I am aware that, theoretically speaking, there is no way to guarantee that a reversed hash is actually what is inputted to the hashing function. However, let's say that I have an image, I write down the file size of that image and then run it through the SHA-256 hashing algorithm. I then distribute the hash to all of the ~6.5 billion smartphones on our planet, along with the initial file size. How long would it take for all smartphones in existence on earth to fully brute force a SHA-256 hash, unlike Bitcoin where you only have to reverse some of it?
Asked
Active
Viewed 147 times
1 Answers
5
- An Apple M1 CPU can do around 2 GB/s of SHA256 (based on the optimized 2-way hardware-accelerated ARMv8 code in Bitcoin Core added in PR24115) on a single core.
- Smartphones are significantly slower than M1 laptop CPUs due to power usage limitations, but let's ignore that, and conservatively overestimate every smartphone has a hexacore CPU that can do this much, so 12 GB/s per device in total.
- SHA256 operates on blocks of 64 bytes. Let's assume that the attacker picks a fixed prefix, and then just needs to grind the last 64 bytes + padding (one extra block) of the file. So they're just hashing 128 bytes. (12 GB/s) / 128 B ≈ 94 million tries per second, per device.
- 6.5 billion devices times that means 6×1017 files per second in total.
- Every file attempt has a probability of 2-256 of yielding a correct preimage. That means one needs in the order of 2256 tries to have a reasonable chance of finding a preimage.
- 2256 / 6×1017 ≈ 2197 seconds
- The age of the universe is around 13.7 billion years, or 258.5 seconds.
- Thus the attack would take around 2197 / 258.5 ≈ 400000000000000000000000000000000000000000 times the age of the universe.
Pieter Wuille
- 105,497
- 9
- 194
- 308