Has a SHA256 output ever been found consisting entirely of the same character?

Question

Is it possible to have an output consisting purely of one character and does this change the entropy of that output? (If that's even possible to ascertain.)

As an example, the Bitcoin cryptocurrency is slowly and inadvertently compiling a list of inputs which produce outputs with successively larger numbers of trailing zeros in its blockchain. Will these ever be used to study the SHA-256 algorithm?

Answer 1

If any filtering criterion on the output of SHA-256 (with its definition independent of SHA-256 internals) leaves $n$ possible values out of $2^{256}$, then as far as we know,

• the best method to exhibit an input to SHA-256 matching that criterion involves trying distinct inputs;
• the expected number of hashes (compressions) required for this is $2^{256}/n$;
• the $n$ outputs are equiprobable, thus the entropy of the process generating SHA-256 hashes passing that criterion from random input is $\log_2(n)$ bit/output, or $n\log_2(n)2^{-256}$ bit/input.

An output consisting purely of one character is such a criterion, with $n=16$ if we read character as hexadecimal digit. It is expected that $2^{252}$ hashes would be necessary to achieve that. Based on blockchain statistics (currently $7\cdot10^{18}$ SHA-256d per second), I guestimate that less than $2^{95}$ SHA-256 hashes have been performed by mankind; thus, with overwhelming odds, nothing giving a hash passing said criteria was ever hashed. Our best estimate of the theoretical entropy rate of this process is $4$ bit/output, or $2^{-250}$ bit/input.

I do not see how the input values found by bitcoin mining could be of any use in the study of SHA-256.