On Feb 25, 2017 22:26, "Steve Davis" <[email protected]> wrote:
Hi Pieter, > On Feb 25, 2017, at 4:14 PM, Pieter Wuille <[email protected]> wrote: > > Any alternative to move us away from RIPEMD160 would require: > <snipped> “Any alternative”? What about reverting to: [<public_key>, OP_CHECKSIG] snip Could that be the alternative? Ok, fair enough, that is an alternative that avoids the 160-bit hash function, but not where it matters. The 80-bit collision attack only applies to jointly constructed addresses like multisig P2SH, not single-key ones. As far as I know for those we only rely preimage security, and RIPEMD160 has 160 bit security there, which is even more than our ECDSA signatures offer. -- Pieter
_______________________________________________ bitcoin-dev mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
