How is the transaction hash determined?

[jacktheking]

I would like to know how transaction hash is determined.

For example, https://blockchain.info/tx/278090c755aa016483ab3a9e6bffe1d2dfbf5b53edb7099b9946bc9dfe59f217. How does the network generate the underlined text? I searched Google but there is no answer - there was one in 2012. The explanation is way too complicated for me to understand.

[virtualx]

I would like to know how transaction hash is determined.

For example, https://blockchain.info/tx/278090c755aa016483ab3a9e6bffe1d2dfbf5b53edb7099b9946bc9dfe59f217. How does the network generate the underlined text? I searched Google but there is no answer - there was one in 2012. The explanation is way too complicated for me to understand.

I'm doing this on top of my head with a little help from the web, so may have some mistake, but these are the steps:

1. Transactions are encoded as (some data bytes):
- a 32 bit 'nVersion'
- a list of input transactions, vin
- a list of output transactions, vout
- a 32 bit 'nLockTime'

2. string all those together end to end  (some data bytes as a string or block of text)
3. Taking the sha256 hash of this
4. Taking the sha256 hash of this (again)

You can combine step 3 and 4, sha256(sha256(input)).  You do not have to know all the details of sha256 but you should learn the principles of hashing.

Then you have the transaction hash. Bitcoin uses the endian encoding, bytewise reversed.
Example with Genesis block:

Step 1)

Code:

    nVersion: 01000000
    inputs
        count: 01
        1st input:
            prevout_hash: 0000000000000000000000000000000000000000000000000000000000000000
            prevout_n: ffffffff
            scriptSig: 4d:04ffff001d0104455468652054696d65732030332f4a616e2f32303039204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73
            sequence: ffffffff
    outputs
        count: 01
        1st output:
            value: 00f2052a01000000 (hex(50*10^8) is 0000012a05f200, and bitcoin puts the bytes in reverse order)
            scriptPubKey: 43:4104678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5fac
    nLockTime: 00000000

Step 2)

Code:

01000000010000000000000000000000000000000000000000000000000000000000000000ffffffff4d04ffff001d0104455468652054696d65732030332f4a616e2f32303039204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73ffffffff0100f2052a01000000434104678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5fac00000000

Step 3+4) (double sha256)

Code:

4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b

Have a look at pybitcoin tools https://github.com/vbuterin/pybitcointools, you can easily create transaction hashes with that.

[jacktheking]

Understand a bit. So.. can I say that no one can predict what the hash is going to be?

[Sarthak]

Understand a bit. So.. can I say that no one can predict what the hash is going to be?

Noone can! There are many bitcoin casino whose bet results depend upon the transaction hash! If they could be predicted, those casinos would loose a lot of Bitcoins

[shorena]

Understand a bit. So.. can I say that no one can predict what the hash is going to be?

Not predict, but a certain hash might be forced similar to how mining is brute forcing a certain hash.

-> https://bitcointalk.org/index.php?topic=460944.0

[altcoinex]

Understand a bit. So.. can I say that no one can predict what the hash is going to be?

Noone can! There are many bitcoin casino whose bet results depend upon the transaction hash! If they could be predicted, those casinos would loose a lot of Bitcoins

Not predict, but a certain hash might be forced similar to how mining is brute forcing a certain hash.

-> https://bitcointalk.org/index.php?topic=460944.0

I think you guys may be confusing some things like block hash with transaction hash. A block hash cannot be predicted, a transaction hash entirely can.
One can simply assemble the transaction in their wallet and not submit it to the network to know its hash, use one of the available tools and libraries, or calculate it manually. It CANNOT however be forced, in that you cannot take a desired hash outcome and produce a valid transaction from it or make two different data transactions have the same hash. Brute forcing it to produce any valid transaction is not computationally possible. Betting sites use either the block hash, or a combination of the block hash and transaction hash, but never just the transaction hash...

*edit* to clarify, some sites might use the transaction hash, but in combination with other values that make a prediction based on the tx hash impossible. That being said there have been betting sites in the past to make large security mistakes and im sure at least one might have used just a tx identifier at some point...

[Sarthak]

I think you guys may be confusing some things like block hash with transaction hash. A block hash cannot be predicted, a transaction hash entirely can.
One can simply assemble the transaction in their wallet and not submit it to the network to know its hash, use one of the available tools and libraries, or calculate it manually. It CANNOT however be forced, in that you cannot take a desired hash outcome and produce a valid transaction from it or make two different data transactions have the same hash. Brute forcing it to produce any valid transaction is not computationally possible. Betting sites use either the block hash, or a combination of the block hash and transaction hash, but never just the transaction hash...

 But they say the trasnsaction id of your bet transfer! Isn't that transaction hash? 

[virtualx]

I think you guys may be confusing some things like block hash with transaction hash. A block hash cannot be predicted, a transaction hash entirely can.
One can simply assemble the transaction in their wallet and not submit it to the network to know its hash, use one of the available tools and libraries, or calculate it manually. It CANNOT however be forced, in that you cannot take a desired hash outcome and produce a valid transaction from it or make two different data transactions have the same hash. Brute forcing it to produce any valid transaction is not computationally possible. Betting sites use either the block hash, or a combination of the block hash and transaction hash, but never just the transaction hash...

 But they say the trasnsaction id of your bet transfer! Isn't that transaction hash? 

I don't know what site you mean but the transaction id is also the hash. The example I mentioned above links to the genesis block transaction https://blockchain.info/tx/4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b

Blocks have a different hashing algorithm https://en.bitcoin.it/wiki/Block_hashing_algorithm. Block hashes cannot be predicted as mentioned, transaction hashes can be created outside of the bitcoin network.

[shorena]

I think you guys may be confusing some things like block hash with transaction hash. A block hash cannot be predicted, a transaction hash entirely can.
One can simply assemble the transaction in their wallet and not submit it to the network to know its hash, use one of the available tools and libraries, or calculate it manually. It CANNOT however be forced, in that you cannot take a desired hash outcome and produce a valid transaction from it or make two different data transactions have the same hash. Brute forcing it to produce any valid transaction is not computationally possible. Betting sites use either the block hash, or a combination of the block hash and transaction hash, but never just the transaction hash...

 But they say the trasnsaction id of your bet transfer! Isn't that transaction hash?  

I don't know what site you mean but the transaction id is also the hash. The example I mentioned above links to the genesis block transaction https://blockchain.info/tx/4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b

Blocks have a different hashing algorithm https://en.bitcoin.it/wiki/Block_hashing_algorithm. Block hashes cannot be predicted as mentioned, transaction hashes can be created outside of the bitcoin network.

Wana bet? I predice the next bitcoin block has a hash lower than the current target value.
Mining is nothing but brute forcing the hash until it meets the requirements. Maybe brute forcing is the wrong word in this sense, but its the same with a transaction. You alter the transaction and check the hash until you have the hash you want. There are many ways to alter the TX even if you use the same inputs (see the link on TX malleability), there are even more ways if you have a big set of inputs you could use. If you are saying @altcoinex that this is not "forcing" the hash to be a certain value than please give me a better word for it.

Both blocks and transactions are hashed with SHA256. What different algorithm are you refering to?

[Sarthak]

I wonder when will I be an expert and I understand these technical things
Bitcoin is way too complicated!
Satoshi is a real genius! Genius than Einstien!

Btw this question mayn't belong here but shorena can those powerful bitcoin miners be used to mine altcoins?

[altcoinex]

I think you guys may be confusing some things like block hash with transaction hash. A block hash cannot be predicted, a transaction hash entirely can.
One can simply assemble the transaction in their wallet and not submit it to the network to know its hash, use one of the available tools and libraries, or calculate it manually. It CANNOT however be forced, in that you cannot take a desired hash outcome and produce a valid transaction from it or make two different data transactions have the same hash. Brute forcing it to produce any valid transaction is not computationally possible. Betting sites use either the block hash, or a combination of the block hash and transaction hash, but never just the transaction hash...

 But they say the trasnsaction id of your bet transfer! Isn't that transaction hash?  

I don't know what site you mean but the transaction id is also the hash. The example I mentioned above links to the genesis block transaction https://blockchain.info/tx/4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b

Blocks have a different hashing algorithm https://en.bitcoin.it/wiki/Block_hashing_algorithm. Block hashes cannot be predicted as mentioned, transaction hashes can be created outside of the bitcoin network.

Wana bet? I predice the next bitcoin block has a hash lower than the current target value.
Mining is nothing but brute forcing the hash until it meets the requirements. Maybe brute forcing is the wrong word in this sense, but its the same with a transaction. You alter the transaction and check the hash until you have the hash you want. There are many ways to alter the TX even if you use the same inputs (see the link on TX malleability), there are even more ways if you have a big set of inputs you could use. If you are saying @altcoinex that this is not "forcing" the hash to be a certain value than please give me a better word for it.

Both blocks and transactions are hashed with SHA256. What different algorithm are you refering to?

Predicting what it will be less than is not predicting it, it is knowing the network rules... Predicting is to know what hash It would be, or any reasonable assumption about that hash OTHER Than those assumeable by network and protocol enforced rules. If I tell you a TX hash, you can have all the inputs in the world, change every value possible within the protocol, and your not going to come up with a TX that matches that hash. It is not 'Forcing' the hash, because you are just changing the hash to another, not forcing it to any specific one. This would be an unacceptable weakness in bitcoin if it were possible. If your playing an online casino game, that persay takes the tx hex, converts it to a number, and turns that into a shuffle pattern for cards, or a dice number outcome, then you could modify the tx until you got one that would produce that result, as where N is the amount of possible game outcomes every N tx's would average 1 of N matching your goal -- which is why betting sites dont use JUST the tx hash.  That example would be 'forcing an outcome' in the game, but you are not forcing a specific hash -- just exploiting how the buggy game is utilizing the hash.

[virtualx]

I think you guys may be confusing some things like block hash with transaction hash. A block hash cannot be predicted, a transaction hash entirely can.
One can simply assemble the transaction in their wallet and not submit it to the network to know its hash, use one of the available tools and libraries, or calculate it manually. It CANNOT however be forced, in that you cannot take a desired hash outcome and produce a valid transaction from it or make two different data transactions have the same hash. Brute forcing it to produce any valid transaction is not computationally possible. Betting sites use either the block hash, or a combination of the block hash and transaction hash, but never just the transaction hash...

 But they say the trasnsaction id of your bet transfer! Isn't that transaction hash?  

I don't know what site you mean but the transaction id is also the hash. The example I mentioned above links to the genesis block transaction https://blockchain.info/tx/4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b

Blocks have a different hashing algorithm https://en.bitcoin.it/wiki/Block_hashing_algorithm. Block hashes cannot be predicted as mentioned, transaction hashes can be created outside of the bitcoin network.

Wana bet? I predice the next bitcoin block has a hash lower than the current target value.
Mining is nothing but brute forcing the hash until it meets the requirements. Maybe brute forcing is the wrong word in this sense, but its the same with a transaction. You alter the transaction and check the hash until you have the hash you want. There are many ways to alter the TX even if you use the same inputs (see the link on TX malleability), there are even more ways if you have a big set of inputs you could use. If you are saying @altcoinex that this is not "forcing" the hash to be a certain value than please give me a better word for it.

Both blocks and transactions are hashed with SHA256. What different algorithm are you refering to?

Predicting what it will be less than is not predicting it, it is knowing the network rules... Predicting is to know what hash It would be, or any reasonable assumption about that hash OTHER Than those assumeable by network and protocol enforced rules. If I tell you a TX hash, you can have all the inputs in the world, change every value possible within the protocol, and your not going to come up with a TX that matches that hash. It is not 'Forcing' the hash, because you are just changing the hash to another, not forcing it to any specific one. This would be an unacceptable weakness in bitcoin if it were possible. If your playing an online casino game, that persay takes the tx hex, converts it to a number, and turns that into a shuffle pattern for cards, or a dice number outcome, then you could modify the tx until you got one that would produce that result, as where N is the amount of possible game outcomes every N tx's would average 1 of N matching your goal -- which is why betting sites dont use JUST the tx hash.  That example would be 'forcing an outcome' in the game, but you are not forcing a specific hash -- just exploiting how the buggy game is utilizing the hash.

To be correct, both blocks and transactions are double hashed with SHA256. Calling them different algorithms is a bit of a far stretch, but they are created with very different inputs.

