Understanding the two hatching functions of Ethereum: op_hash160 vs op_sha256
The Ethereum blockchain uses two hatching functions to store and check the transactions, each with its own strengths and weaknesses. In this article, we decompose the differences between OP_HASH160 and OP_SHA256, explaining when to use one on the other and in what situations.
What are the hash functions?
The hash functions take input data of any size and produce a fixed size chain (or hash) which represents this data uniquely. In the context of Ethereum, OP_HASH160 and OP_SHA256 are used for messages authentication and data integrity.
op_hash160:
- Version: Introduced in BIP 0012
- Description: hash function based on SHA-256
- Key features:
+ Use an input block of 20 bytes (128 bits)
+ Signed with the private key using ECDSA (digital signature algorithm of the elliptical curve)
+ More resistant to collisions and preimage attacks because of its fixed length
- Why use OP_Hash160?
- Higher safety: OP_Hash160 is more secure than OP_SHA256, making it a better choice for sensitive transactions.
- easier to implement: since OP_HASH160 uses the SHA-256, which has been largely adopted and understood, the implementation of OP_HASH160 is relatively simpler.
- Better resistance to collisions: The fixed length of 20 bytes offers stronger protection against attacks that try to modify the input data.
op_sha256:
- Version: Introduced in BIP 0013
Description: Hitting function based on SHA-256 (identical to ECDSA)
- Key features:
+ Uses a variable length input block up to 32 bytes
+ Signed with the private key using ECDSA
+ Less resistant to collisions and preimage attacks because of its dynamic length
- Why use OP_SHA256?
- Simplified implementation: Since OP_SHA256 uses Sha-256, which is well established, the implementation can be easier than OP_Hash160.
- Better resistance to pre -missing attacks: The input block of variable length offers stronger protection against attacks which try to modify the input data.
When using OP_Hash160:
- Sensitive transactions: When you process sensitive information, such as personal data or financial transactions, the higher security of OP_Hash160 is a better choice.
- Longer input blocks:
If you need to store longer input blocks (for example, larger data structures), the fixed length of OP_Hash160 offers more protection against collisions.
When using OP_SHA256:
- Inputs of variable length: When you treat input blocks of variable length, such as images or other supports, OP_SHA256 is a better choice.
- Existing infrastructure: If you already use an existing infrastructure that rests on ECDSA (for example, portfolios, libraries), the implementation of OP_SHA256 can be simpler.
Example of unlocking the scripts:
Here are some examples of BIP 199 scripts that use both OP_HASH160 and OP_SHA256 for messages authentication:
Op_hash160:
C
Unlock contract (
bytes32 _input,
Address _PrivateKey,
bytes _Signature
) {
// Check the signature using ECDSA (ECDSA is used here)
require ECDSAVERIFY (_Signature, _PrivateKey, _input);
}
Function _ecdsaverife (bytes memory _Signature, address _PrivateKey, bytes32 _input) Public {
// ... (ECDSA verification logic)
// Check the input using SHA-256
require SHA256 (_input). Equals (_Signature);
}
'
Op_sha256:
C
Unlock contract (
bytes32 _input,
Address _PrivateKey,
bytes _Signature
) {
// Check the signature using ECDSA (ECDSA is used here)
require ECDSAVERIFY (_Signature, _PrivateKey, _input);
// Check the input using SHA-256
require SHA256 (_input). Equals (_Signature);
}
“ ‘
In conclusion, although OP_HASH160 and OP_SHA256 provide unique strengths and weaknesses, the choice between them depends on your specific use case.