I thought this meant they were able to generate collisions for 92% of files/hashes they tried, but it sounds like they're able to generate hashes that are 92% identical?
>We've just gotten 92% of the way to finding a single collision (this means that there is no full collision yet.). This has security ramifications in that other researchers are expected to be able to complete the work through similar methods as explored in the paper, and eventually produce collisions at will. We weren't sure if this was a remarkable result, since it's not a full collision, but we shared the work with the leading cryptographer in the field, who holds the world records in reduced-round attacks, and got great encouragement to proceed to publish it as a paper, so we did so.
(if we had found a single full collision, we would have just written "we broke SHA-256". This is 92% of the way to a full collision. Any collision is considered a great reduction in the security of the hash, because it means that there two different files with the same cryptographic hash. This is what happened to other algorithms such as MD5, as demonstrated in the linked tool.)
[1] https://stateofutopia.com/papers/2/intermediate-report.pdf
Before we continue, you can verify that we are able to make end-to-end collisions through our linked tool:
https://stateofutopia.com/experiments/md5collider
You can use literally any MD5 tool, including the ones built into Linux, Windows Powershell, any online MD5 calculator, etc, to test the differing files.
Our certificates implement the full SHA-256 algorithm and we provide the source code. You can verify it yourself using any and all means including writing your own version by hand if you don't trust our code. In addition to this, our results have been verified by other cryptographers. Thanks again for the question.
> Our certificates implement the full SHA-256 algorithm
We knew MD5 is broken. Do you have a POC for breaking SHA-256, too?
Bitcoin mining is a partial second preimage of 0x00 though, not a collision, that statement just seems to be so outside the realm of what they’re claiming to have done. Even MD5, the most widely known to be broken hash, would be secure when used in the same way bitcoin uses SHA256 (other than being too short now, bitcoin miners have done 80 bits of work at this point many times over).
> his report was generated on 2026-03-22 as the final artifact of the SHA-256 Cryptanalysis Research Project. Collaboration: Robert V. (research direction, strategy) and Claude/Anthropic (implementation, computation).
This Claude guy is pretty prolific it seems.
But I'll wait for some known cryptographers to chime in
Venue should not imply credibility but in this case it would certainly help bring the proper scrutiny.
https://claude.ai/share/b10b95ef-5d9f-43dd-9005-3d1d89f9dbc1
It's on the author to explain what they mean. Here, they haven't.
Do some research and write a paper about breaking Bitcoin.
logicallee•2h ago
Freak_NL•1h ago
rdtsc•1h ago
polotics•1h ago
thadt•1h ago
[1] https://eprint.iacr.org/2024/349
vl•1h ago
hagbard_c•1h ago
skullone•1h ago
Retr0id•19m ago
https://news.ycombinator.com/item?id=38668893
(Also my work does not demonstrate any weakness in SHA256, it's just an application of the birthday paradox)