QUESTION
MD5 used to be the hash algorithm. Everyone loved it, but now, not so much.
What will happen to bitcoin if flaws are found in SHA256 in the future?
ANSWER
I'm assuming you mean what will happen to Bitcoin if SHA256 is discovered to no longer be suitable for use as Bitcoin uses it. First, such a thing is likely to happen very gradually. We'll first see hints of weaknesses and attacks that currently take millions of years will shrink to thousands of years and then hundreds of years. So there will be plenty of time to arrange a change.
Note that Bitcoin addresses also use RIPEMD-160, which is likely weaker than SHA-256. However, the way they're used, weaknesses in RIPEMD-160 might not actually create problems for Bitcoin.
Basically, whatever changes needed to be made to the protocol would have to be worked out. Possibly any other changes deemed advantageous could be made at the same time, since protocol-breaking changes are rare. Some fields may need to be expanded.
A particular block would be picked, after which the new methods would start. Everyone would have to upgrade before then.
I think every effort would be made to keep the block header size the same so the mining algorithm didn't have to change. This may mean having to add an intermediate header. The intermediate header would contain the larger hashes of the previous block, transaction tree, and so on. The hash of the intermediate header would go in the block the miners try to mine, reducing its three hash fields to just one. (And allowing the nonce to be expanded to 64-bits! Yay!)
If addresses or transactions had to change, then after that chosen block, new-style transactions would be permitted. Coins not transferred to new-style accounts might become vulnerable to attack, in theory. Because Bitcoin transactions already have input and outputs that function in a logically independent way, there would be no problem with importing coins with an old-style address/signature and sending them to a new-style address.
Tweet