Thanks for replies, suggestions, and @aliashraf for the "merit".. really appreciated

and sorry for me being late, but I'm involved in a lot of stuff lately

I was thinking that -as underlined by aliashraf- the general problem for sure is huge (stated it seems to still rest unsolved), but I'm in some way confident "that reduction" perhaps could be less impossible

if we consider the mining problem...

I mean, if -for sake of simplicity- we consider:

- a fixed order of transactions in the block (so fixed merkle root)
- no misuse of timestamp and version fields from their original meaning

then the only remaining freedom degrees are the nonce's 32 bits.. still many but not the whole 640 bit header

Ok ok, I know the block hash is the SHA256 applied TWO TIMES to the block header, nevertheless the "whole function" would still apply to just 32 bits input...

And for the PoW we "only" need the beginning 0s, so we would not be interested in all the 256 bits outputs (so we would handle a smaller vector function/system)

When I'll have time I'll try to write a symbolic SHA256 able to mill the numbers and to pass-through variables.. just to check what happen....

..but it won't be soon , for sure