10

The design of Bitcoin allows computers to compute a hash with 2 iterations of the SHA256 compression function instead of 3 on all but 1 out of every 2^32 attempts.

When Satoshi chose SHA256d for Bitcoin, did he intend to allow this?

Nick ODell
  • 29,184
  • 11
  • 69
  • 129

1 Answers1

10

I think Satoshi was not aware that the hashing routine could be optimized by the use of a midstate when he first created bitcoin.

If you look here, you can see that the first version of bitcoin that had the midstate optimization built into the miner was version 0.3.5 (it says 0.3.6 in the post, but you can see where someone quoted him that the post first read 0.3.5). He also says that it was implemented by someone called tcatm.

Also in 0.3.6, faster hashing:

- midstate cache optimisation thanks to tcatm

Satoshi mentions tcatm again here when trying to encourage people to upgrade to 0.3.8 by telling them they will get a better hash rate.

It's possible he knew it was possible and just didn't have time to implement it, I guess we'll probably never know for certain. But Gavin Andresen gave a talk on what Satoshi didn't know, and he speculated that Satoshi wasn't a very advanced cryptographer, based on some of the decisions made in bitcoin. As such, he may not have known about the inner workings of the hash function he selected, but just that SHA256d was regarded as a secure hash function.

EDIT: This may be the original post where tcatm proposed the midstate hashing optimization: https://bitcointalk.org/index.php?topic=648.0.

morsecoder
  • 14,008
  • 2
  • 42
  • 92
  • 2
    In [this commit](https://github.com/bitcoin/bitcoin/commit/520f3673196dd6517982e3f662cf62afda368341), Satoshi refers to it as "tcatm's [...] idea," so I think you're correct. However, I can't find anything he's written that says so explicitly. – Nick ODell Mar 27 '15 at 05:57