What is a hash function?

A hash function takes any input — a word, a file, a block of transactions — and produces a short, fixed-length output called a hash or digest. It is deterministic: the same input always produces the same output. It is one-way: given only the hash, you cannot recover the input. And a small change in the input produces a wildly different output. Every cryptocurrency, and most of modern cryptography, depends on these three properties.

What a hash looks like

Bitcoin uses SHA-256, a function designed by the NSA and standardized in 2001. It produces a 256-bit output, usually written as 64 hexadecimal characters. The hash of the string "hello" is "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824" — that output is unique to that input, down to the case and spacing.

Change one character — "Hello" instead of "hello" — and the hash is unrecognizable. That property, called the avalanche effect, is what makes hashes useful for detecting tampering. If anyone changes anything in the input, the output changes, obviously and completely.

Ethereum primarily uses Keccak-256 (called keccak256 in Solidity, sometimes shorthanded as SHA-3 though strictly the two differ). Other functions — BLAKE2, BLAKE3, Poseidon, SHA-512 — appear in other systems, each tuned for different use cases. Poseidon, for example, is designed to be efficient inside zero-knowledge proofs, where traditional hashes are expensive.

The three properties that matter

Cryptographic hash functions need three properties to be secure. Preimage resistance: given a hash, you should not be able to find any input that produces it. Second-preimage resistance: given an input, you should not be able to find a different input with the same hash. Collision resistance: you should not be able to find any two different inputs with the same hash.

All three are about how hard the problem is in the worst case. A well-designed hash function like SHA-256 has no known attack better than brute force. To find a collision by brute force, you would need to hash roughly 2 to the 128 different inputs — a number so large that every computer that has ever existed, running until the heat death of the sun, could not do it.

When hash functions are broken, it is usually slowly. MD5, once standard, has been broken in practice since the mid-2000s — collisions can be generated in seconds on a laptop. SHA-1 fell to a full collision attack in 2017. This is why protocols migrate: a hash function is a long-term commitment to a specific mathematical problem.

How blockchains use hashes

Three main uses. First, block linking. Each block's header contains the hash of the previous block. Changing a transaction in an old block changes that block's hash, which changes the next block's reference, which cascades forward. To alter history, an attacker must recompute every block since the change — which in proof-of-work systems means redoing the mining work.

Second, proof-of-work itself. Miners hash block headers with different nonces until they find one whose hash is below a target. That process has no shortcut; the only way to win is to compute a lot of hashes. See the mining explainer.

Third, Merkle trees. Transactions in a block are hashed pairwise into parent hashes, those parents are hashed pairwise into grandparents, and so on until a single root hash summarizes the entire block. This lets a light client verify that a specific transaction is in a block without downloading the whole block — just a logarithmic-size proof path.

Signatures and addresses

Hashes show up in wallets too. A public key is itself a long number, and addresses are derived by hashing the public key and truncating. This has two benefits: addresses are shorter, and they add an extra layer of security (you'd need to break both the hash and the elliptic-curve cryptography to recover the private key from just an address).

Digital signatures are built on top. The signer hashes the message, signs the hash with their private key, and publishes the signature. The verifier re-hashes the message and uses the public key to check the signature. If either the message or the signature was altered, verification fails.

Why it matters

Hash functions are invisible infrastructure. Users never interact with them directly, but nearly every interesting property of a blockchain flows from their behavior. The chain is immutable because block hashes link together. Proof-of-work is secure because hashes cannot be shortcut. Your wallet is safe because the underlying primitives — including the hashes inside the signing scheme — are, as far as anyone knows, uncrackable.

If one of the hash functions blockchains rely on were broken tomorrow, the systems would need to fork to a new one urgently. The fact that this has not happened — and that SHA-256 still has no known structural weakness after twenty years — is one of the quiet reasons the whole edifice holds together.