How a Blockchain Works — From SHA-256 to Bitcoin

Hash Functions: Digital Fingerprints

A cryptographic hash function takes any input (a word, a file, a novel) and produces a fixed-length string that looks random. SHA-256, used in Bitcoin, always outputs exactly 256 bits (64 hex chars).

SHA-256("hello") → 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 SHA-256("hell0") → 6ebb2e4e9e0b3e3cb3789e6e2b7cdec26be7786c01e2540a8491c46d77f9e5dc Change one character → completely different output (avalanche effect)

Three properties make hash functions useful for blockchains:

Deterministic: same input always gives the same output.
One-way: from the hash, you cannot reconstruct the input (pre-image resistance).
Avalanche effect: changing a single bit in the input flips roughly half the output bits, so you cannot "target" a desired hash.

Why SHA-256? For a 256-bit hash, there are 2²⁵⁶ ≈ 10⁷⁷ possible outputs. Even using all the energy of the Sun for billions of years, you could not enumerate them all. Brute-force reversal is physically impossible.

What Is a Block?

A block is a record containing several fields. In Bitcoin-style blockchains, every block includes:

Index: the block's position in the chain
Timestamp: when it was created
Data / Transactions: the payload (e.g. "Alice pays Bob 0.5 BTC")
Previous Hash: the SHA-256 hash of the preceding block
Nonce: a number miners adjust to solve the proof-of-work puzzle
Own Hash: SHA-256 of all the above fields combined

The "Previous Hash" field is the structural backbone of the blockchain. It hard-codes the hash of the prior block into the current one, creating a cryptographic dependency that propagates through every subsequent block.

The Chain: Why Tampering Fails

Consider three consecutive blocks. Their hashes form a dependency chain:

Block #1✓ Valid

Prev Hash0000000000…

DataAlice → Bob 1.0 BTC

Nonce82391

Hash0000a3f7c9…

Block #2✓ Valid

Prev Hash0000a3f7c9…

DataBob → Carol 0.3 BTC

Nonce51720

Hash0000b1e2d4…

Block #1 (tampered)✗ Invalid

Prev Hash0000000000…

DataAlice → Eve 1.0 BTC ← changed

Nonce82391

Hashd9a3c7f2b1… ← completely different

If you change the data in Block #1, its hash changes completely. Block #2's "Prev Hash" field no longer matches → Block #2's hash also changes → Block #3's "Prev Hash" also breaks. Every downstream block is instantly invalidated. To commit the tampered version, an attacker must recalculate the proof-of-work for every block from the edited one to the present, while the rest of the network continues adding new blocks.

Proof-of-Work: Mining

If hashing were free (microseconds per hash), an attacker could quickly recalculate the entire tampered chain. Proof-of-Work (PoW) makes that process deliberately expensive by adding a constraint: a block's hash must start with a certain number of leading zeros.

Target (difficulty ~23 zeros in Bitcoin, simplified here to 4): SHA-256(block data + nonce) must begin with "0000..." Miner tries nonce = 0, 1, 2, … until a valid hash is found. Expected attempts: 16⁴ = 65,536 (for 4 hex zeros) Bitcoin (2026): ~10²³ hashes attempted per block on average

The nonce ("number used once") is the only field miners change. There is no shortcut — they must hash-and-check billions of times per second. The network automatically adjusts the number of required leading zeros (the difficulty) every 2016 blocks (~2 weeks) so that blocks arrive every ~10 minutes regardless of how much hash-rate joins the network.

Bitcoin energy use: The global Bitcoin network currently consumes ~120–150 TWh per year — comparable to the electricity use of Poland or Argentina. This is the intentional cost of making history rewriting astronomically expensive.

Consensus and the 51% Attack

A blockchain is maintained by thousands of independent nodes. When two miners find a valid block nearly simultaneously, a temporary fork occurs. The network follows the longest-chain rule: the chain with the most cumulative work wins, and the short fork is abandoned.

This rule creates the 51% attack: an entity controlling more than half the network's total hash-rate could, in secret, build a longer alternative chain and then broadcast it, rewriting recent history — for example, double-spending coins that were already "confirmed".

For Bitcoin, a 51% attack would require acquiring more computational power than all the world's Bitcoin miners combined, costing billions of dollars in hardware and electricity, while the attack would likely crash the coin's value before any profit could be extracted.

Consensus mechanism	Security principle	Used by	Energy cost
Proof of Work	Cost of computation	Bitcoin, Litecoin	Very high
Proof of Stake	Cost of staked coins	Ethereum (since 2022), Cardano	~99% less than PoW
Delegated PoS	Elected validator set	EOS, TRON	Low
Byzantine Fault Tolerance	Supermajority vote	Tendermint, Cosmos	Low, centralised

Smart Contracts

A smart contract is a program stored on the blockchain that executes automatically when pre-defined conditions are met — no bank, lawyer, or intermediary required. Ethereum (2015) generalised blockchains from simple value transfer to a globally-distributed computer (the Ethereum Virtual Machine, or EVM).

Example: a simple smart contract could hold funds in escrow and release them to a seller once a buyer confirms delivery — tamper-proof and without requiring either party to trust the other.

Code is law — and bugs are permanent: Smart contracts are immutable once deployed on most blockchains. In 2016 the DAO smart contract had a reentrancy bug that allowed an attacker to drain $60 million. The Ethereum community controversially chose to "hard fork" to reverse it — precisely the kind of tampering a blockchain is supposed to prevent.

Scalability, Energy, and Trade-offs

Bitcoin processes about 7 transactions per second. Visa handles ~24,000 TPS. The blockchain trilemma (coined by Vitalik Buterin) states that a blockchain can have at most two of three properties simultaneously:

Security — resistant to attacks
Decentralisation — no single point of control or failure
Scalability — many transactions per second at low cost

Layer-2 solutions (Lightning Network for Bitcoin; rollups for Ethereum) try to move most transactions off-chain while anchoring their security to the main chain's immutable record.

Beyond Bitcoin

The core structure — hash-linked records secured by consensus — has been applied far beyond cryptocurrency:

Supply chain: IBM Food Trust tracks food from farm to shelf; a contamination recall that once took weeks now takes seconds.
Voting: Immutable audit trail for ballots without revealing who voted for whom (using zero-knowledge proofs).
NFTs: Proof of ownership of a digital asset — though critics note the asset itself is usually stored off-chain.
DeFi: Decentralised exchanges, lending and borrowing protocols — existing financial instruments reimplemented as smart contracts.
Identity: Self-sovereign identity (SSI) — you control your credentials without a centralised authority.

Try It Yourself

The sorting algorithms simulation demonstrates how computational work and comparison count change with data size — the same intuition as adjusting mining difficulty:

🔢 Sorting Algorithms — Work & Complexity →

The encryption article covers the RSA and Diffie-Hellman algorithms that underpin blockchain key management:

🔐 How Encryption Works →