hash, 33-byte compressed pubkey, 64-byte Schnorr signature, ~71-byte DER ECDSA signature, etc.
4. Verifiers worldwide re-run the same computation against the public inputs to confirm authenticity — no shared secret required.
WORKED_EXAMPLE
Preimage — example values
EXAMPLE
concept : Preimage
role : The original input to a hash function.
basis : secp256k1 / SHA-256 / RIPEMD-160 — Bitcoin's three cryptographic primitives
verify : every full node re-runs the math against public inputs
forge : computationally infeasible (security in bits ≥ 128)
KEY_PROPERTIES
ONE-WAY
Easy to compute forward in microseconds; infeasible to reverse even with planetary compute resources.
DETERMINISTIC
Same input → identical output on every machine, forever. No randomness sneaks in.
COLLISION-RESISTANT
Finding two distinct inputs that produce the same output requires more work than has ever been done on Earth.
PUBLIC-VERIFIABLE
Anyone can check a signature/hash against public data — no shared secret needed for verification.
COMMON_PITFALLS
Things that catch people out
PITFALLS
- Never reuse a signing nonce — a single nonce reuse leaks the private key permanently and irretrievably.
- Never generate keys with weak randomness (timestamps, user input, Math.random) — predictable seeds have drained millions in past incidents.
- Never paste secrets into a web form, screenshot, or cloud note — anywhere they leave your control they may be copied silently.
- Treat Preimage like nuclear material: handle it, store it, and dispose of it deliberately.
RELATED_CONCEPTS
Other terms from Module 5 — Crypto Primitives — click any to read its page:
TERMINOLOGY_INDEX
TERMINOLOGY
Preimage
The original input to a hash function.
Hash function
One-way function that maps arbitrary data to a fixed-size digest.
SHA-256
256-bit cryptographic hash function used throughout Bitcoin.
RIPEMD-160
160-bit hash function; combined with SHA-256 gives HASH160.
HASH160
RIPEMD160(SHA256(x)) — produces the 20-byte pubkey hash.