[bitcoin-dev] Time to worry about 80-bit collision attacks or not?
gavinandresen at gmail.com
Fri Jan 8 01:00:42 UTC 2016
On Thu, Jan 7, 2016 at 6:52 PM, Pieter Wuille <pieter.wuille at gmail.com>
> Bitcoin does have parts that rely on economic arguments for security or
> privacy, but can we please stick to using cryptography that is up to par
> for parts where we can? It's a small constant factor of data, and it
> categorically removes the worry about security levels.
Our message may have crossed in the mod queue:
"So can we quantify the incremental increase in security of SHA256(SHA256)
over RIPEMD160(SHA256) versus the incremental increase in security of
having a simpler implementation of segwitness?"
I believe the history of computer security is that implementation errors
and sidechannel attacks are much, much more common than brute-force breaks.
KEEP IT SIMPLE.
(and a quibble: "do a 80-bit search for B and C such that H(A and B) = H(B
and C)" isn't enough, you have to end up with a C public key for which you
know the corresponding private key or the attacker just succeeds in burning
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bitcoin-dev