[bitcoin-dev] Time to worry about 80-bit collision attacks or not?

Gavin Andresen gavinandresen at gmail.com
Fri Jan 8 15:46:53 UTC 2016

Thanks, Anthony, that works!


How many years until we think a 2^84 attack where the work is an ECDSA
private->public key derivation will take a reasonable amount of time?

And Ethan or Anthony:  can you think of a similar attack scheme if you
assume we had switched to Schnorr 2-of-2 signatures by then?

And to everybody who might not be reading this closely:  All of the above
is discussing collision attacks; none of it is relevant in the normal case
where your wallet generates the scriptPubKey.

Gavin Andresen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160108/8f69988f/attachment.html>

More information about the bitcoin-dev mailing list