Get AI summaries of any video or article — Sign up free
How secure is 256 bit security? thumbnail

How secure is 256 bit security?

3Blue1Brown·
4 min read

Based on 3Blue1Brown's video on YouTube. If you like this content, support the original creators by watching, liking and subscribing to their content.

TL;DR

Breaking a SHA-256 preimage for a specific 256-bit output has no known shortcut that beats brute force, so expected work is about 2^256 guesses.

Briefing

Breaking 256-bit cryptography boils down to an almost unimaginably unlikely guessing game: if an attacker must hit one specific 256-bit string—whether as a digital-signature secret or as a preimage for a hash like SHA-256—there’s no shortcut better than trying random candidates until the right one appears. With a 256-bit target, the expected number of guesses is 2^256, a figure so large that the real question becomes how long it would take even with extreme hardware.

To make the scale concrete, the math is reframed as 2^256 = (2^32)^8. Since 2^32 is about 4 billion, the problem becomes “multiply by 4 billion, eight times.” That structure matters because modern GPUs can run cryptographic hash computations in parallel. A well-optimized GPU might reach on the order of a billion hashes per second, and the thought experiment scales up by packing enough GPUs into a single machine to reach about 4 billion hashes per second per computer. Then the scenario multiplies that compute rate across vast numbers of such machines.

Imagine 4 billion GPU-packed computers—roughly “1,000 copies of a souped-up Google,” using estimates that Google’s server count is in the single-digit millions. Spread that compute across humanity: with about 7.3 billion people on Earth, giving each person a “kilo-Google” of this kind of hashing power yields 4 billion copies of Earth’s worth of attackers. Push the analogy further by comparing to the Milky Way’s estimated 100 to 400 billion stars. Replicating the Earth-and-people setup across 4 billion Milky Way–sized supercomputers creates a “giga-galactic supercomputer” capable of about 2^160 guesses per second.

Even then, the odds remain bleak. At 2^160 guesses per second, running for 4 billion seconds (about 126.8 years) is still only a tiny fraction of the 2^256 search space. Extend it to 4 billion such time spans—about 507 billion years, roughly 37 times the age of the universe—and the success probability still lands around 1 in 4 billion. In other words: brute-force 256-bit guessing remains effectively infeasible even under wildly exaggerated, galaxy-spanning compute assumptions.

The transcript then anchors the abstraction in real-world Bitcoin mining. Current Bitcoin hashing power is estimated around 5 billion billion hashes per second (5×10^18). That corresponds to only about one third of the earlier “kilo-Google” compute level. The gap isn’t because miners lack scale; it’s because they use application-specific integrated circuits designed specifically for SHA-256 hashing, achieving roughly 1,000× efficiency over general-purpose GPU-style computation.

Overall, the takeaway is straightforward: 256-bit security isn’t just “hard”—it’s hard in a way that survives even extreme parallel hardware, because the brute-force search space grows as 2^256, not linearly with compute power.

Cornell Notes

256-bit security can require guessing a specific 256-bit string, with no practical shortcut beyond random trial. For SHA-256 preimages (and similarly structured signature-related secrets), the expected work is 2^256 guesses. The transcript breaks this down as 2^256 = (2^32)^8, where 2^32 is about 4 billion, making the scale easier to grasp. Even an exaggerated “giga-galactic” setup—billions of Earth-sized compute replicas running for hundreds of billions of years—still yields only about a 1 in 4 billion chance of success. Real-world Bitcoin mining hashes far faster than a GPU, using SHA-256–optimized ASICs, but still illustrates how enormous 256-bit brute force remains.

Why does breaking a 256-bit hash preimage reduce to guessing and checking?

If the goal is to find a message whose SHA-256 hash equals a specific 256-bit output, there’s no known method that beats brute force for a random target. Each attempt is essentially independent, and the chance of hitting the exact 256-bit string is 1 out of 2^256. That makes the expected number of tries about 2^256, whether the target comes from a hash preimage search or a similarly structured 256-bit secret.

How does the transcript make 2^256 feel less abstract?

It rewrites 2^256 as (2^32)^8. Since 2^32 is about 4 billion, the problem becomes multiplying “4 billion” by itself eight successive times. This lets the discussion connect the search space to realistic compute rates measured in hashes per second, rather than leaving it as an opaque exponent.

What compute-rate scenario is used to estimate brute-force time?

A single “GPU-packed” machine is assumed to reach about 4 billion hashes per second. Then the thought experiment scales up to 4 billion such machines, described as roughly “1,000 copies of a souped-up Google,” and further multiplies by Earth and galaxy analogies to reach an overall rate around 2^160 guesses per second.

What does the galaxy-scale estimate conclude about success probability?

At about 2^160 guesses per second, even running for about 507 billion years (about 37 times the age of the universe) still gives only around a 1 in 4 billion chance of finding the correct 256-bit guess. The key reason is that 2^256 is so much larger than any plausible compute-time product, even under extreme replication.

How does Bitcoin mining relate to the 256-bit brute-force discussion?

Bitcoin’s total hashing power is estimated at about 5 billion billion hashes per second (5×10^18). The transcript compares that to the earlier “kilo-Google” compute level and says it’s about one third of that amount. The difference is attributed to miners using ASICs—application-specific integrated circuits—optimized for SHA-256 hashing, achieving roughly 1,000× efficiency over general GPU-style computation.

Review Questions

  1. If a 256-bit target requires brute-force guessing, what is the expected number of guesses and why?
  2. Why is rewriting 2^256 as (2^32)^8 helpful for estimating feasibility?
  3. How do ASICs change the practical hashing rate compared with GPUs in the Bitcoin context?

Key Points

  1. 1

    Breaking a SHA-256 preimage for a specific 256-bit output has no known shortcut that beats brute force, so expected work is about 2^256 guesses.

  2. 2

    The scale of 2^256 can be reframed as (2^32)^8, turning an abstract exponent into repeated multiplication by ~4 billion.

  3. 3

    Even extreme parallel hardware—replicating compute across Earth and then across a large fraction of the Milky Way—still leaves brute-force success probability effectively negligible.

  4. 4

    A “GPU-packed” hashing rate of roughly 4 billion hashes per second per machine is used as a baseline for the thought experiment.

  5. 5

    Bitcoin’s real hashing power is estimated around 5×10^18 hashes per second, but it still corresponds to only a fraction of the transcript’s earlier “kilo-Google” scenario.

  6. 6

    Bitcoin miners gain major efficiency by using SHA-256–focused ASICs, which can be about 1,000× more efficient than general-purpose GPU computation for this narrow task.

Highlights

For a 256-bit target, the expected number of brute-force guesses is 2^256—so large that even galaxy-scale compute over tens of billions of years barely moves the odds.
Rewriting 2^256 as (2^32)^8 (with 2^32 ≈ 4 billion) helps translate cryptographic security into a compute-and-time intuition.
Bitcoin’s hashing power is enormous, but ASIC efficiency—not just raw hardware count—explains why it outpaces GPU-style hashing by orders of magnitude.

Topics

  • Cryptographic Hashing
  • Brute-Force Security
  • SHA-256
  • Bitcoin Mining
  • ASIC Efficiency

Mentioned

  • SHA-256
  • ASIC

Get summaries like this for any content

Videos, articles, research papers — all summarized by AI and searchable in one place.

Start building your library