Theoretical minimum # of logic operations to perform double iterated SHA256?


What is the theoretical minimum number of logical operations an ASIC needs to perform to compute double iterated SHA256, i.e., sha(sha(•))?


Posted 2015-04-18T22:54:35.683

Reputation: 3 965

Is this the best way to phrase the question? It seems like you'd want to know 1) the number of gates required to implement it, and 2) how much it can be pipelined (probably quite a lot.) – Nick ODell – 2015-04-19T08:33:28.253



SHA256D, which is what Bitcoin uses, is 128 rounds, comprising

768 additions,

640 ORs

896 XORs

And a bunch of bit shifts but bit shifts are free on an ASIC.



Posted 2015-04-18T22:54:35.683

Reputation: 3 965

Those numbers don't seem correct. I count 522 additions across one iteration of SHA256, for example. (1044 across two)

– Nick ODell – 2015-04-19T08:32:12.340


...and I'm counting 600 additions for one SHA256 block: 48*3 + 64*7 + 8. Honestly I think this should be closed as off-topic and re-posted to where you could attract the attention of a crypto expert.

– Christopher Gurnee – 2015-04-19T15:03:38.317