Author: Tier Nolan 2016-01-11 23:57:59
Published on: 2016-01-11T23:57:59+00:00
In a discussion on the bitcoin-dev mailing list, Gavin Andresen asked about how long it would take for a 2^84 attack where the work is an ECDSA private to public key derivation. However, another participant in the discussion suggested that the EC multiply may not actually be necessary. They proposed that with compressed public keys, the script selection rule could just be a sha256 call instead. The proposed code involves calculating script values based on the parity of previous hashes and compressed public keys. If a collision is found, the algorithm needs to be run four times rather than two. The advantage of this method is that no EC multiply is required and each step involves only 2 sha256 calls and a ripemd160 call.
Updated on: 2023-06-11T03:00:32.543447+00:00