Hash deviations are being systematically analyzed across varying conditions. We thank the large-scale GPU cluster for its support. If there are any additional hashes you would like to have analyzed, please don't hesitate to reach out.
Our purpose is to find weaknesses early and turn them into opportunities for improvement. Preemptive action is "the key". Thanks!
Why did we begin analyzing hash behavior using a large-scale GPU cluster?
Because if the hash value matches, the verification will definitely succeed, even if the public key and the signature were arbitrarily generated by an attacker.
* Hash160 is RIPEMD160(SHA256).
| bit position | Hash | Bias threshold (values below this threshold are recommended) | Bias Score (Displayed in the order of measurement) | Note |
|---|---|---|---|---|
| High | Random only input (33 bytes), random is GetStrongRandBytes | 4.65 | 3 5 4 6 5 8 3 5 1 0 4 | No issues detected. |
| Middle | Random only input (33 bytes), random is GetStrongRandBytes | 4.65 | 6 5 3 0 6 5 5 2 6 10 4 | No issues detected. |
| Low | Random only input (33 bytes), random is GetStrongRandBytes | 4.65 | 4 7 6 6 6 2 4 7 4 1 8 | No issues detected. |
| High | SHA256 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 5 6 3 2 6 2 2 5 3 1 8 | No issues detected. |
| Middle | SHA256 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 6 5 4 5 2 4 2 7 4 5 2 | No issues detected. |
| Low | SHA256 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 5 4 4 3 3 1 6 11 6 9 6 | No issues detected. |
| High | Blake2s from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 5 5 6 9 5 1 4 4 3 3 5 | No issues detected. |
| Middle | Blake2s from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 3 2 2 5 7 3 4 2 5 7 2 | No issues detected. |
| Low | Blake2s from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 7 3 3 2 5 5 5 2 4 5 4 | No issues detected. |
| High | SHA1 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 6 3 3 11 5 3 7 10 0 4 8 | The Devil's Claw Marks. (This is the source of the breach) |
| Middle | SHA1 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 7 7 6 8 2 5 4 4 5 1 7 | No issues detected. |
| Low | SHA1 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 7 6 3 3 6 2 4 3 1 5 5 | No issues detected. |
| High | RIPEMD160 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 5 5 1 5 4 7 4 5 2 8 4 | No issues detected. |
| Middle | RIPEMD160 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 8 7 6 5 6 2 2 7 6 2 9 | Slightly elevated bias detected. |
| Low | RIPEMD160 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 7 2 6 10 1 2 3 6 5 9 5 | Slightly elevated bias detected. |
| High | Hash160 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 3 4 4 2 4 4 5 8 1 4 10 | No issues detected. |
| Middle | Hash160 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 8 6 10 4 6 5 4 3 2 5 6 | As pointed out in the Cornell-MIT joint paper, a clear bias exists in the middle bits. |
| Low | Hash160 from random input (33 bytes), random is GetStrongRandBytes | 4.65 | 5 7 5 8 6 3 7 7 4 3 3 | No issues detected. |
| High | Hash160 from ECDSA public key input (33 bytes), random is GetStrongRandBytes | 4.65 | 4 5 7 6 3 4 11 5 5 3 7 | --- |
| Middle | Hash160 from ECDSA public key input (33 bytes), random is GetStrongRandBytes | 4.65 | 5 7 5 5 3 9 3 9 3 2 6 | --- |
| Low | Hash160 from ECDSA public key input (33 bytes), random is GetStrongRandBytes | 4.65 | 9 3 4 4 2 1 7 3 4 4 6 | --- |