Author: Russell O'Connor 2017-02-25 20:53:12
Published on: 2017-02-25T20:53:12+00:00
In a discussion on the bitcoin-dev mailing list, Ethan Heilman argued that 160-bits are not enough for collision resistance. However, Peter Todd responded by saying that while P2SH's 160-bits may be insufficient in certain use-cases such as multisig, a 160-bit security level is sufficient and RIPEMD160 has 160-bit security against preimage attacks. Thus, pay-to-pubkey-hash is perfectly secure. However, Todd warned that the issue becomes more problematic for more complex contracts like building a P2SH 2-of-2 multisig where if party A is not careful, party B can generate a collision between their second key and another 2-of-2 multisig where they control both keys.
Updated on: 2023-06-11T21:50:15.483058+00:00