Author: Pieter Wuille 2016-01-07 23:52:27
Published on: 2016-01-07T23:52:27+00:00
The discussion revolves around collision attacks in contract setups. An attacker can use a collision attack to construct scripts with identical hashes, stealing coins. The solution proposed is to have collision security to protect against such attacks. However, it is argued that using 80 bits for this purpose should not be encouraged. Normal pubkey hashes do not have this problem as they cannot be constructed to pay to the recipient. On the other hand, it is suggested that contract wallets can protect against collision attacks by refusing to accept certain types of scripts and not recognizing them as pay-to-recipient transactions. Additionally, trivial contract protocol tweaks like sending along a proof or pre-committing pubkeys can also provide protection. However, there are concerns about constructing a 2-of-2 multisig escrow in a contract. If an 80-bit search is conducted to find B and C such that H(A and B) = H(B and C), it could lead to theft. Sending along a proof or pre-committing pubkeys may not necessarily help in this case. In conclusion, it is recommended to use cryptography that is up to par for parts where it's possible to do so. This would remove worries about security levels and ensure protection against collision attacks.
Updated on: 2023-05-19T23:01:48.493152+00:00