1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
Return-Path: <watsonbladd@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 5197F305
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 25 Feb 2017 20:42:59 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wr0-f171.google.com (mail-wr0-f171.google.com
[209.85.128.171])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6AA11240
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 25 Feb 2017 20:42:58 +0000 (UTC)
Received: by mail-wr0-f171.google.com with SMTP id g10so30322131wrg.2
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 25 Feb 2017 12:42:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=mS7Prb6EAoLuD6PgEEDSgUN9EVsFlGZ1b27pqbLko2U=;
b=RoXNPGgb8ehKDxHRskdWPYqNcpRRpxHUh0L1ur7GgaKrsE85lMWDLo8SLFGD58T4nS
DvKsgZmGYm1WUDZ7k6DdH/8tOdfym/f8aFHRUS8jPqc4VZMuzw4/nToTEVRJ+o2tiF/y
RneNuoZlSlMaJgxHpKH0XMK0VuedQH0T1cw8gtl9nBjp0PmDfXvVXaQi9nSq81cLXWRa
Me0nVYIhVYfjWD04uNsQpHVvrgbongBU1tDgDHLO+Oy3N7H0cGn4iTexhmZUljs0ugGd
YOnBYhiGmMQssIiApU4QsTiW6qaPbAjbdi9y5YHDABRqieDowF+7Gjkfzn8jmwC6gx/U
sHtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=mS7Prb6EAoLuD6PgEEDSgUN9EVsFlGZ1b27pqbLko2U=;
b=RTLfhf6UDrXkdA8dp5SZ8PC3lXiadRDAt8+SGGOrvf2xP3cJDGfuW9OshDIJV4tIXk
cW0PEweD9JqXAKzneXUcJ61A34mQhr3QLmnbxmWc0RlFoLUocF0UL5wUSI7CHRuDwRxD
e28R3hAoLWcCEXh5b+v+U8K44X8afKgP4NK0xVNegPHV6hwjjtCMTy8A0IJZdL0gSjdm
sjA9qwXW3VB9nfRF5nHh7FYTAZFj98MpND+XSngdi4v48wB0tSyBrRL1gq1TtjJ5OZJS
EF2X2ZgykeLya7KTGmm80K92XQxkZjbN20qZfdjy4gOaxA+5HrcYkL1WcDerUZC0UgNp
TBhA==
X-Gm-Message-State: AMke39lGmCjfFeNenZXRWZNIfBvHC+AxDOr7aV8SE7h0mExq46VXPiWc16tGv9M5Mr7VJwjkX1hSAaImPOPWlQ==
X-Received: by 10.223.171.229 with SMTP id s92mr8263114wrc.64.1488055376967;
Sat, 25 Feb 2017 12:42:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.164.18 with HTTP; Sat, 25 Feb 2017 12:42:56 -0800 (PST)
In-Reply-To: <20170225191201.GA15472@savin.petertodd.org>
References: <mailman.22137.1487974823.31141.bitcoin-dev@lists.linuxfoundation.org>
<8F096BE1-D305-43D4-AF10-2CC48837B14F@gmail.com>
<20170225010122.GA10233@savin.petertodd.org>
<208F93FE-B7C8-46BE-8E00-52DBD0F43415@gmail.com>
<CAN6UTayzQRowtWhLKr8LyFuXjw3m+GjQGtHfkDj-Xu41Hym32w@mail.gmail.com>
<CAEM=y+WkgSkc07ZsU6APAkcu37zVZ7dwSc=jAg1nho31S5ZyxQ@mail.gmail.com>
<20170225191201.GA15472@savin.petertodd.org>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 25 Feb 2017 12:42:56 -0800
Message-ID: <CACsn0ckikbifubOMoZphHcreXHzg=ELcPhOD02VhD-J8-MyaBA@mail.gmail.com>
To: Peter Todd <pete@petertodd.org>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: text/plain; charset=UTF-8
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Sat, 25 Feb 2017 21:06:41 +0000
Cc: Steve Davis <steven.charles.davis@gmail.com>
Subject: Re: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by
third-parties, not just repo maintainers
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Feb 2017 20:42:59 -0000
On Sat, Feb 25, 2017 at 11:12 AM, Peter Todd via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> On Sat, Feb 25, 2017 at 11:10:02AM -0500, Ethan Heilman via bitcoin-dev wrote:
>> >SHA1 is insecure because the SHA1 algorithm is insecure, not because
>> 160bits isn't enough.
>>
>> I would argue that 160-bits isn't enough for collision resistance. Assuming
>> RIPEMD-160(SHA-256(msg)) has no flaws (i.e. is a random oracle), collisions
>
> That's something that we're well aware of; there have been a few discussions on
> this list about how P2SH's 160-bits is insufficient in certain use-cases such
> as multisig.
>
> However, remember that a 160-bit *security level* is sufficient, and RIPEMD160
> has 160-bit security against preimage attacks. Thus things like
> pay-to-pubkey-hash are perfectly secure: sure you could generate two pubkeys
> that have the same RIPEMD160(SHA256()) digest, but if someone does that it
> doesn't cause the Bitcoin network itself any harm, and doing so is something
> you choose to do to yourself.
P2SH is not secure against collision. I could write two scripts with
the same hash, one of which is an escrow script and the other which
pays it to me, have someone pay to the escrow script, and then get the
payment. Some formal analysis tools would ignore the unused
instructions even if human analysis would not.
>
> In any case, segwit will provide a 256-bit pay-to-witness-script-hash(1), which
> provides a 128-bit security level against collision attacks.
>
> 1) https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki#Native_P2WSH
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--
"Man is born free, but everywhere he is in chains".
--Rousseau.
|
