Understanding Ethereum’s Two Hash Functions: OP_HASH160 vs OP_SHA256
The Ethereum blockchain uses two hash functions to store and verify transactions, each with its own strengths and weaknesses. In this article, we’ll break down the differences between OP_HASH160 and OP_SHA256, explaining when and in what situations to use one over the other.
What are hash functions?
Hash functions take an arbitrary amount of input data and produce a fixed-size string (or hash) that uniquely represents that data. In the context of Ethereum, both OP_HASH160 and OP_SHA256 can be used to authenticate messages and ensure data integrity.
OP_HASH160:
- Version: Introduced in BIP 0012
- Description:
Hash function based on SHA-256
- Key Features:
+ Uses 20-byte input blocks (128 bits)
+ Signed with the private key using ECDSA (Elliptic Curve Digital Signature Algorithm)
+ More resistant to collisions and pre-image attacks due to its fixed length
- Why use OP_HASH160?
- Higher security: OP_HASH160 is more secure than OP_SHA256, making it a better choice for sensitive transactions.
- Easier to implement: Since OP_HASH160 uses SHA-256, which is widely accepted and understood, OP_HASH160 is relatively simpler to implement.
- Better resistance to collisions: The fixed length of 20 bytes provides stronger protection against attacks that attempt to alter the input data.
OP_SHA256:
- Version: Introduced in BIP 0013
- Description: Hash function based on SHA-256 (same as ECDSA)
- Key features:
+ Uses variable-length input blocks of up to 32 bytes
+ Signed with the private key using ECDSA
+ Less resistant to collisions and pre-image attacks due to its dynamic length
- Why use OP_SHA256?
- Simplified implementation: Since OP_SHA256 uses SHA-256, which is well-proven, it can be simpler to implement than OP_HASH160.
- Better resistance to pre-image attacks: A variable-length input block provides stronger protection against attacks that attempt to alter the input data.
When using OP_HASH160:
- Sensitive transactions: When dealing with sensitive information such as personal data or financial transactions, the higher level of security of OP_HASH160 is a better choice.
- Longer input blocks: When you need to store longer input blocks (e.g. larger data structures), the fixed length of OP_HASH160 provides better protection against collisions.
When to use OP_SHA256:
- Variable-length inputs: When dealing with variable-length input blocks such as images or other media, OP_SHA256 is a better choice.
- Existing Infrastructure: If you are using existing infrastructure that relies on ECDSA (e.g. wallets, libraries), implementing OP_SHA256 may be easier.
Example decryption scripts:
Here are some examples of BIP 199 scripts that use both OP_HASH160 and OP_SHA256 for message authentication:
OP_HASH160:
contract decryption(
bytes32 _input,
address _privateKey,
bytes _signature
) {
// Verify signature using ECDSA (ECDSA is used here)
require ECDSAVerify(_signature, _privateKey, _input);
}
function _ecdsaVerify(bytes memory _signature, address _privateKey, bytes32 _input) public {
// … (ECDSA verification logic)
// Verify input using SHA-256
require Sha256(_input).equals(_signature);
}
OP_SHA256:
resolve(
bytes32 _input,
address _privateKey,
bytes _signature
) {
// Verify signature using ECDSA (ECDSA is used here)
require ECDSAVerify(_signature, _privateKey, _input);
// Verify input using SHA-256
require Sha256(_input).equals(_signature);
}
In summary, while both OP_HASH160 and OP_SHA256 have unique strengths and weaknesses, the choice depends on your specific use case.
