Claim: SHA-256 output can be predicted

[easyasot3]

A company has claimed to have developed a method that "is able to predict the likelihood of an input to SHA-256 (the core algorithm to mine Bitcoins) to produce a winning Hash". The claim was made in this RNS on the London Stock Exchange.

The Company announced on 13 March 2024 the development of a proprietary AI Oracle, broadly defined by the R&D team as Method C. While the Machine Learning model has previously been defined as Method C, the result of its `training' with relevant data is known in the industry as an AI Oracle. This Oracle is being used by QBT to implement its prediction engine.

Method C's AI Oracle is able to predict the likelihood of an input to SHA-256 (the core algorithm to mine Bitcoins) to produce a winning Hash. Should the AI Oracle calculate that the current SHA-256 will not be successful in finding the winning Hash, it skips that calculation and moves on to the next input. In the March 2024 announcement, the Company reported that irrelevant SHA-256 computations were being avoided almost 30% of the time.

My understanding is that the output of SHA-256 is essentially random and unpredictable, and that if the company's claim is true then this would have a devastating impact on both the bitcoin mining industry, and also all internet security in general.

The company acknowledge in the RNS how extraordinary their claim is: "The Company believes this is a major innovation, which undermines a key Bitcoin Mining industry assumption that the SHA-256 algorithm output cannot be predicted"

The company's share price rose significantly after this announcement. If the claims are mathematically impossible, then they might be fraudulent and might be misleading investors.

According to the company website, their CEO graduated in Theoretical Physics at Padova University and became a Professor of Artificial Intelligence at Milan University. In this RNS they report engaging the services of Lov Grover (of Grover's algorithm fame), so they seem to have some credibility.

Does anyone have good evidence debunking this claim? Or is the claim possible?

 

[Mick West]

My understanding is that the output of SHA-256 is essentially random and unpredictable, and that if the company's claim is true then this would have a devastating impact on both the bitcoin mining industry, and also all internet security in general.

Their claim just makes mining bitcoin 30% more efficient, if true. We don't know if it is true. It does not allow for any decryption or invalidation of digital signatures.

It takes a while to mine one bitcoin. So I wonder if it's just an optimistic interpretation of a small sample.

 

[Mendel]

The claim was made in this RNS on the London Stock Exchange.

While the Company is now finally able to demonstrate the above achievements in real time simulated mining, using QBT's AI Oracle hardware implementation (see below) and a simulation of the blockchain using historic data, it has to be noted that recent lab tests have also clearly demonstrated the effectiveness of the AI Oracle, as a result of the training of the Method C model, running at the current level of mining difficulty.

So essentially they seem to have trained a LLM to identify duds in historic data, which is entirely useless for actual work.

Also, I can easily predict whether a given input is going to win simply by running SHA256 on it, which is very cheap. Any prediction method must be more efficient than that to be economically viable. That's a hurdle no AI can meet.

Note that theoriginal claim dates back to 2024, and the impact was negligible. This year's improvement raises the efficiency from 30% to 50%, which is still pretty useless.

 

[BunkBug]

The company has a handy YouTube 'Explainer' page here,

https://www.youtube.com/@QuantumBlockchainTechnologies

In particular,


Source: https://www.youtube.com/watch?v=5ehU3hDMFEM


Source: https://youtu.be/5ehU3hDMFEM?t=69


According to them the AI has detected patterns or regularities in SHA256

Their Products and Services page for Methods A, B and C

https://quantumblockchaintechnologies.co.uk/products-services

The description for Method C has recently changed to reflect the introduction of a software version that runs on the Mining Rig control board. Previously a Binary Decision Tree implemented in the ASICs at the silicon level was proposed that accepts weights from the AI model hosted elsewhere.

Generally all of the Methods appear to be supposed to select or reject candidate Headers based on an AI analysis on the nonce and/or extranonce. The explanations are at best sparse or meaningless. If you ask an LLM it will say it does not work because SHA256 has no 'patterns' or the LLM will try to fit sense to the words and suggest that the optimisation is being applied externally to the ASICs. Work Scheduling and Health Monitoring or similar peripheral tasks.

Unfortunately the words are what they are and they have the specific intent of suggesting that SHA256 has patterns and their AI can select/reject headers such that the Rig is only given candidate headers that will result in a Hash below the Block Difficulty.

However they have recently pivoted to claiming that they select "Quality Hashes" that meet the Pool Difficulty so you can claim a higher Share of the reward.

The company CEO has recently suggested that people should ignore what an LLM will tell them because it can only know what is reality today which seems like a convenient excuse.


Source: https://www.youtube.com/watch?v=5NMKmX4tCdc


Source: https://youtu.be/5NMKmX4tCdc?t=319


Other Investor fluff here.

https://www.youtube.com/@Proactive247/search?query=Quantum Blockchain Technologies

Here are their guys explaining things at NEMS25, Nashville Energy Mining Summit at Bitcoin Park.


Source: https://podcasts.apple.com/us/podcast/nems25-reality-or-science-fiction-a-future-of/id1646515985?i=1000699494440

 

[FatPhil]

With my practical crypto hat on - nah.

There's nothing that an AI can do that experienced fine-tuned dedicated cryptanalysis wouldn't be better at. I know of no attack on SHA-256 that can do anything useful for 48 or more rounds of the algorithm, and the algorithm has 64 in total.

I'd note that having an expert in theoretical physics and AI is almost as irrelevant as bringing an expert in genetics to the field of cryptography. If they'd have brought Preneel, Wang, or Mendel on board (not you, @Mendel, the cryptographer), I'd pay more attention.
(EDIT: It appears Google scholar knows of no papers by Grover since 3 decades back: https://scholar.google.com/citations?user=_3tVwW8AAAAJ&hl=en )

If they do have a new attack, and have reduced the secirity by 0.5 or 1.0 bits, then with my theoretical crypto hat on - yeah, that would be an interesting crack: anything below perfection is a crack. However, I'd like to see the peer-reviewed paper.

If instead they've justy made finding hash collisions 30% faster ... they may have just waited 9 months for hardware to get quicker (50% being 18 months). That's not crypographically interesting at all.

And if it's just regurgitating old results it's been trained on (which it kinda sounds like it is), then that's less than not interesting, it's utter bullshite.

Which brings me back to "nah".