Author: Dave Scotese 2016-01-07 20:56:33
Published on: 2016-01-07T20:56:33+00:00
The discussion on the bitcoin-dev mailing list revolves around whether or not extra bytes should be added to the hash function used by Bitcoin, with some arguing that 256-bit ECDSA is overkill and suggesting 160-bit instead. Gavin Andresen suggested using RIPEMD160(SHA256()) as the hash function, which would save 12 bytes, but Pieter Wuille argued that collision security is necessary and that 80 bits of storage should be encouraged. Andresen countered that it's trivial for contract wallets to protect against collision attacks, and that adding extra bytes to prevent an attack that takes 2^80 computation and 2^80 storage is unnecessary. The general question raised was whether or not we should be worried about collision attacks against RIPEMD160, with a successful brute-force collision attack requiring at least O(2^80) CPU and O(2^80) storage, which is infeasible.
Updated on: 2023-06-11T03:00:52.025010+00:00