Nostr Web Client

Alex Waltz 1y ago

Did you know #Bitcoin used DOUBLE hashing everywhere?

Why do we use Double-Hashing(SHA256) in Bitcoin?

Where is it used?

What is the benefit?

SHA256 is designed & patented (released royalty-free), by the NSA.

Even though paranoia is a minimal requirement in cryptography, I don't think there are backdoors here.

Satoshi may have had his doubts.

Whenever hashing is performed in Bitcoin is done 2 times.

The most obvious use of SHA256 is when doing the PoW, but it is used a a LOT of other places.

All of the done 2 times.

The theory is that Satoshi though it prevents certain( length extension attacks) attacks.

But the reality is it does not really add any benefits.

Even though this fact became more obvious, the double-hashing trend continued with future things that were built.

It seemed it was easier to subscribe to the "superstition", rather than convenience people that hashing once is safe.

The "modern" changes use single hashing, and in some cases, hashing was dropped altogether.

The design choices made by Satoshis are consensus-breaking, which means that changing them would cause a fork, so they will probably stay like this forever.

Thanks for reading and like & repost, if you liked it. :D

Follow for more #Bitcoin facts like this every day!

And the #BitcoinFactOfTheDay was brought to you by BitBox !🇨🇭🔑

Reply to this note

Please Login to reply.

Discussion

CryptoDrew 1y ago

A similar reason for why the secp256k1 elliptic curve was chosen over the secp256r1 curve for DSA signatures.

Although, that does not mean that any of those are immune to future discoveries of vulnerabilities or backdoors or being broken.

And if/when that day comes, then the community will have to accept a hard fork. Fingerprinting all the accepted block history, and using new hashing or signing algorithms for future blocks.

Could Satoshi have added a small cryptographic spec to each transaction to detail the hashing and signing algo, allowing them to be changed w/out a fork? Or would that come with its own risks of the blockchain's security being subverted if it is made too easy to update such things.

Alex Waltz 1y ago

Well one reason might be the "r", because you can't really know the NUMS are really NUMS, i think.

If bitcoin needs a new hashing algorithm its most prolly fucked, and the chaos a change would cause it think it would die.

CryptoDrew 1y ago

Also, there have been suggestions that the NSA has a backdoor for the secp256r1 curve.

As for bitcoin being fucked if it ever were to ever need a new hashing algo, I'm not sure. I would imagine that several forks would come out of it as a result, and one or more would likely have a fair amount of success. Only time will tell.

Leo Wandersleb 1y ago

I guess it's more nuanced than that.

I'm not a cryptographer but I always found the claim dubious that in P2PKH, hashing gave the private keys an extra layer of protection. There is probably millions of coins protected with known pub keys either from P2PK or from address re-use, so if the cryptography for those was found to be fundamentally broken, Bitcoin would die or at least lose years of adoption in the chaos. If the hashing was necessary, we would have had to rotate plain key use out and if that's not done, why bother to use hashing in the first place?

Furthermore the hashing used reduces the search space, meaning there is many more private keys that can spend from a P2PKH UTXO than from a P2PK so - I'm not a cryptographer but a mathematician - I imagine if the math involved in both secp256k1 and sha256 is in some weird way related, hashing could make it easier instead of harder to find a valid key.

CryptoDrew 1y ago

Certainly dubious to say that P2PKH is more secure other than the fact that it is more private. And the privacy only lasts until the UTXO is spent since the pubkey will be revealed at that point.

Also, definitely correct that P2PKH is vulnerable to collisions since the RIPEMD-160 hash is much smaller than the size of the pubkey.