# [Crypto] Is SHA-256 bijective on a certain domain?

Of course it is. If you tightly restrict the input domain, then the problem is simple. The function is deterministic, so just inject clusters of random bits within the input domain of interest (domain $$A$$). You then select unique hashes (co-domain $$O$$) and discard the colliding input/output pairs to create input sub-domain $$B \in A$$. You will have nullified collisions and will have a bijection as $$B \to O$$.

Note: We haven't seen collisions on SHA-256 output domains yet, but the above theory holds. And using this brute force approach, the co-domains become more biased towards a bijection as the input domain deceases in cardinality, as $$p(\text{bijection}) \propto \frac{1}{|A|}$$ through simple computability.

But I'm having a hard time understanding a cryptographic use for such strange domains. I'm unconvinced that sha256inv would actually exist at all as restricting inputs is kinda cheating. And they still only analytically compute one way as $$\text{sha256}:B \to O$$ which is due to fundamental pre-image resistance. $$\text{sha256inv}: O \to B$$ remains elusive. And general $$\text{sha256inv}: O \to A$$ must remain impossible as you've deliberately eliminated collisions which we know mathematically exist.

P.S. $$|A|= 916 \times 10^6$$, if you consider 5 no. 62 alphanumeric values chosen by total randomness. That's easily computable on an enthusiast's machine.