I ran 60 cryptanalysis experiments on SHA-256. Here's what I found.

Noctarion — Sun, 26 Apr 2026 13:01:35 +0000

Update (2026-04-27): Finding #1 corrected after self-check (N=200K).
The original "9.56σ cross-hash anti-correlation" overstated the result —
observable LZ outputs are independent (r≈0.000). Corrected finding:
cross-hash carry anti-correlation r=−0.029, 6.5σ (internal state),
consistent with Dodis et al. (CRYPTO 2012, IACR 2013/382) on
SHA-256d non-indifferentiability. IACR ePrint revised accordingly.

TL;DR

SHA-256 cannot be broken. No shortcut for mining exists. But proving
that produced 7 novel findings.

Setup

60 independent experiments
19 mathematical frameworks
5,000–1,000,000 hash evaluations per experiment
All signals Bonferroni-corrected and scale-verified (real signals scale as √N)

The 7 Novel Findings

1. SHA-256d second hash has constrained internal carry structure [CORRECTED]

Bitcoin's SHA-256d has a measurable cross-hash carry anti-correlation
(r=−0.029, 6.5σ, N=50K — internal state). W[8-15] in the second hash
is ALWAYS constant padding — only ~30 unique carry count values exist
in the W-schedule.

Observable hash outputs are statistically independent (LZ correlation
r≈0.000). This is consistent with Dodis et al. (CRYPTO 2012) who
proved SHA-256d is NOT indifferentiable from a random oracle.

Not exploitable (<0.1% variance), but a real and documented structural
property of H².

2. |HW(a)-16| → leading zeros: 20.48σ

The strongest signal in 60 experiments. Absolute deviation of working
variable 'a' Hamming weight from 16 predicts output quality at 20.48σ.
Invisible to standard linear analysis. Post-computation only.

3. Round 8 is the "insulator" — 17× drop

R0-2: 100% deterministic
R3: carry breaks control (→22%)
R4: nonce enters
R6-7: 26 trackable channels
R8: 💥 ALL 26 destroyed — 17× drop in ONE round
R16-64: perfect white noise

This is WHY every neural net, every evolutionary algorithm, every ML
approach fails.

4. Nonce identity preserved (26.25σ) — but useless

Nonce tracking survives all 64 rounds. But nonce→quality correlation
= 0.84σ (noise). Count ⊥ Position. Two completely orthogonal channels.

5. Mixing: 85% linear + 15% nonlinear

Ch, Maj: <1% contribution each
ADD carries: 13%
Rotations Σ0, Σ1: 85%

Ch/Maj = algebraic protection. Rotations = actual mixer.

6. First algebraic mining impossibility proof via Z3

Nonces [0..31] proven IMPOSSIBLE for LZ≥8 at 4-round SHA-256.
Algebraically, not probabilistically.

7. Groebner basis: 2^71 worse than brute force

64-round Groebner: ~2^103. Mining brute force: 2^32. The "just solve
the polynomial equations" approach is 2 billion billion billion times
harder.

All 19 Frameworks — 0 Exploitable Signals

Statistics, Neural Networks, Evolutionary, Spectral, Z3/SAT, Control
Theory, FEM, Information Theory, Higher-Order Differentials, Cube
Attack, Rebound, ANF, Multi-Variable, Side-Channel, Wang Differentials,
p-adic, Tropical Geometry, Groebner, Representation Theory.

Forem: Noctarion