Bitcoin mining uses SHA-256d: SHA-256(SHA-256(data)).I recently discovered experimentally (IACR ePrint 2026/109079) that the second SHA-256 application has a structurally constrained message schedule:The second hash always receives exactly 32 bytes (the first hash output) + fixed Merkle-Damgård paddingThis makes W[8-15] in the second hash always constant (0x80000000... + length encoding)Only 30 unique carry patterns exist in the second hash vs theoretical 2^64Measurable cross-hash anti-correlation: 9.56σ (confirmed real, scales as √N)My questions:Was this structural property of SHA-256d considered when Bitcoin adopted double-SHA-256? Or was it chosen purely for length-extension attack resistance?Is there any documentation of this constrained W-schedule effect in Bitcoin's design rationale?Does this property have any known implications for Bitcoin's security model beyond length-extension resistance?The correlation is not exploitable (r=0.03,