[bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers

Pieter Wuille pieter.wuille at gmail.com
Sun Feb 26 06:36:25 UTC 2017


On Feb 25, 2017 22:26, "Steve Davis" <steven.charles.davis at gmail.com> wrote:

Hi Pieter,

> On Feb 25, 2017, at 4:14 PM, Pieter Wuille <pieter.wuille at gmail.com>
wrote:
>
> Any alternative to move us away from RIPEMD160 would require:

> <snipped>

“Any alternative”? What about reverting to:

[<public_key>, OP_CHECKSIG]


snip


Could that be the alternative?


Ok, fair enough, that is an alternative that avoids the 160-bit hash
function, but not where it matters. The 80-bit collision attack only
applies to jointly constructed addresses like multisig P2SH, not single-key
ones. As far as I know for those we only rely preimage security, and
RIPEMD160 has 160 bit security there, which is even more than our ECDSA
signatures offer.

-- 
Pieter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170225/6f7d3907/attachment.html>


More information about the bitcoin-dev mailing list