Paper 2021/886

Computational Records with Aging Hardware: Controlling Half the Output of SHA-256

Mellila Bouam, Charles Bouillaguet, Claire Delaplace, and Camille Noûs


SHA-256 is a secure cryptographic hash function. As such, its output should not have any detectable property. This paper describes three bit strings whose hashes by SHA-256 are nevertheless correlated in a non-trivial way: the first half of their hashes XORs to zero. They were found by “brute-force”, without exploiting any cryptographic weakness in the hash function itself. This does not threaten the security of the hash function and does not have any cryptographic implication. This is an example of a large “combinatorial” computation in which at least 8.7 × 10 22 integer operations have been performed. This was made possible by the combination of: 1) recent progress on algorithms for the underlying problem, 2) creative use of "dedicated" hardware accelerators, 3) adapted implementations of the relevant algorithms that could run on massively parallel machines. The actual computation was done on aging hardware. It required seven calendar months using two obsolete second-hand bitcoin mining devices converted into "useful" computational devices. A second step required 570 CPU-years on an 8-year old IBM BlueGene/Q computer, a few weeks before it was scrapped. To the best of our knowledge, this is the first practical 128-bit collision-like result obtained by brute-force, and it is the first bitcoin miner-accelerated computation.

Available format(s)
Publication info
Published elsewhere. Parallel Computing
3XORGeneralized Birthday ParadoxBrute-forceImplementationHardwareASICbitcoin hardware
Contact author(s)
charles bouillaguet @ lip6 fr
2021-06-29: received
Short URL
Creative Commons Attribution


      author = {Mellila Bouam and Charles Bouillaguet and Claire Delaplace and Camille Noûs},
      title = {Computational Records with Aging Hardware: Controlling Half the Output of {SHA}-256},
      howpublished = {Cryptology ePrint Archive, Paper 2021/886},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.