summaryrefslogtreecommitdiff
path: root/ac/eb16ab6023cd9b81cb37a4aad20e36e48af189
blob: 5a64c0a13c20f15d618980afcd6a05c0ef5b4907 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
Return-Path: <gavinandresen@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 9C2C8CBC
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Fri,  8 Jan 2016 01:00:45 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-lf0-f46.google.com (mail-lf0-f46.google.com
	[209.85.215.46])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 04D1711F
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Fri,  8 Jan 2016 01:00:44 +0000 (UTC)
Received: by mail-lf0-f46.google.com with SMTP id m198so19007017lfm.0
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 07 Jan 2016 17:00:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=SesBJZCpbb6c9OKVwayIr6l/3YWRpLXhX4nEJcDpNWg=;
	b=jCBJlEXH1CyPBAisBYVETCdfcrzaOMW3/wFVirSw6d+0aVkEg27J8y6n6dF5KUNIUg
	/wXMcmjO+TTTmKanrOBUIqyQvaqyNtM+CBqX5LI3df/aADbjrOZsBLBrvt1SgH+AXn1u
	VjY1ckUeVxdWUwsDJSXxHnwiFXKcsRIbHURsZBRnr+E/Xte5v/mMOLguFkjIn8f9NCFY
	kzA3vpux+vp/hroXym43dBb4cBpzS3MCObPuO2sKASHMIud/0vf697p4ubZAm7w/58hh
	hNZ32RlvdoYVYxXyYgqbMPXNxMjVJU6lZpby5fF83axSFuJb0urtIqJ4HVfaN5mfAwsS
	Xf6Q==
MIME-Version: 1.0
X-Received: by 10.25.134.130 with SMTP id i124mr29417174lfd.63.1452214843006; 
	Thu, 07 Jan 2016 17:00:43 -0800 (PST)
Received: by 10.25.25.78 with HTTP; Thu, 7 Jan 2016 17:00:42 -0800 (PST)
In-Reply-To: <CAPg+sBhH0MODjjp8Avx+Fy_UGqzMjUq_jn3vT3oH=u3711tsSA@mail.gmail.com>
References: <CABsx9T3aTme2EQATamGGzeqNqJkUcPGa=0LVidJSRYNznM-myQ@mail.gmail.com>
	<CAPg+sBhH0MODjjp8Avx+Fy_UGqzMjUq_jn3vT3oH=u3711tsSA@mail.gmail.com>
Date: Thu, 7 Jan 2016 20:00:42 -0500
Message-ID: <CABsx9T1cPYorAo=u5YjA1tOoN5GNQpb_hT-ZTG9G9Hp88GgAMA@mail.gmail.com>
From: Gavin Andresen <gavinandresen@gmail.com>
To: Pieter Wuille <pieter.wuille@gmail.com>
Content-Type: multipart/alternative; boundary=001a113fb2e8daec5c0528c81d45
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Fri, 08 Jan 2016 01:21:59 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Time to worry about 80-bit collision attacks or
	not?
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2016 01:00:45 -0000

--001a113fb2e8daec5c0528c81d45
Content-Type: text/plain; charset=UTF-8

On Thu, Jan 7, 2016 at 6:52 PM, Pieter Wuille <pieter.wuille@gmail.com>
wrote:

> Bitcoin does have parts that rely on economic arguments for security or
> privacy, but can we please stick to using cryptography that is up to par
> for parts where we can? It's a small constant factor of data, and it
> categorically removes the worry about security levels.
>
Our message may have crossed in the mod queue:

"So can we quantify the incremental increase in security of SHA256(SHA256)
over RIPEMD160(SHA256) versus the incremental increase in security of
having a simpler implementation of segwitness?"

I believe the history of computer security is that implementation errors
and sidechannel attacks are much, much more common than brute-force breaks.
KEEP IT SIMPLE.

(and a quibble:  "do a 80-bit search for B and C such that H(A and B) = H(B
and C)"  isn't enough, you have to end up with a C public key for which you
know the corresponding private key or the attacker just succeeds in burning
the funds)


-- 
--
Gavin Andresen

--001a113fb2e8daec5c0528c81d45
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On T=
hu, Jan 7, 2016 at 6:52 PM, Pieter Wuille <span dir=3D"ltr">&lt;<a href=3D"=
mailto:pieter.wuille@gmail.com" target=3D"_blank">pieter.wuille@gmail.com</=
a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0=
px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);b=
order-left-style:solid;padding-left:1ex"><p dir=3D"ltr">Bitcoin does have p=
arts that rely on economic arguments for security or privacy, but can we pl=
ease stick to using cryptography that is up to par for parts where we can? =
It&#39;s a small constant factor of data, and it categorically removes the =
worry about security levels.</p></blockquote></div>Our message may have cro=
ssed in the mod queue:</div><div class=3D"gmail_extra"><br></div><div class=
=3D"gmail_extra">&quot;<span style=3D"font-size:12.8px">So can we quantify =
the incremental increase in security of SHA256(SHA256) over RIPEMD160(SHA25=
6) versus the incremental increase in security of having a simpler implemen=
tation of segwitness?&quot;</span></div><div class=3D"gmail_extra"><br>I be=
lieve the history of computer security is that implementation errors and si=
dechannel attacks are much, much more common than brute-force breaks. KEEP =
IT SIMPLE.</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_ex=
tra">(and a quibble: =C2=A0&quot;<span style=3D"font-size:12.8px">do a 80-b=
it search for B and C such that H(A and B) =3D H(B and C)&quot; =C2=A0isn&#=
39;t enough, you have to end up with a C public key for which you know the =
corresponding private key or the attacker just succeeds in burning the fund=
s)</span></div><div class=3D"gmail_extra"><br clear=3D"all"><div><br></div>=
-- <br><div class=3D"gmail_signature">--<br>Gavin Andresen<br></div>
</div></div>

--001a113fb2e8daec5c0528c81d45--