ttul (OP)
Member
Offline
Activity: 70
Merit: 10
|
|
April 06, 2011, 04:53:45 PM |
|
When the hashing strength of the bitcoin network is advertised, it's advertised in "GHash/s". Does this mean if the hashing strength is 600GHash/s that the network is doing 600 billion SHA-256 hash calculations per second?
Because in the Bitcoin algorithm, each trial of a particular hash requires two SHA-256 steps: the first to calculate the SHA-256 checksum of the block, and the second to calculate the SHA-256 checksum of this checksum result (i.e. a "hash of a hash").
So, when the community talks about hashes per second, is it literally SHA-256 hashes per second, or is it SHA-256 trials per second (i.e. tests against the target difficulty value)?
Thanks!
|
|
|
|
cdhowie
|
|
April 06, 2011, 04:56:31 PM |
|
So, when the community talks about hashes per second, is it literally SHA-256 hashes per second, or is it SHA-256 trials per second (i.e. tests against the target difficulty value)?
Pretty sure it's complete trials, not individual hashes. A more accurate term might be nonces checked per second.
|
Tips are always welcome and can be sent to 1CZ8QgBWZSV3nLLqRk2BD3B4qDbpWAEDCZ Thanks to ye, we have the final piece.PGP key fingerprint: 2B7A B280 8B12 21CC 260A DF65 6FCE 505A CF83 38F5 SerajewelKS @ #bitcoin-otc
|
|
|
ttul (OP)
Member
Offline
Activity: 70
Merit: 10
|
|
April 06, 2011, 05:01:26 PM |
|
This makes sense. So it's not really hashes per second, but trials per second or something like that. So a GPU that is rated at 600 MHash/second is actually doing 1.2 billion SHA-256 checksums per second.
|
|
|
|
cdhowie
|
|
April 06, 2011, 05:04:59 PM |
|
This makes sense. So it's not really hashes per second, but trials per second or something like that. So a GPU that is rated at 600 MHash/second is actually doing 1.2 billion SHA-256 checksums per second.
1.2 billion SHA-256 block transformations per second, yeah. I'm still unclear if 1Mhash is 1000 or 1024 trials. In terms of storage, OSes measure kB/MB etc. as powers of 1024 (which is in turn 2^10) since converting can be done by simply shifting bits. So I tend to lean that way, but I've never really checked to see which convention is used in the BTC mining world.
|
Tips are always welcome and can be sent to 1CZ8QgBWZSV3nLLqRk2BD3B4qDbpWAEDCZ Thanks to ye, we have the final piece.PGP key fingerprint: 2B7A B280 8B12 21CC 260A DF65 6FCE 505A CF83 38F5 SerajewelKS @ #bitcoin-otc
|
|
|
Alexium
Newbie
Offline
Activity: 22
Merit: 0
|
|
April 06, 2011, 08:35:53 PM |
|
I'm still unclear if 1Mhash is 1000 or 1024 trials.
Should be 1000.
|
|
|
|
mrb
Legendary
Offline
Activity: 1512
Merit: 1028
|
|
April 07, 2011, 09:09:33 AM |
|
1.2 billion SHA-256 block transformations per second, yeah.
That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes. I'm still unclear if 1Mhash is 1000 or 1024 trials. In terms of storage, OSes measure kB/MB etc. as powers of 1024 (which is in turn 2^10)
When you think about it, decimal prefixes are more common that binary prefixes even in the computer industry
|
|
|
|
cdhowie
|
|
April 07, 2011, 09:24:42 AM |
|
That link doesn't really prove anything though. Of course manufacturers use powers of 1000 -- they can claim that their hard drive is 300GB when it is, in fact, only 279GB as measured by pretty much every operating system. Also, AFAICT, the article is just plain wrong when it comes to RAM modules; if the amount of RAM on a chip were not a power of 2, it just plain wouldn't work. Such statements can only be made by people who don't know how memory is addressed. So, sorry, but I'm still not convinced.
