Parallelizing SHA256 Calculation on FPGA
32 comments
·July 3, 2025Retr0id
picture
Quite slow. It's largely due to the author using FPGAs wrong. Clocking down a 7-series Artix to 62.5 MHz means the design is not pipelined correctly/enough. My friend got 1 SHA256 hash per cycle at 300 MHz on 7 series, but slightly fewer of the design fit on a chip. Thruput would easily be in the GH/s range.
Keep in mind RTX4090 is 5 nm process node and has a lot more transistors and memory than XC7A100T, which is 28 nm. That's a huge difference in terms of dynamic performance. Also, the two are also released 10 years apart. If you compare RTX4090 against a similarly modern UltraScale part from Xilinx, I believe the FPGA can be notably faster than RTX4090.
benlivengood
I'm assuming this space has already been heavily optimized by the Bitcoin miners on their way to ASICs.
15155
Yes, but a designed-for-FPGA SHA256 implementation looks very different than an ASIC SHA256 implementation - the ASIC has far greater routing flexibility and density, and can therefore use far more combinatorial logic between register stages.
(ASIC simulation on an FPGA will retain the combinatorial stages but run at dramatically lower fMax)
picture
Yes, hard silicon will be another magnitude more performant than FPGAs and GPUs, but ASICs properly take on negative value when they're no longer profitable to mine with. (Note that efficiency won't be much better at the same process node. You can just pump more power through each ASIC die)
Edit - I misread your comment. ASIC designers will use FPGAs to test their design but it won't be optimized for FPGAs which have a different logic-and-memory characteristic than ASICs. There aren't many great SHA256 FPGA implementations, largely because there's not that much demand for one
Retr0id
Unfortunately I think most of that innovation happened behind closed doors, because everyone wanted to maintain their competitive advantages.
15155
SHA256 is extremely FF-heavy, you need around 200k for an optimized, unrolled, pipelined implementation.
UltraScale+ chips will run a proper design at 600MHz-800MHz, big chips might be able to fit 24 cores. The Artix chip OP used is extremely slow and too small to fit this style of implementation.
ethan_smith
[flagged]
Retr0id
I was confused by this reply, but it would appear ethan_smith is a (rather good!) LLM bot:
d00mB0t
More posts like this please! How about a crypto accelerator on FPGA that's integrated with OpenSSL?
15155
Unless you're talking about niche algorithms (and even then), the FPGA will get smoked by a CPU for most common tasks one would use OpenSSL for.
d00mB0t
Yes--obviously modern CPUs have crypto extensions that would be faster than an FPGA,this would be for educational purposes.
15155
Even without the extensions, by the time you've moved the workload to the FPGA and back, the CPU has already completed whatever operation your FPGA was going to complete with OpenSSL.
FPGA cryptographic acceleration is about batch task bandwidth, OpenSSL has few places where this is required.
qdotme
Great job!
For alternative design/writeup, check out http://nsa.unaligned.org
projektfu
That seems to be the inverse function for SHA-1 and MD5.
null
So what's the overall hashrate with this approach?
I'll try to calculate it from the information given. 12 parallel instances at a clock speed of 62.5MHz, with 68 clock cycles per hash.
62.5MHz * 12 / 68 = ~11MH/s
That seems... slow? Did I do the math right? How big of an FPGA do you need before this would compete with a GPU, and how much would it cost?
For reference, an RTX 4090 can do 21975.5 MH/s according to hashcat benchmarks.