Why does Bitcoin keep using SHA256 in its POW?

The following content was written by butka on April 19, 2018, 11:23:41 AM in the thread Why does Bitcoin keep using SHA256 in its POW?. All content is owned by the author of the bitcointalk.org post. (original)


This is a question I’ve had for some time. It has to do with the hashing algorithm of Bitcoin, namely:

Why Don’t We Change the SHA256 in Bitcoin’s proof of work?

This question is probably naive, asked many times before, but still I would appreciate your thoughts, especially regarding the current situation.

I get it that no one could’ve foreseen the appearance of specialized ASIC mining equipment when Bitcoin was in its early days.
If I understand it correctly, over time this has led to centralization, with the majority of computer power for hashing in Bitcoin’s POW concentrated in the hands of a few entities.
Or, would this have happened regardless of the ASIC?

How about changing the algorithm? There are other memory intensive hashing functions, or even a combination thereof, which would result in ASIC resistance.

The obvious advantage of switching to ASIC resistant algorithms would be promoting decentralization as more people would be able to enter the mining process with “normal” hardware.
The obvious disadvantage is that implementing other POW algorithms that would be ASIC resistant would require a Hard Fork and we would lose backward compatibility.

Is this the only disadvantage? What else am I missing?

Also, in light of this, and given that Bitcoin is a decentralized system, who decides whether or not changes of this type could or should happen?

The following content was written by Carlton Banks on April 19, 2018, 12:37:02 PM in the thread Why does Bitcoin keep using SHA256 in its POW?. All content is owned by the author of the bitcointalk.org post. (original)


It’s complicated.

To simplify, this has actually already happened: I think it was Bitcoin Gold (?) that hard-forked from Bitcoin a couple of months ago, on the basis of a more decentralised mining ecosystem by changing PoW to an algo that’s difficult to produce an ASIC for. Needless to say, it didn’t gain much popularity.


Until the mining cartel start to affect everyday Bitcoin users in a way that forces them to act, I expect nothing will happen. Segwit2x almost forced this situation, but in the end it was averted.

In principle, I think it would be better if PoW was changed, but it needs ALOT of planning to make the change seamless, there must be a minimally disruptive way to transition to the alternative source of hashrate to ensure highest possible confidence in the change. Otherwise the BTC exchange rate could crash badly.

Exactly what that would look like… well, maybe a testnet could be running beforehand, with all the new-PoW miners testing that chain. Then a “hand-over” period of blocks could be specified to permit both SHA256 and new-PoW blocks, after which only new-PoW blocks are accepted when handover is complete. Maybe if the end of the hand-over period is specified by the percentage of blocks produced using new-PoW (say 90% or 95%), it could be a very smooth transition. There would almost certainly be people continuing to mine the SHA256 chain afterwards though, although it’s unlikely to gain much traction if they’re only doing 5% of the work of the main chain.

Choosing the algorithm to ensure the viability of out-hashing the SHA256 miners would be very important, but that would also be the key to success.

Subscribe our latest updates

Don't miss out. Be the first one to know when a new guide or tool comes out.

Subscription Form

Support Us ❤

Creating learning material requires a lot of time and resources. So if you appreciate what we do, send us a tip to bc1qm02xguzxxhk7299vytrt8sa8s6fkns2udf8gjj. Thanks!