## Theoretical minimum # of logic operations to perform double iterated SHA256?

4

What is the theoretical minimum number of logical operations an ASIC needs to perform to compute double iterated SHA256, i.e., sha(sha(•))?

Is this the best way to phrase the question? It seems like you'd want to know 1) the number of gates required to implement it, and 2) how much it can be pipelined (probably quite a lot.) – Nick ODell – 2015-04-19T08:33:28.253

3

SHA256D, which is what Bitcoin uses, is 128 rounds, comprising

640 ORs

896 XORs

And a bunch of bit shifts but bit shifts are free on an ASIC.

(source)

Those numbers don't seem correct. I count 522 additions across one iteration of SHA256, for example. (1044 across two) http://en.wikipedia.org/wiki/SHA-2#Pseudocode

– Nick ODell – 2015-04-19T08:32:12.340

1

...and I'm counting 600 additions for one SHA256 block: 48*3 + 64*7 + 8. Honestly I think this should be closed as off-topic and re-posted to http://crypto.stackexchange.com/ where you could attract the attention of a crypto expert.

– Christopher Gurnee – 2015-04-19T15:03:38.317