# Validating the url

(This optimisation was proposed by Hal Finney & independently by Thomas Boschloo).To make the work easier the definition of a partial-pre-image is to find x such that H(x)/2^(n-k) = 0 where / is the integer quotient from division, n is the size of the hash output (n=256-bits for SHA256) and k is the work factor, ie, the first k bits of the hash output are 0 .This is not to be confused with a birthday collision which is to find two values x, x' so that H(x)=H(x'), this can be done in much lower work O(sqrt(2^k))=O(2^(k/2)) because you can proceed by computing many H(x) values and storing them until you find a matching pair.It takes a lot of memory, but there are memory-time tradeoffs.The idea builds on a security property of cryptographic hashes, that they are designed to be hard to invert (so-called one-way or pre-image resistant property).You can compute y from x cheaply y=H(x) but it's very hard to find x given only y.

Bitcoin being specified/released in 2008/2009 uses SHA256.

SHA1's resistance to birthday attacks has been partially broken as of 2005 in O(2^64) vs the design O(2^80).

While hashcash relies on pre-image resistance and so is not vulnerable to birthday attacks, a generic method of hardening SHA1 against the birthday collision attack is to iterate it twice.

A practical issue with switching to hashcash-SHA3 is that it would invalidate all existing [ASIC mining hardware](/bitcoin-mining-hardware/), and so is a change that would unlikely to be made except in the face of security risk; there is no indication that SHA1 or SHA256, or SHA256^2 are vulnerable to pre-image attack so the motivation is missing absent new cryptanalytic developments.

In addition even if SHA256^2 became easier due to cryptanalytic attack, and miners started using whatever the new algorithmic approach was, it does not necessarily matter as [difficulty would just adapt to it](/what-is-bitcoin-mining-difficulty/).