A systematic exploration of SHA-256 collision resistance limits. We probe for weaknesses, characterize barriers, and build tools to push further.
This is not about proving a single thesis. It is about generating reliable evidence across multiple angles of attack on SHA-256.
Background: Viragh (2026) demonstrated collisions through round 59 of
SHA-256's 64 rounds ("92% broken"). This project investigates whether the
remaining rounds can be attacked. See reference/paper.pdf.
- Check
comms/inbox/— read messages addressed to you orall - Update
comms/status/<your-machine>.md— what you're running, capacity - Read
CLAIMS.md— understand what's established vs hypothesized - Read
headline_hunt/TARGETS.md— the active hunt direction (post-2026-04-24) - Read
headline_hunt/registry/mechanisms.yaml— pick a bet whose owner isunassigned - Always import from
lib/— never reimplement SHA-256 primitives
The old q*_ folders' QUESTION.md files are historical. The active workspace is
headline_hunt/.
This project runs on multiple machines simultaneously. We coordinate via
git-based messaging in comms/. See comms/README.md.
On every git pull: Check comms/inbox/ for messages addressed to you.
After significant events: Update your status board and send messages.
Before starting new work: Check what others are doing to avoid duplication.
headline_hunt/ **ACTIVE WORKSPACE** — post-2026-04-24 second wind
TARGETS.md Headline classes we're hunting
registry/ Living lists: candidates, kernels, mechanisms, negatives, literature, runs
bets/ One folder per active bet (each with kill criteria)
datasets/ Canonical artifacts: certificates, BDDs, collision lists, proofs
infra/ Audit, validation, run-logging, dashboard scripts
literature/ BibTeX + per-paper notes
graveyard/ Closed-bet kill memos (prevents reanimation)
reports/ Decision memos + weekly dashboards
consultations/ External-model consultations (current + archive of prior reviews)
lib/ Shared library (SHA-256, CNF encoder, solvers)
q1_barrier_location/ FROZEN — historical record (don't extend)
q2_bottleneck_anatomy/ FROZEN
q3_candidate_families/ FROZEN
q4_mitm_geometry/ FROZEN — but tools here feed bets/mitm_residue/
q5_alternative_attacks/ FROZEN — most active pre-pause; tools may feed multiple bets
q6_verification/ FROZEN
reference/ Source paper, prior art, specs (paper.pdf is Viragh 2026)
writeups/ Pre-pause research narratives — read for background, don't extend
cnfs_n32/ Existing TRUE sr=61 CNFs (used by bets/sr61_n32/)
comms/ Multi-machine coordination (inbox/ for messages)
infra/ (legacy) Build, batch, orchestration
archive/ Legacy numbered scripts (read-only)
from lib.sha256 import K, IV, precompute_state, sigma0_py, sigma1_py
from lib.cnf_encoder import CNFBuilder
from lib.mini_sha import MiniSHA256, MiniCNFBuilder
from lib.solver import run_kissat, run_cadical, verify_dratNever reimplement these. If you need a variant, extend the library.
- No numbered prefixes (multiple agents = name collisions)
- Descriptive names:
padding_freedom_scanner.cnot77_candidate_mutation.py - Results:
results/YYYYMMDD_description/within each question folder
Use these consistently in claims, writeups, and commit messages:
- VERIFIED: reproduced, cross-validated, DRAT-checked where applicable
- EVIDENCE: consistent from multiple approaches, but gaps remain
- HYPOTHESIS: supported by data, not yet tested against alternatives
- EXTRAPOLATION: projected from trends, explicitly flagged as uncertain
Each testable claim gets its own file in q*/claims/ with:
- One-sentence statement
- Evidence level
- Supporting scripts/results
- Known caveats
- What would change the assessment
- State what changed and the evidence level of any new claims
- Reference the bet (post-2nd-wind):
[block2_wang] residual corpus collected, N=... - Legacy q*-folder references still acceptable for historical reference:
[q1] ...
