Bitcoin Performance: What does Hashes/Second Mean?

Question

Computing preimages (nonces) that satisfy a hash output with known property (minimum number of prefixed zeroes) is the foundation of bit-coin mining and block-chain validation. For this purpose, all available hardware, whether general purpose PCs and servers or custom ASICs that specifically target bitcoin mining, is rated for performance in terms of "Hashes/sec, Mega Hashes/Sec, or Giga Hashes/Sec".

Without specifying the length of the data that is hashed, I find this rating of HW in terms of 'Hashes/Sec' to be vague at best. All hashing algorithms input messages of arbitrary length and computed an fixed length message digest. So, a processing power that performs a "million hashes per second" over input blocks of length 100 bytes is not quite the same of another HW that can perform 'million hashes per second' with input blocks where the block length is 4 kilo bytes.

Questions:

1. What does it mean to say 'my HW can perform x hashes/sec'? Does each 'hash' refer to the block size of SHA256 algorithm, which is 512 bits?

2. Or, does a hash refer to hashing a block chain, whose length is highly variable subject to the transactions that define a block-chain?

3. Is there is a well known benchmark program that can measure the 'hashes/sec' supported by any piece of HW?

Without clarifying the above details & publishing a benchmark that everyone can look up to, vendors' claims of "Hashes/Sec" seems like a marketing ploy to me.

[Added Later] I have a further question on the details of how a valid nonce is searched. As I understand it, the search is determined by 3 parameters

(a) The block header (b) target string (c) nonce

A representative pseudo code that searches for the nonce can be written as:

while (hash_256(hash_256(block_header, nonce) >= target_string) do

      nonce = nonce + 1

end_while

I have modeled the above pseudo code from this blog of Ken Schriff. It is not clear how this code models the 'difficulty' parameter. Above loop (as well as the one found in the blog) iterates through all nonce values from 0 through (2^32-1). Or, exactly 4 billion iterations of the hash function. Even a PC with a 12 year old Pentium 4 CPU that performs at 1 MHashes/Sec (cf. Mining Hardware Comparison) can crack this in 4000 seconds, or in about an hour. Custom ASICs with GHashes/sec performance will crack it in a second.

What is the correction needed to reflect the 'difficulty' parameter in this pseudocode? Does the size of the nonce have to be related to the difficulty ?

Answer 1

SHA256 uses a compression function that maps a 64 byte input block and a 32 byte chaining state to the next chaining state. It divides the message into 64 byte blocks and hashes those sequentially.

The bitcoin proof of work uses SHA256(SHA256(block_header)). Between each hashing attempt only 4 bytes in the last block of the header change, so for each hashing attempt you only need to compress that last block of the message and then one compression for the outer hash.

So one bitcoin hash corresponds to two SHA-256 compressions. In definition of "Hash/s" says how many nonces can be evaluated per second which is a meaningful definition in this context.

The header contains the (root of a tree)hash of the actual block. But since the actual block only changes every 4 billion nonces, the cost up updating it is small compared to the cost of hashing the header. That's why it's neglected in those performance claims.

To compare different hardware you need to use miners specialized for that hardware. There are CPU, GPU, FPGA and ASIC based miners. Mining hardware comparison on the bitcoin wiki lists the performance of many different kinds of hardware. Nowadays only ASIC is competitive, for other kinds of hardware the cost of buying and electricity exceeds the earned bitcoins.