T
cryptography blockchain ethereum bitcoin hashing ecdsa

Blockchain Cryptography: Mastering Keccak-256, secp256k1, and Merkle Trees

A deep dive into the cryptographic primitives of blockchain. Explore Keccak-256, RIPEMD-160, HASH160, the secp256k1 curve, ECDSA signatures, and the role of Merkle Trees in data integrity.

2026-04-12

The Bedrock of Decentralization

Cryptography is the "crypto" in cryptocurrency. It provides the mathematical guarantees of security, ownership, and immutability that allow decentralized networks to function without a central authority.

In this guide, we will explore the specific cryptographic algorithms used by major blockchains like Bitcoin and Ethereum. We will examine why certain choices were made, how they differ from standard web cryptography, and how they work together to secure billions of dollars in assets.

1. Hashing Strategies: Bitcoin's Double Hash and HASH160

Bitcoin uses hashing for everything from mining to address generation. However, it rarely uses a single SHA-256 hash.

Double SHA-256 (SHA-256d)

Most operations in Bitcoin, including the Proof of Work and the construction of block IDs, use SHA-256 twice.

  • Formula: SHA256(SHA256(Data))
  • Reasoning: Satoshi Nakamoto implemented this primarily as a defense against length extension attacks, which were a theoretical concern for the Merkle-Damgård construction at the time.

HASH160: Space Efficiency

For generating addresses, Bitcoin uses HASH160.

  • Formula: RIPEMD160(SHA256(PublicKey))
  • Reasoning: RIPEMD-160 produces a 20-byte (160-bit) hash, which is shorter than SHA-256 (32 bytes). This saves critical space in the UTXO set and on the blockchain while maintaining a security level suitable for address identification.

2. Ethereum's Keccak-256: The "Real" SHA-3

Ethereum chose Keccak-256 as its primary hash function. This is often a source of confusion because Keccak-256 is the winner of the NIST SHA-3 competition, but it is not exactly the same as the final FIPS 202 SHA-3-256 standard.

Keccak-256 vs. NIST SHA-3-256

During the standardization process, NIST made minor changes to the padding of Keccak.

  • Keccak-256: Uses padding 0x01.
  • NIST SHA-3-256: Uses padding 0x06.

Because Ethereum was built while Keccak was still in the standardization process, it uses the original Keccak-256. This means a standard SHA-3-256 hash generator will produce a different result than a Keccak-256 hash generator. For Ethereum developers, using the correct version is vital for calculating function signatures and Merkle roots.

3. The secp256k1 Curve and ECDSA Signatures

Both Bitcoin and Ethereum use the Elliptic Curve Digital Signature Algorithm (ECDSA) for signing transactions, specifically on the secp256k1 curve.

Why secp256k1?

While most web standards (like TLS) use NIST curves (e.g., P-256), the blockchain community prefers secp256k1.

  • Koblitz Curve: It is a "Koblitz" curve, which allows for more efficient computation (scalar multiplication) than non-Koblitz curves.
  • No "Backdoors": There are concerns that NIST curves might contain hidden "backdoors" due to the way their parameters were chosen. secp256k1's parameters were chosen in a more transparent, deterministic way.

When you sign a transaction, you use your private key and ECDSA to produce a signature $(r, s)$. The network uses the secp256k1 curve and your public key to verify that the signature is valid.

4. Merkle Trees and Merkle Roots

A Merkle Tree (or hash tree) is a structure used to efficiently summarize and verify the integrity of large sets of data.

How it Works

  1. Leaves: Each transaction in a block is hashed.
  2. Nodes: Hashes are paired and hashed together recursively.
  3. Root: The final single hash at the top is the Merkle Root.

The Merkle Root in the Block Header

The Merkle Root is included in the block header. If even a single bit in a single transaction is changed, the entire Merkle Tree changes, resulting in a different Merkle Root. This allows "Simplified Payment Verification" (SPV) clients to verify that a transaction is part of a block without downloading the entire blockchain.

A Merkle tree calculator is essential for validating block headers and proving transaction inclusion.

5. Comparison: Hashing and Signature Algorithms

Protocol Primary Hash Signature Curve Address Hash
Bitcoin SHA-256d secp256k1 HASH160
Ethereum Keccak-256 secp256k1 Keccak-256 (last 20 bytes)
Solana SHA-256 Ed25519 Base58 Public Key
Polkadot Blake2b Ed25519/sr25519 SS58

FAQ: Blockchain Cryptography

Q: Is Keccak-256 more secure than SHA-256?

A: Both are considered cryptographically secure. Keccak (Sponge construction) is naturally resistant to length extension attacks, whereas SHA-256 (Merkle-Damgård) requires the "double-hashing" trick to achieve similar resistance.

Q: Why not use Ed25519 for everything?

A: Ed25519 is faster and more secure than ECDSA/secp256k1. However, when Bitcoin and Ethereum were created, Ed25519 was relatively new and not as widely vetted or supported in hardware as ECDSA. Newer chains like Solana and Cardano do use Ed25519.

Q: What is a "Collision"?

A: A collision occurs when two different inputs produce the same hash output. For Keccak-256 or SHA-256, finding a collision is computationally impossible with current technology.

Q: How is a transaction hash calculated?

A: Usually by hashing the serialized transaction data. In Bitcoin, it's SHA256d(tx_data). In Ethereum, it's Keccak256(rlp_encoded_tx).

Conclusion

Blockchain cryptography is a carefully selected suite of algorithms designed for high security, efficiency, and transparency. From the efficiency of secp256k1 to the unique sponge construction of Keccak-256, these primitives are what make decentralized trust possible. For any developer working in the space, understanding these foundations is not just an academic exercise—it is the key to building secure and compatible decentralized applications.

Back to Blog