|
Tips are always welcome and can be sent to 1CZ8QgBWZSV3nLLqRk2BD3B4qDbpWAEDCZ Thanks to ye, we have the final piece.PGP key fingerprint: 2B7A B280 8B12 21CC 260A DF65 6FCE 505A CF83 38F5 SerajewelKS @ #bitcoin-otc
|
|
|
Pieter Wuille
Legendary
Offline
Activity: 1072
Merit: 1181
|
|
April 07, 2011, 09:57:25 AM |
|
One "hash" as in the 600Mhash/s a graphics card does, corresponds to one sha256(sha256(block_header)). The block header is 80 bytes, which is padded to 128 bytes, and split into to 64-byte parts. The actual algorithm (in pseudo-code) is: doHash(block_header) { hasher = new SHA256(); hasher.update(block_header[0..63]); // update A1 hasher.update(block_header[64..127]); // update A2 hash1 = hasher.getHash(); hasher.reset(); hasher.update(hash1); // update B hash2 = hasher.getHash(); return hash2 }
So, when looking at the actual algorithm, there are 3 sha256 updates involved. However, since the nonce is in the second part of the block header, the state of the hasher after update A1 is precomputed once for the whole range of nonces, limiting it to only 2 updates (A2 and B). However, there are still more optimizations involved. Each sha256 update consists of 64 rounds. In the first 3 of update A2, the nonce isn't used, so these can be precomputed as well. Furthermore, the last 2 or 3 rounds do not influence the highest bits of the resulting hash (which are used for determining whether it passed the difficulty test), so these can be skipped as well. Bottom line: a 600MH/s device, is actually doing 600000000*120 sha256 rounds per second. This roughly corresponds to doing 1125 million separate sha256 hashes (of data blocks < 64 bytes). And yes, M stands for 1000000 here, not 1048576.
|
I do Bitcoin stuff.
|
|
|
mrb
Legendary
Offline
Activity: 1512
Merit: 1028
|
|
April 07, 2011, 11:19:32 AM |
|
That link doesn't really prove anything though. Of course manufacturers use powers of 1000 -- they can claim that their hard drive is 300GB when it is, in fact, only 279GB as measured by pretty much every operating system. Also, AFAICT, the article is just plain wrong when it comes to RAM modules; if the amount of RAM on a chip were not a power of 2, it just plain wouldn't work.
You read incorrectly. It does not talk about RAM capacity, but RAM throughput ("A PC6400 (as in 6400 MByte/s) memory module is 6400 * 10^6 byte/s"). I challenge you to name a single item in that list that is false. You won't find any. Surprising, huh?
|
|
|
|
cdhowie
|
|
April 07, 2011, 11:39:31 AM |
|
You read incorrectly. It does not talk about RAM capacity, but RAM throughput ("A PC6400 (as in 6400 MByte/s) memory module is 6400 * 10^6 byte/s").
Ah, yes. My mistake. I challenge you to name a single item in that list that is false. You won't find any. Surprising, huh? As mentioned, disk storage capacity is measured one way by OSes and another by manufacturers. So it might not be false, but it's not really true either. More like contested. The rest of the list does seem to lean towards decimal powers though. Shame.
|
Tips are always welcome and can be sent to 1CZ8QgBWZSV3nLLqRk2BD3B4qDbpWAEDCZ Thanks to ye, we have the final piece.PGP key fingerprint: 2B7A B280 8B12 21CC 260A DF65 6FCE 505A CF83 38F5 SerajewelKS @ #bitcoin-otc
|
|
|
grondilu
Legendary
Offline
Activity: 1288
Merit: 1080
|
|
April 07, 2011, 11:51:33 AM |
|
2
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
April 09, 2011, 03:59:53 AM |
|
1.2 billion SHA-256 block transformations per second, yeah.
That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes. I don't think so. The first hash does not change with each trial. The nonce is the only that changes most of the time. That only influences the last hash. One hash is one SHA256 op the vast majority of the time.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
Jim Hyslop
Member
Offline
Activity: 98
Merit: 20
|
|
April 09, 2011, 04:35:44 AM |
|
1.2 billion SHA-256 block transformations per second, yeah.
That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes. I don't think so. The first hash does not change with each trial. The nonce is the only that changes most of the time. That only influences the last hash. One hash is one SHA256 op the vast majority of the time. Have another look at the pseudo code sipa posted. You'll see that there is another hash at the end. The first hash op, which does not change for each trial, is labeled "update A1". The second hash op, which contains the nonce, is labeled "update A2". At that point, the hash algorithm is technically finished, and you could use that result. But for some reason which I haven't yet inquired about, Satoshi added another hash of the hash, which is B in the pseudo code. So, why did Satoshi add that extra hash at the end? Is that a standard procedure for SHA-256?
|
Like my answer? Did I help? Tips gratefully accepted here: 1H6wM8Xj8GNrhqWBrnDugd8Vf3nAfZgMnq
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
April 09, 2011, 04:05:17 PM |
|
1.2 billion SHA-256 block transformations per second, yeah.
That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes. I don't think so. The first hash does not change with each trial. The nonce is the only that changes most of the time. That only influences the last hash. One hash is one SHA256 op the vast majority of the time. Have another look at the pseudo code sipa posted. You'll see that there is another hash at the end. The first hash op, which does not change for each trial, is labeled "update A1". The second hash op, which contains the nonce, is labeled "update A2". At that point, the hash algorithm is technically finished, and you could use that result. But for some reason which I haven't yet inquired about, Satoshi added another hash of the hash, which is B in the pseudo code. So, why did Satoshi add that extra hash at the end? Is that a standard procedure for SHA-256? I RTFM'd and stand corrected.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|