http://en.zaoniao.it/index.php?action=history&feed=atom&title=SHA-256dSHA-256d - Revision history2026-05-15T09:39:21ZRevision history for this page on the wikiMediaWiki 1.32.0http://en.zaoniao.it/index.php?title=SHA-256d&diff=6664&oldid=prevAdmin: Created page with "{{#seo: |title= SHA-256d Algorithm – Encryption – zaoniaoWiki |keywords=sha-256d, sha, 256d, algorithm, cryptography |description=SHA-256d is the hash function forming the..."2019-07-06T13:09:32Z<p>Created page with "{{#seo: |title= SHA-256d Algorithm – Encryption – zaoniaoWiki |keywords=sha-256d, sha, 256d, algorithm, cryptography |description=SHA-256d is the hash function forming the..."</p>
<p><b>New page</b></p><div>{{#seo:<br />
|title= SHA-256d Algorithm – Encryption – zaoniaoWiki<br />
|keywords=sha-256d, sha, 256d, algorithm, cryptography<br />
|description=SHA-256d is the hash function forming the core of Bitcoin. SHA-256d(x) = SHA-256(SHA-256(x))<br />
}}<br />
<br />
'''SHA-256d''' is the hash function forming the core of Bitcoin.<br />
==About==<br />
'''SHA-256d''' was proposed in one of the Ferguson/Schneier books like so:<br />
<br />
'''SHA-256d(x) = SHA-256(SHA-256(x))'''<br />
<br />
The motivation for this construction is to avoid length extension attacks.<br />
<br />
==Example==<br />
'''An example''' is this protocol designed to provide mutual proof that each party has made some minimum number of evaluations of some 256-bit hash function H (note: Alice performs the odd steps, and the next even step is performed by Bob with roles reversed):<br />
[[File:SHA-256d_1.png|600px|center|SHA-256d description]]<br />
When H is SHA-256, this protocol is safe for both Alice and Bob. However if H is SHA-256d, defined as x↦SHA-256(SHA-256(x)), there is a simple "mirror" attack for Bob:<br />
[[File:SHA-256d_2.png|600px|center|SHA-256d description]]<br />
<br />
This strategy allows Bob to apparently perform his duties with computational effort about a single evaluation of SHA-256d, by circumventing the tests performed by Alice at step 5., which intend was to prevent Bob from choosing B0 as one of the Aj so that most of his work could in fact be done by Alice.<br />
==See also==<br />
* [[SHA-512]]<br />
* [[SHA-3]]<br />
* [[SHA-255]]<br />
* [[SHA-1]]<br />
* [[SHA-2]]<br />
<br />
==Refernces==<br />
[https://crypto.stackexchange.com/questions/7895/weaknesses-in-sha-256d Weaknesses in SHA-256d]<br />
[[de: SHA-256d]]</div>Admin