A hash function takes any input β a single byte, a novel, an entire blockchain β and produces a fixed-length output (the “hash”) that looks like random noise. The same input always produces the same output, but even a tiny change to the input produces a completely different output, and working backwards from the output to figure out the input is computationally infeasible. These properties are what make hash functions useful.
The hash functions used in crypto are specific ones chosen for their security properties. SHA-256 (used by Bitcoin) outputs 256 bits, or 64 hexadecimal characters. Keccak-256 (used by Ethereum) has the same output size but uses a different internal construction. Blake3 and other newer functions exist and are used in specific places. The choice of hash function matters to chain designers; for everyone else, they all work the same way from the outside.
What Hashes Are Used For
Almost everything. Hashes are used to identify blocks β every block has a hash, which is a fingerprint of its entire contents. They are used to link blocks together β each block contains the hash of its predecessor, so any change anywhere in history would cascade and break all subsequent hashes. They are used to identify transactions, so you can look up a specific transaction by its hash on a block explorer. They are used to build Merkle trees, which let you prove that a specific transaction was included in a block without having to download the whole block. They are used to generate addresses β a Bitcoin or Ethereum address is, roughly, a hash of a public key. And they are used for proof-of-work, where miners compete to find an input that produces a hash below a target value.
The one-way property is what makes all of this secure. If you could reverse a hash, you could forge blocks, rewrite history, and drain addresses whose public keys you did not actually control. None of the major hash functions in use have ever been reversed at scale, and the ones that have shown signs of weakness (MD5, SHA-1) are no longer considered secure for this kind of work.
How Proof-of-Work Actually Uses Hashes
Mining a Bitcoin block means finding a nonce β an extra field in the block header β such that the resulting block hash is below a certain target value. Because hashes look random, the only way to find such a nonce is to try values until one works. At the current difficulty, finding a valid hash requires on the order of 10^23 attempts on average. This is what all the power consumption and all the specialised hardware is doing: brute-forcing nonce values until one of them produces a small-enough hash. When a miner finds one, they broadcast the block and move on to the next.
The elegance of the design is that verification is instant β any node can check whether a claimed block hash is below the target in microseconds β but producing one is extraordinarily expensive. That asymmetry is the whole basis of proof-of-work’s security. Attackers have to redo all the work to rewrite history; defenders just have to check the answers.