Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: crazy_rabbit on November 08, 2012, 08:43:59 AM


Title: Rainbow table for Bitcoin?
Post by: crazy_rabbit on November 08, 2012, 08:43:59 AM
My technical knowledge of how encryption and Bitcoin works isn't so high, so I may be totally wrong about this one (please correct me if I am!).

When we are hashing away, we are in effect finding the inputs that equal an output (the hash), right? So as another user put it we are essentially brute-forcing a hash and when we get it right we solve a "block". Correct?

Are we not then in some way creating an enormous rainbow table for SHA-256 with the Blockchain?

Like I said, I'm not so technically apt for this stuff, so please correct me where I'm wrong.

Title: Re: Rainbow table for Bitcoin?
Post by: Binford 6100 on November 08, 2012, 08:59:10 AM
kind of, but the table has only ~206-207k entries so far and it is sha256(sha256) hashed twice.

edit: so the table contains not sha256 results (as I understood OP) but hashes of hashes
and miners do not collect / store / keep results not matching difficulty but throw them away

Title: Re: Rainbow table for Bitcoin?
Post by: Pieter Wuille on November 08, 2012, 09:51:36 AM
You are right that the Bitcoin hashing process is essentially finding an input (a block header) that makes the resulting hash have a certain output.

Rainbow tables in theory help for that, but under some conditions:
  • They don't reduce computation time (you still have to calculate all hashes of all inputs), but allow the resulting table to be stored in a relatively compact form
  • As a result, the input space has to be small
  • The wanted output has to be fixed
  • They are only useful for doing several hash lookups

However, in our case, the input is 80 bytes of block header data (=640 bits), which is humongous. Typically, rainbow tables are used on input sets no larger than 50-60 bits. Of course, significant parts of this block header are fixed, but many are not actually known in advance (merkle root, time stamp, previous block hash), so restricting those would mean the rainbow table can only be computed at the time the block is being constructed when the block is being constructed. At that point, there is no need for a rainbow table anymore, as we're only interested in finding one hash.

Secondly, the resulting hash isn't fixed - there is only a required generic property: it has to be low enough. Starting to search in a rainbow table with the set of all low-enough hashes would be completely infeasible.

So: no


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines