Bitcoin Forum
December 11, 2016, 02:33:26 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How many SHA-256 hash calculations are counted in one "hash per second"?  (Read 6959 times)
ttul
Member
**
Offline Offline

Activity: 70


View Profile
April 06, 2011, 04:53:45 PM
 #1

When the hashing strength of the bitcoin network is advertised, it's advertised in "GHash/s". Does this mean if the hashing strength is 600GHash/s that the network is doing 600 billion SHA-256 hash calculations per second?

Because in the Bitcoin algorithm, each trial of a particular hash requires two SHA-256 steps: the first to calculate the SHA-256 checksum of the block, and the second to calculate the SHA-256 checksum of this checksum result (i.e. a "hash of a hash").

So, when the community talks about hashes per second, is it literally SHA-256 hashes per second, or is it SHA-256 trials per second (i.e. tests against the target difficulty value)?

Thanks!
1481423606
Hero Member
*
Offline Offline

Posts: 1481423606

View Profile Personal Message (Offline)

Ignore
1481423606
Reply with quote  #2

1481423606
Report to moderator
1481423606
Hero Member
*
Offline Offline

Posts: 1481423606

View Profile Personal Message (Offline)

Ignore
1481423606
Reply with quote  #2

1481423606
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481423606
Hero Member
*
Offline Offline

Posts: 1481423606

View Profile Personal Message (Offline)

Ignore
1481423606
Reply with quote  #2

1481423606
Report to moderator
cdhowie
Full Member
***
Offline Offline

Activity: 182



View Profile WWW
April 06, 2011, 04:56:31 PM
 #2

So, when the community talks about hashes per second, is it literally SHA-256 hashes per second, or is it SHA-256 trials per second (i.e. tests against the target difficulty value)?
Pretty sure it's complete trials, not individual hashes.  A more accurate term might be nonces checked per second.

Tips are always welcome and can be sent to 1CZ8QgBWZSV3nLLqRk2BD3B4qDbpWAEDCZ

Thanks to ye, we have the final piece.

PGP key fingerprint: 2B7A B280 8B12 21CC 260A  DF65 6FCE 505A CF83 38F5

SerajewelKS @ #bitcoin-otc
ttul
Member
**
Offline Offline

Activity: 70


View Profile
April 06, 2011, 05:01:26 PM
 #3

This makes sense. So it's not really hashes per second, but trials per second or something like that. So a GPU that is rated at 600 MHash/second is actually doing 1.2 billion SHA-256 checksums per second.
cdhowie
Full Member
***
Offline Offline

Activity: 182



View Profile WWW
April 06, 2011, 05:04:59 PM
 #4

This makes sense. So it's not really hashes per second, but trials per second or something like that. So a GPU that is rated at 600 MHash/second is actually doing 1.2 billion SHA-256 checksums per second.
1.2 billion SHA-256 block transformations per second, yeah.  I'm still unclear if 1Mhash is 1000 or 1024 trials.  In terms of storage, OSes measure kB/MB etc. as powers of 1024 (which is in turn 2^10) since converting can be done by simply shifting bits.  So I tend to lean that way, but I've never really checked to see which convention is used in the BTC mining world.

Tips are always welcome and can be sent to 1CZ8QgBWZSV3nLLqRk2BD3B4qDbpWAEDCZ

Thanks to ye, we have the final piece.

PGP key fingerprint: 2B7A B280 8B12 21CC 260A  DF65 6FCE 505A CF83 38F5

SerajewelKS @ #bitcoin-otc
Alexium
Newbie
*
Offline Offline

Activity: 22


View Profile
April 06, 2011, 08:35:53 PM
 #5

I'm still unclear if 1Mhash is 1000 or 1024 trials. 
Should be 1000.
mrb
Legendary
*
Offline Offline

Activity: 1120


View Profile WWW
April 07, 2011, 09:09:33 AM
 #6

1.2 billion SHA-256 block transformations per second, yeah.

That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes.

I'm still unclear if 1Mhash is 1000 or 1024 trials.  In terms of storage, OSes measure kB/MB etc. as powers of 1024 (which is in turn 2^10)

When you think about it, decimal prefixes are more common that binary prefixes even in the computer industry  Wink
cdhowie
Full Member
***
Offline Offline

Activity: 182



View Profile WWW
April 07, 2011, 09:24:42 AM
 #7


That link doesn't really prove anything though.  Of course manufacturers use powers of 1000 -- they can claim that their hard drive is 300GB when it is, in fact, only 279GB as measured by pretty much every operating system.  Also, AFAICT, the article is just plain wrong when it comes to RAM modules; if the amount of RAM on a chip were not a power of 2, it just plain wouldn't work.  Such statements can only be made by people who don't know how memory is addressed.

So, sorry, but I'm still not convinced.  Smiley

Tips are always welcome and can be sent to 1CZ8QgBWZSV3nLLqRk2BD3B4qDbpWAEDCZ

Thanks to ye, we have the final piece.

PGP key fingerprint: 2B7A B280 8B12 21CC 260A  DF65 6FCE 505A CF83 38F5

SerajewelKS @ #bitcoin-otc
Pieter Wuille
Legendary
*
Offline Offline

Activity: 1036


View Profile WWW
April 07, 2011, 09:57:25 AM
 #8

One "hash" as in the 600Mhash/s a graphics card does, corresponds to one sha256(sha256(block_header)). The block header is 80 bytes, which is padded to 128 bytes, and split into to 64-byte parts.

The actual algorithm (in pseudo-code) is:
Code:
doHash(block_header) {
  hasher = new SHA256();
  hasher.update(block_header[0..63]);      // update A1
  hasher.update(block_header[64..127]);  // update A2
  hash1 = hasher.getHash();
  hasher.reset();
  hasher.update(hash1);                         // update B
  hash2 = hasher.getHash();
  return hash2
}

So, when looking at the actual algorithm, there are 3 sha256 updates involved. However, since the nonce is in the second part of the block header, the state of the hasher after update A1 is precomputed once for the whole range of nonces, limiting it to only 2 updates (A2 and B).

However, there are still more optimizations involved. Each sha256 update consists of 64 rounds. In the first 3 of update A2, the nonce isn't used, so these can be precomputed as well. Furthermore, the last 2 or 3 rounds do not influence the highest bits of the resulting hash (which are used for determining whether it passed the difficulty test), so these can be skipped as well.

Bottom line: a 600MH/s device, is actually doing 600000000*120 sha256 rounds per second. This roughly corresponds to doing 1125 million separate sha256 hashes (of data blocks < 64 bytes).

And yes, M stands for 1000000 here, not 1048576.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
mrb
Legendary
*
Offline Offline

Activity: 1120


View Profile WWW
April 07, 2011, 11:19:32 AM
 #9

That link doesn't really prove anything though. Of course manufacturers use powers of 1000 -- they can claim that their hard drive is 300GB when it is, in fact, only 279GB as measured by pretty much every operating system.  Also, AFAICT, the article is just plain wrong when it comes to RAM modules; if the amount of RAM on a chip were not a power of 2, it just plain wouldn't work.

You read incorrectly. It does not talk about RAM capacity, but RAM throughput ("A PC6400 (as in 6400 MByte/s) memory module is 6400 * 10^6 byte/s").

I challenge you to name a single item in that list that is false. You won't find any. Surprising, huh?  Wink
cdhowie
Full Member
***
Offline Offline

Activity: 182



View Profile WWW
April 07, 2011, 11:39:31 AM
 #10

You read incorrectly. It does not talk about RAM capacity, but RAM throughput ("A PC6400 (as in 6400 MByte/s) memory module is 6400 * 10^6 byte/s").

Ah, yes.  My mistake.

I challenge you to name a single item in that list that is false. You won't find any. Surprising, huh?  Wink

As mentioned, disk storage capacity is measured one way by OSes and another by manufacturers.  So it might not be false, but it's not really true either.  More like contested.  Smiley  The rest of the list does seem to lean towards decimal powers though.  Shame.

Tips are always welcome and can be sent to 1CZ8QgBWZSV3nLLqRk2BD3B4qDbpWAEDCZ

Thanks to ye, we have the final piece.

PGP key fingerprint: 2B7A B280 8B12 21CC 260A  DF65 6FCE 505A CF83 38F5

SerajewelKS @ #bitcoin-otc
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
April 07, 2011, 11:51:33 AM
 #11

2
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 09, 2011, 03:59:53 AM
 #12

1.2 billion SHA-256 block transformations per second, yeah.

That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes.


I don't think so.  The first hash does not change with each trial.  The nonce is the only that changes most of the time.  That only influences the last hash.  One hash is one SHA256 op the vast majority of the time.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Jim Hyslop
Member
**
Offline Offline

Activity: 98


View Profile
April 09, 2011, 04:35:44 AM
 #13

1.2 billion SHA-256 block transformations per second, yeah.

That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes.


I don't think so.  The first hash does not change with each trial.  The nonce is the only that changes most of the time.  That only influences the last hash.  One hash is one SHA256 op the vast majority of the time.

Have another look at the pseudo code sipa posted. You'll see that there is another hash at the end.

The first hash op, which does not change for each trial, is labeled "update A1". The second hash op, which contains the nonce, is labeled "update A2". At that point, the hash algorithm is technically finished, and you could use that result. But for some reason which I haven't yet inquired about, Satoshi added another hash of the hash, which is B in the pseudo code.

So, why did Satoshi add that extra hash at the end? Is that a standard procedure for SHA-256?

Like my answer? Did I help? Tips gratefully accepted here: 1H6wM8Xj8GNrhqWBrnDugd8Vf3nAfZgMnq
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 09, 2011, 04:05:17 PM
 #14

1.2 billion SHA-256 block transformations per second, yeah.

That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes.


I don't think so.  The first hash does not change with each trial.  The nonce is the only that changes most of the time.  That only influences the last hash.  One hash is one SHA256 op the vast majority of the time.

Have another look at the pseudo code sipa posted. You'll see that there is another hash at the end.

The first hash op, which does not change for each trial, is labeled "update A1". The second hash op, which contains the nonce, is labeled "update A2". At that point, the hash algorithm is technically finished, and you could use that result. But for some reason which I haven't yet inquired about, Satoshi added another hash of the hash, which is B in the pseudo code.

So, why did Satoshi add that extra hash at the end? Is that a standard procedure for SHA-256?

I RTFM'd and stand corrected.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!