Author: Gavin Andresen 2016-01-08 01:54:00
Published on: 2016-01-08T01:54:00+00:00
In an email thread, Matt Corallo and Gavin Andresen discussed the possibility of weakening crypto used to protect billions of dollars of bitcoin. Corallo believed that accepting some risk was necessary to eliminate one unlikely attack, where a bug in the code or test cases would have to decide what to do with "version 0" vs. "version 1" witness programs. He proposed to use a version 0 witness program, RIPEMD160(SHA256(script)), now, and then revisit it in ten or twenty years if there is a plausible attack on RIPEMD160 and/or SHA256. This proposal would simplify the BIP, require half as many test cases, offer a little more scalability, and be as secure as P2SH and P2PKH. However, Andresen was disappointed with the "Here's the spec, take it or leave it" attitude and questioned the point of having a BIP process if discussion just comes down to "We think more is better.
Updated on: 2023-06-11T03:00:20.222697+00:00