TERM_DEF // MODULE_5_CRYPTO_PRIMITIVES / SHA_256
SHA-256
SHA-256. 256-bit cryptographic hash function used throughout Bitcoin.
SHA-256 (Secure Hash Algorithm 256-bit) produces a 32-byte digest and is the workhorse of Bitcoin's cryptography. It's used for transaction IDs (double-SHA256), mining (double-SHA256 of block headers), and HASH160 (SHA256 then RIPEMD-160). OP_SHA256 applies it once; hash256/">OP_HASH256 applies it twice (SHA256(SHA256(x))).
This page sits in the Module 5 — Crypto Primitives section — Vocabulary introduced in the Crypto Primitives module. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
SHA-256 (Secure Hash Algorithm 256-bit) produces a 32-byte digest and is the workhorse of Bitcoin's cryptography. It's used for transaction IDs (double-SHA256), mining (double-SHA256 of block headers), and HASH160 (SHA256 then RIPEMD-160). OP_SHA256 applies it once; hash256/">OP_HASH256 applies it twice (SHA256(SHA256(x))).
This page sits in the Module 5 — Crypto Primitives section — Vocabulary introduced in the Crypto Primitives module. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
WHAT_SHA_256_IS
SHA-256 — at a glance
MODULE 5
SHA-256 is a cryptographic component of Bitcoin. 256-bit cryptographic hash function used throughout Bitcoin. Like every cryptographic building block in Bitcoin, it is fundamentally a piece of math — not a feature provided by a server, not a permission granted by an authority, but a deterministic function that any machine can compute and any other machine can verify.
SHA-256 (Secure Hash Algorithm 256-bit) produces a 32-byte digest and is the workhorse of Bitcoin's cryptography. It's used for transaction IDs (double-SHA256), mining (double-SHA256 of block headers), and HASH160 (SHA256 then RIPEMD-160). OP_SHA256 applies it once; OP_HASH256 applies it twice (SHA256(SHA256(x))).
Why it exists
DESIGN
Bitcoin has no central authority to vouch for ownership, prove identity, or guarantee that a message has not been tampered with. Cryptography fills all three roles. SHA-256 exists because the alternative — trusting a third party with custody, signatures, or random number generation — would re-introduce exactly the single points of failure Bitcoin was designed to eliminate. The security of every coin in existence depends on these primitives behaving as advertised.
HOW_IT_WORKS
Mechanism
HOW IT WORKS
The mechanism rests on a one-way function: easy to compute forward, computationally infeasible to reverse. For signature schemes that asymmetry comes from the elliptic-curve discrete logarithm problem on the secp256k1 curve; for hash functions like SHA-256 it comes from collision-resistance. SHA-256 is built on top of these primitives and inherits their security: every node/">full node can independently verify a result in microseconds, but no attacker can fabricate a fake one in any realistic amount of time, even with all the computers on Earth working together.
1. Generate or receive the input bytes (a private key, a message, a public key, a signature — depending on the operation).
2. Apply the cryptographic primitive — typically built on SHA-256, RIPEMD-160, secp256k1, or Schnorr/ECDSA.
3. Encode the result in the expected form: 32-byte hash, 33-byte compressed pubkey, 64-byte Schnorr signature, ~71-byte DER ECDSA signature, etc.
4. Verifiers worldwide re-run the same computation against the public inputs to confirm authenticity — no shared secret required.
WORKED_EXAMPLE
SHA-256 — example values
EXAMPLE
input : "hello bitcoin"
operation: SHA-256(input)
output : afffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff (deterministic, 32 bytes)
properties:
same input → same output, always
1 bit flipped → ~half the output bits change (avalanche)
finding two inputs with the same output : computationally infeasible
reversing output → input : computationally infeasible
KEY_PROPERTIES
ONE-WAY
Easy to compute forward in microseconds; infeasible to reverse even with planetary compute resources.
COLLISION-RESISTANT
Finding two distinct inputs that produce the same output requires more work than has ever been done on Earth.
PUBLIC-VERIFIABLE
Anyone can check a signature/hash against public data — no shared secret needed for verification.
COMMON_PITFALLS
Things that catch people out
PITFALLS
- Never reuse a signing nonce — a single nonce reuse leaks the private key permanently and irretrievably.
- Never generate keys with weak randomness (timestamps, user input, Math.random) — predictable seeds have drained millions in past incidents.
- Never paste secrets into a web form, screenshot, or cloud note — anywhere they leave your control they may be copied silently.
- Treat SHA-256 like nuclear material: handle it, store it, and dispose of it deliberately.
RELATED_CONCEPTS
Other terms from Module 5 — Crypto Primitives — click any to read its page:
TERMINOLOGY_INDEX
TERMINOLOGY
SHA-256
256-bit cryptographic hash function used throughout Bitcoin.
Hash function
One-way function that maps arbitrary data to a fixed-size digest.
RIPEMD-160
160-bit hash function; combined with SHA-256 gives HASH160.
HASH160
RIPEMD160(SHA256(x)) — produces the 20-byte pubkey hash.
Preimage
The original input to a hash function.