1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
Return-Path: <gavinandresen@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 62CFED6C
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 7 Jan 2016 21:06:33 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-lf0-f47.google.com (mail-lf0-f47.google.com
[209.85.215.47])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BBCD1171
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 7 Jan 2016 21:06:32 +0000 (UTC)
Received: by mail-lf0-f47.google.com with SMTP id m198so16368437lfm.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 07 Jan 2016 13:06:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=X58pafNW/36TLVJ4jyXwsGNnsiWeFc0Gn0ok4MKEBZc=;
b=kXKAZSNqxKiEn71fOpb4Xr5xMQCbIH7nZsEKrM+rhweuNGnyhqg84iYXHWYbSuOPUt
55F9u3p3xtyI3UmKx3dWz2JGM04NpJYs1Phk4/vhHEjaWLUH02LYpfSrVCL1A1bXUQNp
dQOKkccuwlqaj0uCKL1YPhs0ydqm4jN3fdVEVWc9UlId+pnayeh41jgbsJLmM9x24ZxZ
7q5uVqQ25Pu01C2/o0e3ONyJuKVLXQSNZaaDzJ4vj3c80XUuLbmbVieWKVgnrOmvaEm8
OSB4AeAIMWHrwCKi+0qXAxk1RR4HRwDEajar4ncV8wyVd8DW6f8I6n3wqld7X20PoeSd
uYHQ==
MIME-Version: 1.0
X-Received: by 10.25.134.130 with SMTP id i124mr29138604lfd.63.1452200790826;
Thu, 07 Jan 2016 13:06:30 -0800 (PST)
Received: by 10.25.25.78 with HTTP; Thu, 7 Jan 2016 13:06:30 -0800 (PST)
In-Reply-To: <CAGLBAhczEceqDp6XPSVLJ0FuTcmZgYkVnUE4rspb3JdeHnZJUg@mail.gmail.com>
References: <CABsx9T3aTme2EQATamGGzeqNqJkUcPGa=0LVidJSRYNznM-myQ@mail.gmail.com>
<CALqxMTHjvFT2aCBYDEiG-6F5qvsXK57_LR6ttpPb3xUG2i443w@mail.gmail.com>
<CAGLBAhczEceqDp6XPSVLJ0FuTcmZgYkVnUE4rspb3JdeHnZJUg@mail.gmail.com>
Date: Thu, 7 Jan 2016 16:06:30 -0500
Message-ID: <CABsx9T0JX41bOQxjPg7QFUKGEwgFaCGFzR3ySbaqFwy4i28Hbg@mail.gmail.com>
From: Gavin Andresen <gavinandresen@gmail.com>
To: Dave Scotese <dscotese@litmocracy.com>
Content-Type: multipart/alternative; boundary=001a113fb2e847a86a0528c4d866
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 07 Jan 2016 21:22:12 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Time to worry about 80-bit collision attacks or
not?
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2016 21:06:33 -0000
--001a113fb2e847a86a0528c4d866
Content-Type: text/plain; charset=UTF-8
Maybe I'm asking this question on the wrong mailing list:
Matt/Adam: do you have some reason to think that RIPEMD160 will be broken
before SHA256?
And do you have some reason to think that they will be so broken that the
nested hash construction RIPEMD160(SHA256()) will be vulnerable?
Adam: re: "where to stop" : I'm suggesting we stop exactly at the current
status quo, where we use RIPEMD160 for P2SH and P2PKH.
Ethan: your algorithm will find two arbitrary values that collide. That
isn't useful as an attack in the context we're talking about here (both of
those values will be useless as coin destinations with overwhelming
probability).
Dave: you described a first preimage attack, which is 2**160 cpu time and
no storage.
--
--
Gavin Andresen
--001a113fb2e847a86a0528c4d866
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Maybe I'm asking this question on the wrong maili=
ng list:</div><div><br></div><div>Matt/Adam: do you have some reason to thi=
nk that RIPEMD160 will be broken before SHA256?</div><div>And do you have s=
ome reason to think that they will be so broken that the nested hash constr=
uction RIPEMD160(SHA256()) will be vulnerable?</div><div><br></div><div>Ada=
m: re: "where to stop" =C2=A0: =C2=A0I'm suggesting we stop e=
xactly at the current status quo, where we use RIPEMD160 for P2SH and P2PKH=
.</div><div><br></div><div>Ethan: =C2=A0your algorithm will find two arbitr=
ary values that collide. That isn't useful as an attack in the context =
we're talking about here (both of those values will be useless as coin =
destinations with overwhelming probability).</div><div><br></div><div>Dave:=
you described a first preimage attack, which is 2**160 cpu time and no sto=
rage.</div><div class=3D"gmail_extra"><div><br></div><div><br></div>-- <br>=
<div class=3D"gmail_signature">--<br>Gavin Andresen<br></div>
</div></div>
--001a113fb2e847a86a0528c4d866--
|
