๐
Original date posted:2014-03-27
๐ Original message:Le 27/03/2014 13:49, Mike Hearn a รฉcrit :
> Ah, BIP32 allows for a range of entropy sizes and it so happens that
> they picked 256 bits instead of 128 bits.
>
> I'd have thought that there is a right answer for this. 2^128 should not
> be brute forceable, and longer sizes have a cost in terms of making the
> seeds harder to write down on paper. So should this be a degree of freedom?
>
Here is what I understand:
2^128 iterations is not brute forcable today, and will not be for the
foreseeable future.
An EC pubkey of length n can be forced in approximately 2^(n/2)
iterations (see http://ecc-challenge.info/) Thus, Bitcoin pubkeys, which
are 256 bits, would require 2^128 iterations. This is why unused
addresses (160 bits hash) are better protected than already used ones.
However, people tend to believe that a public key of size n requires 2^n
iterations. This belief might have been spread by this popular image:
https://bitcointalk.org/index.php?topic=508880.msg5616146#msg5616146
Thomas Voegtlin [ARCHIVE] /
npub10fโฆ7ej47
2023-06-07 15:16:22
in reply to nevent1qโฆdey2
Author Public Key
npub10f96gqrsu4qpygfgvuvzce47aavjvql703egfde0l2hua8dzpszs67ej47Published at
2023-06-07 15:16:22Event JSON
{
"id": "6d8b3fd466145d10d4966538d05c3ab36cae2a06673bffa0c5f1313c52d4be41",
"pubkey": "7a4ba40070e54012212867182c66beef592603fe7c7284b72ffaafce9da20c05",
"created_at": 1686150982,
"kind": 1,
"tags": [
[
"e",
"d9ddea79394f356d989e65ab112610cc90e9929cf3c160da3cfe266aeba22200",
"",
"root"
],
[
"e",
"e0c6b752e66ff2f1d234bc7c78dc446c1ac84e2a528e78d111bbb5ae58bf26fd",
"",
"reply"
],
[
"p",
"f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2"
]
],
"content": "๐
Original date posted:2014-03-27\n๐ Original message:Le 27/03/2014 13:49, Mike Hearn a รฉcrit :\n\u003e Ah, BIP32 allows for a range of entropy sizes and it so happens that\n\u003e they picked 256 bits instead of 128 bits.\n\u003e\n\u003e I'd have thought that there is a right answer for this. 2^128 should not\n\u003e be brute forceable, and longer sizes have a cost in terms of making the\n\u003e seeds harder to write down on paper. So should this be a degree of freedom?\n\u003e\n\n\nHere is what I understand:\n\n2^128 iterations is not brute forcable today, and will not be for the \nforeseeable future.\n\nAn EC pubkey of length n can be forced in approximately 2^(n/2) \niterations (see http://ecc-challenge.info/) Thus, Bitcoin pubkeys, which \nare 256 bits, would require 2^128 iterations. This is why unused \naddresses (160 bits hash) are better protected than already used ones.\n\nHowever, people tend to believe that a public key of size n requires 2^n \niterations. This belief might have been spread by this popular image:\nhttps://bitcointalk.org/index.php?topic=508880.msg5616146#msg5616146",
"sig": "c76fdc05ba515c670c431806663d7c1803eb2ffd90e19f321b0418cc63c0e084ff8db32d0687304700f97de599e688700aff72726e303dd6a35eba66fc6e60d4"
}