If I understood correctly, in most situations where hashing occurs, the Bitcoin protocol applies double hashing: sha256(sha256(input)) rather than sha26(input).
Why is this, doesn't this actually reduce entropy?
As far as I know, we cannot guarantee that there aren't many different inputs x and y which have different hashes, but the same double hashes. That is, sha256 is not a one-to-one mapping on the 256 bit space, right?
First, do we actually *know* that sha-256 is *not* a one to one mapping on the 256 bit space ?
If it turns out to be, then you've got nothing. I don't know the answer, I'm not a professional cryptographer,
but looking at the code for SHA-256, there doesn't seem to be an obvious dropping of bits within
the transform step itself, but then I am too lazy to analyze it in-depth.
Would love for someone more knowledgeable than I to comment.
Second, if SHA-256 does indeed somehow drop information for a 256-bit input, IMO, if there's a reduction
in entropy, it's likely to be negligible when compared to the additional work needed to untangle the complexity
added by the second round.
Finally, what someone said: the likely intent of the team who designed bitcoin was to slow mining down, not to
add a layer of security there. Arguably, they failed because they didn't foresee the length at which people would
go to mine coins (first GPUs, then FPGAs, then dedicated ASICs).
Had they realized, they would have added an scrypt-like round to the hash step.
satoshi encouraged people to mine with gpus, he did foresee this.