The Countdown to Blast Off is on! 
Join the 400M $SUPRA token airdrop
Robot Image

The NSA and Bitcoin: Origins of the SHA-256 Hashing Algorithm

May 11, 2023 - 7 min read

Tracing the roots of a widely used hashing algorithm all the way back to its origins from US intelligence agencies.


The Origins of SHA-256

Secure Hash Algorithm 256-bit (SHA-256) is a widely used cryptographic hash function that produces a fixed-size output of 256 bits when given different inputs. It belongs to the SHA-2 family of hash functions, which was preceded by the earliest SHA-1 hash functions. Higher numbers indicate the length of the hashing outputs, which we’ll discuss below. 

The origins of SHA-256 can be traced back to intelligence services in the US, namely the National Security Agency, or the NSA for short. Engineers employed at the agency invested heavily in developing the algorithm, and first published it in 2001. The primary objective of creating SHA-256 was to optimize earlier hashing functions like MD5 and SHA-1, which were found to be vulnerable to several known attack vectors.

Interestingly, SHA-256 is widely applied to cybersecurity, including digital signatures, password storage, and message authentication codes. It’s also been employed in proof-of-work consensus algorithms used in blockchains like Bitcoin, for instance. 

The algorithm operates on input data in chunks, called blocks, and processes them through a series of mathematical operations. The output of SHA-256 is a 256-bit hash, hence the name, which is unique for every unique input.

basic hashing diagram
Hashing algorithms take given inputs and obfuscate their outputs. No two different inputs may yield the same output; changing just one digit of the input will yield a completely different output.

One of the primary features of SHA-256 is its resistance to collision attacks, meaning it’s computationally impossible to generate the same hashed output from two different inputs. That is, outputs can be checked retroactively because their outputs will always correspond to a unique set of inputs. 

However, it’s also preimage resistant, making it practically impossible to deduce the private keys of a sender from a transaction’s hash value. This is why both public and private keys are used in tandem for the synergy of transparency and security. 

All of this sounds very secure, but some wonder if the developers of the SHA-256 algorithm might have built a backdoor and planned to use it at some point in the future. Before we discuss the possibility of this, let’s look more specifically at how hashing works in a practical sense by using the Bitcoin network as an example. After that, we can consider the more speculative aspect regarding US spy agencies and any potential conflicts of interest which may exist.

SHA-256 in the Bitcoin Code

Ironically, SHA-256 is central to the functioning of Bitcoin, which many believe is a threat to the dominant role of the US dollar, which presumably the US government would be fervently against. It harkens back to a tragic narrative we seem to keep living out in which our actions often come back to haunt us in unexpected ways. This is especially true when hubris is involved. This clearly doesn’t support the notion that Bitcoin was created by a government agency.

In the context of Bitcoin, SHA-256 is critical for its proof-of-work consensus mechanism. As we know, proof of work miners compete to solve a mathematical problem that involves finding a specific hash value called a nonce. Combined with the remaining header data and hashed using SHA-256, the final output is a new block header roughly every 10 minutes. 

Blocks all contain headers which store important metadata like the previous block’s hash, the Merkle root of the transactions within each block, a timestamp, and a nonce. You might have already guessed that the block header is hashed using SHA-256. 

It’s actually used twice: once to produce the block’s nonce, which serves as its unique identifier, and again for the block header. The nonce links past blocks to those in the future, preserving the integrity of Bitcoin’s continuity.

bitcoin block header diagram
Bitcoin headers use SHA-256 to encrypt a variety of inputs and outputs.

Going further, Bitcoin addresses are derived from public keys, which are in turn derived from private keys through an Elliptic Curve Digital Signature Algorithm, or ECDSA. The public key is hashed using a combination of SHA-256 as well as the European-created RIPEMD-160, resulting in a 160-bit hash. 

RIPEMD-160 is generally faster than SHA-256 due to its shorter output size, making it more suitable for certain applications where speed is crucial. The resulting hash from combining the aforementioned algos is then encoded using something called Base58Check to produce final Bitcoin addresses.

Furthermore, Bitcoin transactions are digitally signed via the private keys of senders to prove ownership before bitcoins are sent. That is, the transaction data is hashed using SHA-256, and then the hash is signed using the sender’s private key with the aforementioned ECDSA. 

Thus, the resulting digital signature is included in the transaction data, and other network participants in the network can subsequently use the sender’s public key to verify that the signature is valid. This marriage of security and transparency gave birth to the age of blockchain of which we’re witnessing the early stages.

Does the NSA Have a Backdoor to Bitcoin?

There are rumors floating around out there that spy agencies actually have a backdoor into the Bitcoin network, just waiting to rugpull all the hard-money advocates once they’ve really gone all in. Well, first of all, let’s get some context. 

Intelligence networks are already shrouded in secrecy. One of their main objectives of intelligence agencies is to obfuscate their operations and work in the shadows. Many are growing increasingly worried that such agencies pose a threat greater to the public than the benefits they provide as mission creep pushes them to slowly increase their powers over time.  

Given the NSA’s history, it doesn’t have a lot of credibility when it comes to being straightforward with the public- even when hard evidence reveals their own misconduct. After all, they were called out in a big way for inappropriately spying on US nationals while claiming that they were investigating foreign terrorists operating overseas. 

This evidence was brought to light when Edward Snowden leaked classified documents revealing a clandestine data collection and surveillance program being conducted by the NSA called PRISM. This was back in 2013, not long after the birth of Bitcoin. 

You see, PRISM was authorized under something the Foreign Intelligence Surveillance Act of 1978, which was originally designed to spy on foreigners living in the US engaged in terrorism, espionage, or other conduct relevant to national security. However, the program came under scrutiny for infringing on the privacy rights of individuals, particularly since data was being collected on those who had not or were not suspected of committing any crimes. 

Despite outcry from privacy advocates, PRISM, which was set to expire, was renewed in 2018. Still, PRISM allows the NSA to collect a wide range of data on users who have communicated with foreign individuals or companies, including your phone conversations, SMS messages, emails, search histories, file transfers, photos on cloud storage, and encrypted chats. PRISM continues to be a controversial topic regarding the proper balance between individual privacy rights and national security.

Some of those reportedly involved in PRISM won’t surprise readers, including big tech giants like Google, Microsoft, Facebook, Apple, Yahoo, and many more. While companies are required to comply with lawful requests for user data, many have denied granting the NSA any sort of unlawful or inappropriate access to their servers.


Some wonder if there could be a conspiracy afoot in which the NSA plans to use a backdoor in SHA-256 to either identify individuals or drain their wallets of funds. However, there is no evidence of this aside from the fact that the NSA contributed to the development of several hashing algorithms. It is therefore unlikely that the NSA has much to do with Bitcoin’s development otherwise. 

Knowing SHA-256 is an integral part of Bitcoin’s design, we have to tip our hats to Uncle Sam for doing his part, along with Satoshi, to bring us Bitcoin and so much else that has followed in its wake. The genie is truly out of the bottle. However, should you be worried about a backdoor into Bitcoin’s code? In short, we think not; nevertheless, this isn’t financial advice either.


  1. Flender, S. (2023, 28 Mar.). Hashing in modern recommender systems: A Primer. Towards Data Science.
  2. Hautala, L. (2018, 19 Jan.). NSA surveillance programs live on, in case you hadn’t noticed. CNET. 
  3. Nohe, P. (2018, 9 Nov.). Re-hashed: The difference between SHA-1, SHA-2 and SHA-256 hash algorithms. The SSL Store: HashedOut.
  4. Sorkin, A. D. (2013, 6 June). America through the N.S.A.’s PRISM. The New Yorker.

Read Next


Get news, insights, and more

Sign up for the Supra newsletter for company news, industry insights, and more. You’ll also be the first to know when we come out of stealth mode.

PrivacyTerms of UseWebsite Data Usage & CookiesBug DisclosureBiometric Information Privacy Policy

©2024 Supra | Entropy Foundation (Switzerland: CHE.383.364.961). All Rights Reserved