Solana merges SIMD-0512, bringing a native SHA-512 syscall to on-chain programs and unlocking new cryptographic interoperability for protocol developers.

> impact

**What shipped:** SIMD-0512 has been merged into the Solana runtime, introducing a dedicated `sol_sha512` syscall that gives on-chain programs direct access to SHA-512 hashing at the system level. This joins the existing suite of native hash syscalls — SHA-256 (`sol_sha256`) and Keccak-256 (`sol_keccak256`) — as a first-class cryptographic primitive available to any deployed program. The syscall accepts an arbitrary number of byte slices and returns a 64-byte SHA-512 digest, following the same calling convention established by the existing hash syscalls. **Why it matters:** SHA-512 is a core building block in several widely-used cryptographic constructions. Most notably, Ed25519 signature verification internally depends on SHA-512 for both key derivation and the signing/verification process. Until now, programs that needed SHA-512 had to either bring their own implementation (burning significant compute units) or work around the limitation entirely. SIMD-0512 eliminates that overhead, making it dramatically cheaper and simpler to implement Ed25519-adjacent verification logic, interact with protocols that mandate SHA-512 (such as certain identity and certificate systems), or build cross-chain bridges to networks whose signature schemes rely on SHA-512 digests. **Impact for developers:** If you're building anything that touches Ed25519 at a granular level — custom signature aggregation, threshold signing schemes, verifiable credential verification, or cross-chain message validation against SHA-512-based chains — this syscall removes a major friction point. Expect substantially lower CU consumption compared to a pure-BPF SHA-512 implementation (early benchmarks suggest 10–50x savings depending on input size). Library authors shipping Solana SDKs in Rust and C should begin exposing ergonomic wrappers around the new syscall so downstream developers can adopt it as soon as it activates on mainnet.

> Try this now

try this

# ---------------------------------------------------------------------------
# Walkthrough: Using the new sol_sha512 syscall in an on-chain Solana program
# (Rust / Anchor-compatible)
# ---------------------------------------------------------------------------

# 1. Make sure you're on a validator or test environment that includes SIMD-0512.
#    As of this writing, the feature gate has been merged but may not yet be
#    activated on mainnet. Use a local test-validator with the feature force-
#    enabled, or target a devnet/testnet cluster where it's live.
#
#    solana-test-validator --features-to-activate <SHA512_FEATURE_GATE_PUBKEY>

# 2. In your on-chain program (lib.rs), import the hash module.
#    The solana_program crate will expose `sha512` alongside `sha256` and
#    `keccak` once the SDK version supporting SIMD-0512 is published.

# use solana_program::hash_sha512;  // expected module path — verify against
#                                    // the SDK release notes

# 3. Call the syscall. It accepts a slice of byte slices (&[&[u8]]) and
#    returns a 64-byte Hash512 struct.

# pub fn verify_something(ctx: Context<Verify>, data: Vec<u8>) -> Result<()> {
#     // Hash the incoming data using the native SHA-512 syscall
#     let digest = solana_program::sha512::hash(&data);
#
#     // `digest` is a 64-byte array wrapped in a newtype.
#     // You can compare it against an expected value passed in from the client.
#     msg!("SHA-512 digest: {:?}", digest.to_bytes());
#
#     // For multi-slice hashing (e.g., domain-separated inputs):
#     let domain_tag = b"MY_PROTOCOL_v1";
#     let multi_digest = solana_program::sha512::hashv(&[
#         domain_tag,
#         &data,
#     ]);
#
#     // Use the digest in downstream logic — signature checks, Merkle
#     // proofs, cross-chain message validation, etc.
#     require!(multi_digest.to_bytes() == ctx.accounts.expected_hash.data,
#              MyError::HashMismatch);
#
#     Ok(())
# }

# 4. On the client side (TypeScript), nothing special is needed — the syscall
#    is invoked internally by the program. But if you want to compute a
#    matching SHA-512 digest off-chain for verification:

# import { createHash } from 'crypto';
#
# const domainTag = Buffer.from('MY_PROTOCOL_v1');
# const data = Buffer.from(/* your payload */);
# const digest = createHash('sha512')
#   .update(domainTag)
#   .update(data)
#   .digest();
#
# console.log('Expected SHA-512:', digest.toString('hex'));

# 5. Compute-unit savings: A pure-BPF SHA-512 over a 256-byte input can cost
#    ~15,000–50,000 CU depending on implementation. The native syscall is
#    expected to land in the low hundreds of CU for the same input, similar
#    to the existing SHA-256 syscall cost curve. Profile with
#    `solana_program::log::sol_log_compute_units()` before and after the call
#    to confirm savings in your specific workload.

# 6. Security note: SHA-512 is NOT a drop-in replacement for SHA-256 in
#    existing Merkle trees or PDAs. Only use it where your protocol
#    specifically requires a 512-bit digest (Ed25519 internals, HMAC-SHA-512,
#    cross-chain proof verification, etc.).

# Happy hashing! Track the feature-gate activation status at:
# https://github.com/solana-labs/solana/labels/feature-gate