Update (2026-04-27): Finding #1 corrected after self-check (N=200K).
The original "9.56σ cross-hash anti-correlation" overstated the result —
observable LZ outputs are independent (r≈0.000). Corrected finding:
cross-hash carry anti-correlation r=−0.029, 6.5σ (internal state),
consistent with Dodis et al. (CRYPTO 2012, IACR 2013/382) on
SHA-256d non-indifferentiability. IACR ePrint revised accordingly.
TL;DR
SHA-256 cannot be broken. No shortcut for mining exists. But proving
that produced 7 novel findings.
Setup
- 60 independent experiments
- 19 mathematical frameworks
- 5,000–1,000,000 hash evaluations per experiment
- All signals Bonferroni-corrected and scale-verified (real signals scale as √N)
The 7 Novel Findings
1. SHA-256d second hash has constrained internal carry structure [CORRECTED]
Bitcoin's SHA-256d has a measurable cross-hash carry anti-correlation
(r=−0.029, 6.5σ, N=50K — internal state). W[8-15] in the second hash
is ALWAYS constant padding — only ~30 unique carry count values exist
in the W-schedule.
Observable hash outputs are statistically independent (LZ correlation
r≈0.000). This is consistent with Dodis et al. (CRYPTO 2012) who
proved SHA-256d is NOT indifferentiable from a random oracle.
Not exploitable (<0.1% variance), but a real and documented structural
property of H².
2. |HW(a)-16| → leading zeros: 20.48σ
The strongest signal in 60 experiments. Absolute deviation of working
variable 'a' Hamming weight from 16 predicts output quality at 20.48σ.
Invisible to standard linear analysis. Post-computation only.
3. Round 8 is the "insulator" — 17× drop
R0-2: 100% deterministic
R3: carry breaks control (→22%)
R4: nonce enters
R6-7: 26 trackable channels
R8: 💥 ALL 26 destroyed — 17× drop in ONE round
R16-64: perfect white noise
This is WHY every neural net, every evolutionary algorithm, every ML
approach fails.
4. Nonce identity preserved (26.25σ) — but useless
Nonce tracking survives all 64 rounds. But nonce→quality correlation
= 0.84σ (noise). Count ⊥ Position. Two completely orthogonal channels.
5. Mixing: 85% linear + 15% nonlinear
- Ch, Maj: <1% contribution each
- ADD carries: 13%
- Rotations Σ0, Σ1: 85%
Ch/Maj = algebraic protection. Rotations = actual mixer.
6. First algebraic mining impossibility proof via Z3
Nonces [0..31] proven IMPOSSIBLE for LZ≥8 at 4-round SHA-256.
Algebraically, not probabilistically.
7. Groebner basis: 2^71 worse than brute force
64-round Groebner: ~2^103. Mining brute force: 2^32. The "just solve
the polynomial equations" approach is 2 billion billion billion times
harder.
All 19 Frameworks — 0 Exploitable Signals
Statistics, Neural Networks, Evolutionary, Spectral, Z3/SAT, Control
Theory, FEM, Information Theory, Higher-Order Differentials, Cube
Attack, Rebound, ANF, Multi-Variable, Side-Channel, Wang Differentials,
p-adic, Tropical Geometry, Groebner, Representation Theory.
Links
- Paper: IACR ePrint 2026/109079
- Code: Zenodo DOI 10.5281/zenodo.19789234 — 60 Python scripts, free
Top comments (0)