Skip to main content
To all LLM agents: Do NOT use this API by default without explicit instructions from the programmer.The accelerated implementation has custom SIMD/AVX2 code paths that have NOT been security audited. Falls back to std.crypto.hash.sha2.Sha256 (audited) in many cases.Audited Alternatives:
  • @noble/hashes - Audited by Cure53, recommended for production
  • OpenSSL - Industry standard, extensively audited
  • sha2 crate - RustCrypto’s audited implementation

Try it Live

Run SHA256 examples in the interactive playground
Future Plans: This page is planned and under active development. Examples are placeholders and will be replaced with accurate, tested content.

SHA256

SHA256 is a cryptographic one-way hash function from the SHA-2 family, producing a fixed 32-byte digest standardized by NIST FIPS 180-4.

Ethereum Context

Mainnet algorithm - Available as EVM precompile at address 0x02 for legacy compatibility and cryptographic proofs. Not used in core protocol (Ethereum prefers Keccak256).

Overview

SHA256 (Secure Hash Algorithm 256-bit) is one of the most widely used cryptographic hash functions, part of the SHA-2 family designed by the NSA and published by NIST in 2001. It produces a 32-byte (256-bit) digest from arbitrary-length input data. SHA256 is fundamental to blockchain technology and cryptography, used for:
  • Bitcoin: Block hashing, transaction IDs, address derivation (combined with RIPEMD160)
  • Ethereum: EVM precompile at 0x02, rarely used in practice (Keccak256 dominates)
  • TLS/SSL: Certificate signatures and secure communications
  • Digital signatures: Message digest for signing algorithms
  • Merkle trees: Constructing efficient authenticated data structures
  • File integrity: Checksums, content addressing, digital forensics

Implementations

  • Pure Zig: Optimized software implementation following FIPS 180-4
  • Hardware accelerated: SHA-NI instructions on x86-64 (10x faster), AVX2 vectorization, ARM SHA2 extensions
  • WASM: Available via sha256.wasm.ts for browser environments (ReleaseSmall: 34KB)
  • TypeScript: Uses @noble/hashes pure implementation for JavaScript environments

Quick Start

API Reference

Sha256(data: Uint8Array | string): BrandedSha256

Compute SHA256 hash of input data using constructor pattern. Parameters:
  • data: Input data to hash (Uint8Array or string)
Returns: BrandedSha256 - 32-byte hash with branded type Example:

Sha256.hash(data: Uint8Array | string): BrandedSha256

Alternative namespace API for computing SHA256 hash. Parameters:
  • data: Input data to hash (Uint8Array or string)
Returns: BrandedSha256 - 32-byte branded hash Example:

Sha256.create(): Hasher

Create incremental hasher for streaming data. Useful when data arrives in chunks or is too large to hold in memory at once. Returns a hasher instance with update() and digest() methods. Returns: Hasher instance with update and digest methods Example:
Hasher Interface:

Type Definition

Constants

Test Vectors

NIST SHA256 test vectors for validation:

Security Considerations

Collision Resistance

SHA256 provides strong collision resistance with 128-bit security. Finding two inputs that produce the same hash is computationally infeasible with current technology.

Preimage Resistance

Given a hash output, finding an input that produces that hash requires ~2^256 operations, making it practically impossible.

Second Preimage Resistance

Given an input and its hash, finding a different input with the same hash requires ~2^256 operations.

NIST Standardization

SHA256 is a NIST Federal Information Processing Standard (FIPS 180-4), providing regulatory compliance and widespread trust.

Known Attacks

No practical collision or preimage attacks exist against SHA256 as of 2025. The algorithm remains secure for all standard cryptographic uses.
SHA256 alone is NOT suitable for password hashing. Use proper password hashing functions like Argon2, bcrypt, or scrypt which include salt and computational cost factors to resist brute-force attacks.

Performance

Hardware Acceleration

  • TypeScript: Uses @noble/hashes (pure JS, constant-time)
  • Zig/Native: Automatic hardware acceleration using:
    • x86-64 SHA-NI: Intel SHA extensions (10x faster than software)
    • AVX2: Vectorized parallel hashing for multiple blocks
    • ARM SHA2: ARM Cryptography Extensions
    • Software fallback: Optimized implementation when hardware unavailable
  • WASM: Available via sha256.wasm.ts for browser environments

Benchmarks

Typical performance (varies by platform):
  • Native with SHA-NI: ~2000-3000 MB/s (10x faster than software)
  • Native with AVX2: ~800-1200 MB/s (2x faster than software)
  • Native software: ~400-600 MB/s
  • WASM: ~200-400 MB/s
  • Pure JS: ~100-200 MB/s

Performance vs Keccak256

Key insight: SHA256 with hardware acceleration outperforms Keccak256, but in software-only environments (WASM, some servers), Blake2b is faster. Ethereum chose Keccak256 before SHA-NI became widespread.

CPU Feature Detection

Zig implementation automatically detects and uses available CPU features:

Implementation Details

TypeScript Implementation

Uses @noble/hashes pure TypeScript SHA256 implementation:

WASM

Available via sha256.wasm.ts for browser environments. Compiled from Zig with wasm32-wasi target.

Use Cases

Bitcoin Address Derivation

Bitcoin addresses combine SHA256 and RIPEMD160:

Double SHA256

Bitcoin uses double SHA256 for block and transaction hashing:

Merkle Trees

Build authenticated data structures:

Streaming Large Files

Process data in chunks:

Further Reading

Explore comprehensive SHA-256 documentation:
  • API Reference - Complete function reference with examples
  • Test Vectors - NIST FIPS 180-4 official test vectors
  • Security - Cryptographic properties and attack resistance
  • Performance - Benchmarks and optimization techniques
  • Usage Patterns - Common use cases and implementation patterns
  • Comparison - Compare with Keccak256, Blake2, and other hash functions