The 2026-04-18 CNF audit cost ~2000 CPU-hours because mislabeled CNFs went unaudited. These rules exist so that doesn't happen again.
- Audit before queuing: every CNF passes
python3 headline_hunt/infra/audit_cnf.py <file>. Trust the audit verdict, NOT the filename. If it returns CRITICAL_MISMATCH or UNKNOWN, do not run. - Log every run: every solver invocation is recorded via
python3 headline_hunt/infra/append_run.py --bet <id> --candidate <id> .... No exceptions, including exploratory runs. The script auto-captures git commit, CNF sha256, machine, audit verdict. - Claim a bet by editing
headline_hunt/registry/mechanisms.yamlto set<mechanism>.ownerto your machine name. Update the bet'sBET.yamltoo. - Validate before starting:
python3 headline_hunt/infra/validate_registry.pyshould return zero errors. If it warns about staleness on a bet you're about to touch, that's a signal to refresh the bet'slast_updated/last_heartbeatfield in the same commit. - Weekly dashboard: run
python3 headline_hunt/infra/summarize_runs.py, commitheadline_hunt/reports/dashboard.md. Watch the audit-failure-rate row — if it exceeds 1%, the sr61_n32 bet auto-trips its process kill criterion. - Kill-criteria are real: when a bet's kill criteria fire, move it to
headline_hunt/graveyard/closed_bets/and write a kill memo using the template. Do NOT silently restart a closed bet — meet the reopen criteria first.
- Don't say "proof" without DRAT verification and cross-solver confirmation
- Don't extrapolate mini-SHA results to full SHA-256 without explicit caveats
- Don't add scripts that reimplement
lib/functions - Don't modify
lib/without checking downstream consumers - Don't frame findings as "properties of SHA-256" when they're properties of one candidate family under one kernel with one padding scheme
- Don't use "theorem" for experimental observations
- Inspiration Engine (
~/.claude/inspiration/ask_models.py): Sends research briefing to frontier models via OpenRouter for external critique and creative ideas. Currently configured for GPT-5.5 at high reasoning (prior pair: Gemini 3.1 Pro + GPT-5.4, kept commented in MODELS dict). Auto-loads ~400-570K tokens of context. DO NOT run without explicit user direction. Useful for fresh perspectives, second set of eyes, or when stuck. Budget: ~$2.50-7.50/run for GPT-5.5 at high reasoning (reasoning tokens bill as output — actual cost ~2× the naive estimate). API key stored locally only. Outputs land inconsultations/<date>_<purpose>/per run.
- Kissat 4.0.4 — primary CDCL SAT solver
- CaDiCaL — secondary solver for cross-validation
- CryptoMiniSat 5 — third solver (slow on these instances)
- drat-trim — DRAT proof checker (in
infra/drat-trim/) - gcc + OpenMP — for C tools. Compile flags:
gcc -O3 -march=native -Xclang -fopenmp -I/opt/homebrew/opt/libomp/include -L/opt/homebrew/opt/libomp/lib -lomp
The pre-pause state (sr=60 SAT verified, sr=61 open, 11 closed mechanisms,
6-theorem boundary proof, BDD O(N^4.8)) is all preserved in writeups/.
For active state, see:
headline_hunt/TARGETS.md— what we're huntingheadline_hunt/registry/candidates.yaml— all candidates with statuses (replaces the inline table that used to live here)headline_hunt/registry/mechanisms.yaml— what's open/in_flight/blocked/closed with kill criteria and reopen triggersheadline_hunt/registry/negatives.yaml— closed doors with would-change-my-mind triggersheadline_hunt/reports/dashboard.md— generated weekly from runs.jsonlconsultations/20260424_secondwind/— GPT-5.5's full meta-consultation that drove this restructure
The principal sr=60 collision certificate is at:
headline_hunt/datasets/certificates/sr60_n32_m17149975.yaml
(extracted from writeups/sr60_collision_anatomy.md; re-verifiable from the YAML).