[shorena]

-snip-
Predicting what it will be less than is not predicting it, it is knowing the network rules... Predicting is to know what hash It would be, or any reasonable assumption about that hash OTHER Than those assumeable by network and protocol enforced rules. If I tell you a TX hash, you can have all the inputs in the world, change every value possible within the protocol, and your not going to come up with a TX that matches that hash.

Granted that is impossible unless I would be immortal and had the time and resources to try all possible combinations. Creating new inputs etc.

It is not 'Forcing' the hash, because you are just changing the hash to another, not forcing it to any specific one. This would be an unacceptable weakness in bitcoin if it were possible. If your playing an online casino game, that persay takes the tx hex, converts it to a number, and turns that into a shuffle pattern for cards, or a dice number outcome, then you could modify the tx until you got one that would produce that result, as where N is the amount of possible game outcomes every N tx's would average 1 of N matching your goal -- which is why betting sites dont use JUST the tx hash.  That example would be 'forcing an outcome' in the game, but you are not forcing a specific hash -- just exploiting how the buggy game is utilizing the hash.

Thanks I understand the issue now. I did not have in mind that I would have to match every bit of the hash.

[tspacepilot]

I think you guys may be confusing some things like block hash with transaction hash. A block hash cannot be predicted, a transaction hash entirely can.
One can simply assemble the transaction in their wallet and not submit it to the network to know its hash, use one of the available tools and libraries, or calculate it manually. It CANNOT however be forced, in that you cannot take a desired hash outcome and produce a valid transaction from it or make two different data transactions have the same hash. Brute forcing it to produce any valid transaction is not computationally possible. Betting sites use either the block hash, or a combination of the block hash and transaction hash, but never just the transaction hash...

 But they say the trasnsaction id of your bet transfer! Isn't that transaction hash?  

I don't know what site you mean but the transaction id is also the hash. The example I mentioned above links to the genesis block transaction https://blockchain.info/tx/4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b

Blocks have a different hashing algorithm https://en.bitcoin.it/wiki/Block_hashing_algorithm. Block hashes cannot be predicted as mentioned, transaction hashes can be created outside of the bitcoin network.

Wana bet? I predice the next bitcoin block has a hash lower than the current target value.
Mining is nothing but brute forcing the hash until it meets the requirements. Maybe brute forcing is the wrong word in this sense, but its the same with a transaction. You alter the transaction and check the hash until you have the hash you want. There are many ways to alter the TX even if you use the same inputs (see the link on TX malleability), there are even more ways if you have a big set of inputs you could use. If you are saying @altcoinex that this is not "forcing" the hash to be a certain value than please give me a better word for it.

Both blocks and transactions are hashed with SHA256. What different algorithm are you refering to?

Predicting what it will be less than is not predicting it, it is knowing the network rules... Predicting is to know what hash It would be, or any reasonable assumption about that hash OTHER Than those assumeable by network and protocol enforced rules. If I tell you a TX hash, you can have all the inputs in the world, change every value possible within the protocol, and your not going to come up with a TX that matches that hash. It is not 'Forcing' the hash, because you are just changing the hash to another, not forcing it to any specific one. This would be an unacceptable weakness in bitcoin if it were possible. If your playing an online casino game, that persay takes the tx hex, converts it to a number, and turns that into a shuffle pattern for cards, or a dice number outcome, then you could modify the tx until you got one that would produce that result, as where N is the amount of possible game outcomes every N tx's would average 1 of N matching your goal -- which is why betting sites dont use JUST the tx hash.  That example would be 'forcing an outcome' in the game, but you are not forcing a specific hash -- just exploiting how the buggy game is utilizing the hash.

To be correct, both blocks and transactions are double hashed with SHA256. Calling them different algorithms is a bit of a far stretch, but they are created with very different inputs.

And all the transactions in a block are hashed together into a merkle tree of hashes.  Whereas a transaction hash is merely sha256 of the transaction bytes, the block hash is a much more complicated procedure.  So I think it's fair to say these are seperate procedures.

[jacktheking]

Okay, so from what I understand.. It is possible to predict the TX Hash. However, that is only possible if we have lot of time and resource. Am I on the right track? I'm just trying to find a way to select a winning number for my free lottery game - here. Anyone can suggest me a way to do it? Whereas, no one can predict the result.

[shorena]

Okay, so from what I understand.. It is possible to predict the TX Hash. However, that is only possible if we have lot of time and resource. Am I on the right track?

No, sorry if I mislead you in that regard. It is possible to change the TX hash, but its impossible (in terms of a human livespan and resources) to change it to something specific. Its "possible" as its "possible" creating a private key that has already been created by someone else or that all air molecules in your room spontaneously move into the corner and you die.

Even though only 9 digits of the hash count, the transaction is not created by the participants, but by a third party.

[cjp]

I wonder when will I be an expert and I understand these technical things
Bitcoin is way too complicated!
Satoshi is a real genius! Genius than Einstien!

Since you mentioned complexity and Einstein, the following Einstein quote is mandatory:
Everything should be made as simple as possible, but not simpler

In hindsight, some things in Bitcoin could have been made more simple; for instance, the way how transaction signing is performed (which, BTW, leads to the current transaction malleability problem). This shows that, even though Satoshi can be called a genius, not even he is perfect.

If you want to become an expert, it doesn't hurt to be a programmer. If you have no programming experience, I think Python is a nice language to start with: it's relatively friendly to beginners, and it has everything experts want (except, arguably, speed, but often that's not critical). Then, you might want to check out my implementation of Bitcoin transaction algorithms in Python. Calculation of the transaction hash ( = transaction ID) is a single line of code in the getTransactionID method.

[Sarthak]

Since you mentioned complexity and Einstein, the following Einstein quote is mandatory:
Everything should be made as simple as possible, but not simpler

In hindsight, some things in Bitcoin could have been made more simple; for instance, the way how transaction signing is performed (which, BTW, leads to the current transaction malleability problem). This shows that, even though Satoshi can be called a genius, not even he is perfect.

If you want to become an expert, it doesn't hurt to be a programmer. If you have no programming experience, I think Python is a nice language to start with: it's relatively friendly to beginners, and it has everything experts want (except, arguably, speed, but often that's not critical). Then, you might want to check out my implementation of Bitcoin transaction algorithms in Python. Calculation of the transaction hash ( = transaction ID) is a single line of code in the getTransactionID method.

Well I don't get the underlined thing :
Everything should be made as simple as possible, but not simpler

Yes, I do have a 0.1% experience in QBASIC like I know WHILE..WEND, FOR NEXT.. Goto , INPUT, PRINT etc etc
 We've gone way off the topic can you please PM me to remove my confusion? Thanks!

[jacktheking]

Okay, so from what I understand.. It is possible to predict the TX Hash. However, that is only possible if we have lot of time and resource. Am I on the right track?

No, sorry if I mislead you in that regard. It is possible to change the TX hash, but its impossible (in terms of a human livespan and resources) to change it to something specific. Its "possible" as its "possible" creating a private key that has already been created by someone else or that all air molecules in your room spontaneously move into the corner and you die.

Even though only 9 digits of the hash count, the transaction is not created by the participants, but by a third party.

Hmm.. Thanks for clearing my doubt. To determine winning ticket #1, I use A-ads transaction ID - yes, that's from third party. To determine winning ticket #2, I use transaction from my wallet to winning ticket #1 wallet. So.. it is not from third party.

Anyway, I'm feeling better as you said:

its impossible (in terms of a human livespan and resources)

[tspacepilot]

Okay, so from what I understand.. It is possible to predict the TX Hash. However, that is only possible if we have lot of time and resource. Am I on the right track?

No, sorry if I mislead you in that regard. It is possible to change the TX hash, but its impossible (in terms of a human livespan and resources) to change it to something specific. Its "possible" as its "possible" creating a private key that has already been created by someone else or that all air molecules in your room spontaneously move into the corner and you die.

Even though only 9 digits of the hash count, the transaction is not created by the participants, but by a third party.

Hmm.. Thanks for clearing my doubt. To determine winning ticket #1, I use A-ads transaction ID - yes, that's from third party. To determine winning ticket #2, I use transaction from my wallet to winning ticket #1 wallet. So.. it is not from third party.

Anyway, I'm feeling better as you said:

its impossible (in terms of a human livespan and resources)

The other thing you could do if you are worried about someone predicting your lottery draw would be to use some nonce from /dev/urandom or something like that and add it to the end of the transaction you were hashing.