Should SHA256 be replaced with SHA512?

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: pooya87 on January 12, 2020, 03:19:33 AM

Quote

With 64bit CPU:s SHA512 would actually be faster to calculate than SHA256. That is if the modern CPUs didn't have dedicated instruction sets for speeding up calculating SHA256, which they do.

how about using AVX512 for SHA512?

It's not available on AMD CPU and Arm SoC. Those tasks usually given to GPU anyway.

Kakmakr

legendary

Activity: 3458

Merit: 1960

Leading Crypto Sports Betting & Casino Platform

Was one of the reasons why people did not want to consider that, not the performance issues? I think in previous discussions where the Quantum computing issue was discussed, some posters mentioned that it would take more computing power to process SHA512 based transactions. Huh

If it was a threat, Banks and other financial institutions that are using SHA256, would have moved to SHA512 already, but you are not seeing that in the market. Tongue

https://stackoverflow.com/questions/11624372/best-practice-for-hashing-passwords-sha256-or-sha512

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: aplistir on January 12, 2020, 02:36:07 AM

There was a discussion here where change to SHA512 was suggested with only using the first 256 bits of the result. That way security would be increased while transaction sizes would not take more space.

that solves the problem of bigger length but raises the question of why stick to SHA-2 and not switch to SHA-3 while we are making that change.

Quote

With 64bit CPU:s SHA512 would actually be faster to calculate than SHA256. That is if the modern CPUs didn't have dedicated instruction sets for speeding up calculating SHA256, which they do.

how about using AVX512 for SHA512?

Quote

And I do not think we would have to change the elliptic curve if we just change the hash algorithm. We could, but they aren't really connected.

well hash functions are chosen based on the curve not the other way around so it doesn't make sense to me to use a 512 bit hash with a 256 bit curve which is why i say we may have to change to secp521r1 curve so that usage of a 512 bit hash makes sense.
although if the result is truncated (SHA512-256) then it could make some sense.

aplistir

full member

Activity: 378

Merit: 197

Quote from: pooya87 on January 12, 2020, 12:18:21 AM

the only reason for even considering a replacement for the hash algorithm (SHA-256) is if there were any security risk in using it. for example in the future maybe finding a collision for SHA-256 became as easy as finding a SHA-1 collision today. in which case the replacement should be to a different algorithm not the exact thing (ie. SHA-512).

lets not forget that if we change SHA-256 to SHA-512 we also have to probably change the elliptic curve to a 512 (or 521) bit curve. and that would hugely increase transaction sizes as both hashes and signatures would take twice the previous space.

There was a discussion here where change to SHA512 was suggested with only using the first 256 bits of the result. That way security would be increased while transaction sizes would not take more space.

And if SHA512 would be slower, that would just be an added bonus Wink

With 64bit CPU:s SHA512 would actually be faster to calculate than SHA256. That is if the modern CPUs didn't have dedicated instruction sets for speeding up calculating SHA256, which they do.

And I do not think we would have to change the elliptic curve if we just change the hash algorithm. We could, but they aren't really connected.

pooya87

legendary

Activity: 3472

Merit: 10611

the only reason for even considering a replacement for the hash algorithm (SHA-256) is if there were any security risk in using it. for example in the future maybe finding a collision for SHA-256 became as easy as finding a SHA-1 collision today. in which case the replacement should be to a different algorithm not the exact thing (ie. SHA-512).

lets not forget that if we change SHA-256 to SHA-512 we also have to probably change the elliptic curve to a 512 (or 521) bit curve. and that would hugely increase transaction sizes as both hashes and signatures would take twice the previous space.

gmaxwell

staff

Activity: 4172

Merit: 8419

Quote from: Jet Cash on January 11, 2020, 05:04:10 AM

In view of the massive increase in hash power and computer technology since then, I wondered if it might be worth reconsidering this.

Your prompt is a non-sequitor. Increases in hashrate or computer technology don't make sha512 more attractive.

One change in technology has made it a lot less attractive: Modern high speed CPUs have special instructions for computing sha256 extremely fast. ... these instructions don't do sha512, so it the speed gap between the two has widened further.

qwk

donator

Activity: 3542

Merit: 3413

Shitcoin Minimalist

Quote from: Jet Cash on January 11, 2020, 05:04:10 AM

I've started it in the beginner's board to encourage members who are new to Bitcoin to research SHA256.

So, now that it's no longer in the beginner's board, shall "we the oldies" answer it?

Jet Cash

legendary

Activity: 2688

Merit: 2444

https://JetCash.com

This question was asked in this forum back in 2010in this thread
https://bitcointalksearch.org/topic/suggestion-replace-sha-256-with-sha-512-from-block-200000-1713
In view of the massive increase in hash power and computer technology since then, I wondered if it might be worth reconsidering this.

I appreciate that this is probably a topic for the technical forum, but I've started it in the beginner's board to encourage members who are new to Bitcoin to research SHA256. If view of this, please don't be discouraged from asking questions, and making constructive comments.

Topic: Should SHA256 be replaced with SHA512? (Read 203 times)