đź“… Original date posted:2017-02-26
đź“ť Original message:On Feb 25, 2017 22:26, "Steve Davis" <steven.charles.davis at gmail.com> wrote:
Hi Pieter,
> On Feb 25, 2017, at 4:14 PM, Pieter Wuille <pieter.wuille at gmail.com>
wrote:
>
> Any alternative to move us away from RIPEMD160 would require:
> <snipped>
“Any alternative”? What about reverting to:
[<public_key>, OP_CHECKSIG]
snip
Could that be the alternative?
Ok, fair enough, that is an alternative that avoids the 160-bit hash
function, but not where it matters. The 80-bit collision attack only
applies to jointly constructed addresses like multisig P2SH, not single-key
ones. As far as I know for those we only rely preimage security, and
RIPEMD160 has 160 bit security there, which is even more than our ECDSA
signatures offer.
--
Pieter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170225/6f7d3907/attachment.html>;
Pieter Wuille [ARCHIVE] /
npub1tj…jtl6r
2023-06-07 17:56:47
in reply to nevent1q…z9dh
Author Public Key
npub1tjephawh7fdf6358jufuh5eyxwauzrjqa7qn50pglee4tayc2ntqcjtl6rPublished at
2023-06-07 17:56:47Event JSON
{
"id": "c835a96fdd150e15edbdfe1675cf677f9898f4b9c4a38d763dbfe263b9723f7f",
"pubkey": "5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6",
"created_at": 1686160607,
"kind": 1,
"tags": [
[
"e",
"37053a195373ca87d2cc167b4470872a0425d55bfe62c38a20deac2033060b94",
"",
"root"
],
[
"e",
"eb8d16b0cdad0b7cd7dda99709727d8e9866348de1a03430463bb06d77167ec7",
"",
"reply"
],
[
"p",
"2c450c87d1e160ec6a769c39cfb12a3c52dac051b06e101e1125095ce50f31d7"
]
],
"content": "📅 Original date posted:2017-02-26\n📝 Original message:On Feb 25, 2017 22:26, \"Steve Davis\" \u003csteven.charles.davis at gmail.com\u003e wrote:\n\nHi Pieter,\n\n\u003e On Feb 25, 2017, at 4:14 PM, Pieter Wuille \u003cpieter.wuille at gmail.com\u003e\nwrote:\n\u003e\n\u003e Any alternative to move us away from RIPEMD160 would require:\n\n\u003e \u003csnipped\u003e\n\n“Any alternative”? What about reverting to:\n\n[\u003cpublic_key\u003e, OP_CHECKSIG]\n\n\nsnip\n\n\nCould that be the alternative?\n\n\nOk, fair enough, that is an alternative that avoids the 160-bit hash\nfunction, but not where it matters. The 80-bit collision attack only\napplies to jointly constructed addresses like multisig P2SH, not single-key\nones. As far as I know for those we only rely preimage security, and\nRIPEMD160 has 160 bit security there, which is even more than our ECDSA\nsignatures offer.\n\n-- \nPieter\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170225/6f7d3907/attachment.html\u003e",
"sig": "8f69c4371e17c6195b976bc627971766932ea28d8069a0c0272a5fef1d92ae3d9798fc22ccb228c24558b9fec3f7b326ef043e5cc41bff6c2cfcb218060e83d6"
}