BitcoinCash/specification
1
Fork 0
Code Issues Pull Requests Releases Activity
Files
6cd44a412bcd30747db9ce922fc3f2935ec9e177
specification/protocol/blockchain/hash.md
T
Paul Chandler 8965a38ca5 Removed Lint warnings. 
Removed Lint warnings.
2020-03-25 03:37:56 -04:00

3.5 KiB
Raw Blame History

Hash

A variety of hashing algorithms are used throughout the Bitcoin Cash protocol. This specification does not explain what hashes are, nor the details of the specific hashing algorithms used, as that is covered well elsewhere. Instead, this page will focus on which hashing algorithms are used, where they are used, and why they are used there.

SHA-256

SHA-256 is widely used throughout the Bitcoin Cash protocol to identify blocks and transactions along with a variety of purposes in transaction scripts. The most notable uses of SHA-256 are:

  • Block Hashing (Double SHA-256)
    • A SHA-256 hash is taken of the block header. The output hash is then hashed again with SHA-256. This resultant hash is referred to simply as the block hash and is used as a unique identifier for the block.
    • This double hash removes the possibility of a length extension attack which a single SHA-256 is vulnerable to. While this is generally not a problem for Bitcoin Cash since the pre-image (the actual data of the block) is available, it trades a minor amount of inefficiency for confidence that this property of SHA-256 cannot be exploited.
    • Double SHA-256 has its own Bitcoin Script operation for ease-of-use, OP_HASH256
  • Transaction Hashing (Double SHA-256)
    • Transactions are also hashed using a double application of SHA-256. This is referred to as the transaction hash and is used to uniquely identify the transaction. (NOTE: Historical transaction hashes are not universally unique, there are two sets of two identical coinbase transactions (and thus identical hashes). Since BIP-34, the block height is now required to be in the coinbase transaction, which drastically reduces the possibility of duplicate transaction hashes in the future.)
    • The two cases where this occurred are the following transactions which each appear in two blocks:
      • D5D27987D2A3DFC724E359870C6644B40E497BDC0589A033220FE15429D88599
      • E3BF3D07D4B0375638D5F1DB5255FE07BA2C4CB067CD81B84EE974B6585FB468

In contrast to many hashing algorithm implementations, Bitcoin Cash block and transaction hashes use a little-endian representation. This means they are displayed and sent over the network with the least-significant byte first. And ultimately permits a block hash stored in memory to be interpreted without swapping endianness for integer operations such as the comparison with the block difficulty during block validation or mining.

RIPEMD-160

RIPEMD-160 is used in Bitcoin Cash scripts to create short, quasi-anonymous representations of payees for transactions. Since its brevity is also a potential liability for the anonymity it provides (since shorter hashes generally provide less collision-resistance), it is used in conjunction with SHA-256 when generating an address from a public key. That is, (public key) -> SHA-256 -> RIPEMD-160 -> (address). This SHA-256 then RIPEMD-160 process has its own operation for ease-of-use, OP_HASH160.

Murmur

MurmurHash is used in Bitcoin to support Bloom filters. The specific version used is the MurmurHash version 3 (32-bit), with the first hash initialized to (numberOfHashesRequired * 0xFBA4C795L + nonce) where nonce is a randomly chosen 32-bit unsigned integer.

Reference in New Issue View Git Blame Copy Permalink