Author: Watson Ladd 2016-01-08 01:27:02
Published on: 2016-01-08T01:27:02+00:00
In this email exchange between Gavin Andresen and Pieter Wuille on the bitcoin-dev mailing list, they discuss the use of cryptography in Bitcoin. While Bitcoin does rely on economic arguments for security and privacy, Wuille argues that using cryptography that is up to par for parts where it can be used will remove worries about security levels. Andresen responds by noting that there are several ways to exploit even chosen prefix collisions using the scripting language, and implementation errors and sidechannel attacks are more common than brute-force breaks. He emphasizes the importance of keeping things simple, citing examples like the Iranian nuclear program and brainwallet users who suffered due to lack of simplicity. Andresen also quibbles with a point made by Wuille, noting that doing an 80-bit search for B and C such that H(A and B) = H(B and C) isn't enough, as one must end up with a C public key for which the corresponding private key is known in order to avoid losing funds.
Updated on: 2023-06-11T02:58:41.314189+00:00