Optimizing SHA256 in Bitcoin Mining

  • Nicolas T. Courtois
  • Marek Grajek
  • Rahul Naik
Part of the Communications in Computer and Information Science book series (CCIS, volume 448)


Bitcoin is a “crypto currency”, a decentralized electronic payment scheme based on cryptography. It implements a particular type of peer-to-peer payment system. Bitcoin depends on well-known cryptographic standards such as SHA-256. In this paper we revisit the cryptographic process which allows one to make money by producing new bitcoins. We reformulate this problem as a specific sort of Constrained Input Small Output (CISO) hashing problem and reduce the problem to a pure block cipher problem, cf. Fig. 1. We estimate the speed of this process and we show that the amortized cost of this process is less than it seems and it depends on a certain cryptographic constant which is estimated to be at most 1.89. These optimizations enable bitcoin miners to save countless millions of dollars per year in electricity bills.


electronic payment crypto currencies bitcoin hash functions SHA-256 bitcoin mining CICO problem (Constrained Input Constrained Output) cryptanalysis of block ciphers 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aumasson, J.-P., Khovratovich, D.: First Analysis of Keccak (2009),
  2. 2.
    Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to Better — How to Make Bitcoin a Better Currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    Nakamoto, S., et al.: Bitcoin QT:
  4. 4.
    Boyar, J., Matthews, P., Peralta, R.: Logic Minimization Techniques with Applications to Cryptology. Journal of Cryptology 26, 280–312 (2013)CrossRefzbMATHMathSciNetGoogle Scholar
  5. 5.
    Chaves, R., Kuzmanov, G., Sousa, L., Vassiliadis, S.: Improving SHA-2 hardware implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 298–310. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Courtois, N.T., Hulme, D., Mourouzis, T.: Solving Circuit Optimisation Problems in Cryptography and Cryptanalysis. In: Proceedings of SHARCS 2012 Workshop, UK, pp. 179–191 (2011)Google Scholar
  7. 7.
    Courtois, N.T., Hulme, D., Mourouzis, T.: Multiplicative Complexity and Solving Generalized Brent Equations With SAT Solvers. In: COMPUTATION TOOLS 2012, The Third International Conference on Computational Logics, Algebras, Programming, Tools, and Benchmarking. ARIA, Nice (2012)Google Scholar
  8. 8.
    Courtois, N.T., Grajek, M., Naik, R.: The Unreasonable Fundamental Incertitudes Behind Bitcoin Mining (2013),
  9. 9.
    Courtois, N.T., Bahack, L.: On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency (2014),
  10. 10.
    Courtois, N.T., Bard, G.V.: Algebraic Cryptanalysis of the Data Encryption Standard. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 152–169. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Courtois, N.T., Mourouzis, T.: Black-Box Collision Attacks on the Compression Function of the GOST Hash Function. In: Proceedings of 6th International Conference on Security and Cryptography SECRYPT, Spain (2011)Google Scholar
  12. 12.
    Dadda, L., Macchetti, M., Jeff Owen, J.: An ASIC design for a high speed implementation of the hash function SHA-256 384, 512. In: ACM Great Lakes Symposium on VLSI, pp. 421–425. ACM (2004)Google Scholar
  13. 13.
    Dadda, L., Macchetti, M., Owen, J.: The Design of a High Speed ASIC Unit for the Hash Function SHA-256 (384, 512). In: DATE 2004, pp. 70–75. IEEE (2004)Google Scholar
  14. 14.
    Virtual currencies: Mining digital gold, From the print edition: Finance and economics, The Economist (2013)Google Scholar
  15. 15.
    National Institute of Standards and Technology (NIST). FIPS PUB 180-2, SHA256 Standard (2002),
  16. 16.
    Feldhofer, M., Rechberger, C.: A Case Against Currently Used Hash Functions in RFID Protocols. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 372–381. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Knezevic, M.: Efficient Hardware Implementations of Cryptographic Primitives. PhD thesis, Katholieke Universiteit Leuven (2011)Google Scholar
  18. 18.
    Lee, Y.K., Chan, H., Verbauwhede, I.: Iteration bound analysis and throughput optimum architecture of SHA-256 (384,512) for hardware implementations. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 102–114. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Macchetti, M., Dadda, L.: Quasi-Pipelined Hash Circuits. In: IEEE Symposium on Computer Arithmetic, pp. 222–229 (2005)Google Scholar
  20. 20.
    Michail, H.E., Athanasiou, G., Kritikakou, A., Goutis, C.E., Gregoriades, A., Papadopoulou, V.G.: Ultra High Speed SHA-256 Hashing Cryptographic Module for IPSec Hardware/Software Codesign. In: SECRYPT, pp. 309–313 (2010)Google Scholar
  21. 21.
    Michail, H.E., Athanasiou, G., Gregoriades, A., Panagiotou, C.L., Goutis, C.E.: High Throughput Hardware/Software Co-design Approach SHA-256 Hashing Cryptographic Module. Global Journal of Computer Science and Technology 10, 15 (2010)Google Scholar
  22. 22.
    Guo, J., Matusiewicz, K.: Preimages for Step-Reduced SHA-2 (2008),
  23. 23.
    Heusser, J.: SAT solving - An alternative to brute force bitcoin mining (2013),
  24. 24.
    Huang, J., Lai, X.: What is the Effective Key Length for a Block Cipher: an Attack on Every Block Cipher (2012),
  25. 25.
    Kim, M., Ryou, J., Jun, S.: Efficient Hardware Architecture of SHA-256 Algorithm for Trusted Mobile Computing. In: Yung, M., Liu, P., Lin, D. (eds.) Inscrypt 2008. LNCS, vol. 5487, pp. 240–252. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Matusiewicz, K., Pieprzyk, J., Pramstaller, N.: Rechberger, Ch., Rijmen, V.: Analysis of simplified variants of SHA-256:
  27. 27.
    Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System:
  28. 28.
    Raddum, H., Semaev, I.: New Technique for Solving Sparse Equation Systems. In: ECRYPT STVL (2006),
  29. 29.
    Sklavos, N., Koufopavlou, O.G.: On the hardware implementations of the SHA-2 (256, 384, 512) hash functions. ISCAS 5, 153–156 (2003)Google Scholar
  30. 30.
    Tillich, S., Feldhofer, M., Kirschbaum, M., Plos, T., Schmidt, J.-M., Alexander Szekely, A.: Uniform Evaluation of Hardware Implementations of the Round-Two SHA-3 Candidates. In: Second SHA-3 Conference (2010),

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Nicolas T. Courtois
    • 1
  • Marek Grajek
    • 2
  • Rahul Naik
    • 1
    • 3
  1. 1.University College LondonUK
  2. 2.Independent researcher and writerPoland
  3. 3.Royal Bank of ScotlandUK

Personalised recommendations