From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6369CE75 for ; Fri, 8 Jan 2016 15:46:55 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-lb0-f179.google.com (mail-lb0-f179.google.com [209.85.217.179]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BE0BD171 for ; Fri, 8 Jan 2016 15:46:54 +0000 (UTC) Received: by mail-lb0-f179.google.com with SMTP id sv6so219119198lbb.0 for ; Fri, 08 Jan 2016 07:46:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=gBCqCGW7Xyw8WdNEjpoPEXEmE8eAI8sYWX62sYvuSoU=; b=yhH3FqjSd3J25K0tCqChtDByjnCOCWyMuLjUGmJZuDS7XzMbYe2EOtvVHWd8wtTGo5 e6yeGcOVFB24RDb3ItULkn0J5wdw0TjpPdvKkvrUh5+HEwm/bAq3ZFBPq2WjuG8TpUyq SHyrHX8RJEurnxHeV9WcW9mH5bt5ueY5m/pp1jINBBMMwFiKif+Y1IVmVf/94r/7soH7 rfo/XqeQBlkM4S+GLe0ruIsKURX1ovDqB0/9g6dD1cBUv6hxIIuijF2vN+tN35EgHUj+ hh9mAt1CQxeSvP7L8s3+YuBQxYFsy+DbcUfsTXSGD2EM/tkaYZJtO+XEBqDqw57IBcNi rYlA== MIME-Version: 1.0 X-Received: by 10.112.157.69 with SMTP id wk5mr40763561lbb.74.1452268013312; Fri, 08 Jan 2016 07:46:53 -0800 (PST) Received: by 10.25.25.78 with HTTP; Fri, 8 Jan 2016 07:46:53 -0800 (PST) In-Reply-To: <20160108153329.GA15731@sapphire.erisian.com.au> References: <8760z4rbng.fsf@rustcorp.com.au> <8737u8qnye.fsf@rustcorp.com.au> <20160108153329.GA15731@sapphire.erisian.com.au> Date: Fri, 8 Jan 2016 10:46:53 -0500 Message-ID: From: Gavin Andresen To: Anthony Towns Content-Type: multipart/alternative; boundary=001a11c2abd60d671b0528d47fe5 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 08 Jan 2016 17:39:52 +0000 Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] Time to worry about 80-bit collision attacks or not? X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2016 15:46:55 -0000 --001a11c2abd60d671b0528d47fe5 Content-Type: text/plain; charset=UTF-8 Thanks, Anthony, that works! So... How many years until we think a 2^84 attack where the work is an ECDSA private->public key derivation will take a reasonable amount of time? And Ethan or Anthony: can you think of a similar attack scheme if you assume we had switched to Schnorr 2-of-2 signatures by then? And to everybody who might not be reading this closely: All of the above is discussing collision attacks; none of it is relevant in the normal case where your wallet generates the scriptPubKey. -- -- Gavin Andresen --001a11c2abd60d671b0528d47fe5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Thanks, Anthony, that works!

So...

How many years until we think a 2^84 attack where the = work is an ECDSA private->public key derivation will take a reasonable a= mount of time?

And Ethan or Anthony: =C2=A0can you think of a similar attack scheme= if you assume we had switched to Schnorr 2-of-2 signatures by then?
<= div class=3D"gmail_extra">

And to everybody who might not be reading this clo= sely: =C2=A0All of the above is discussing collision attacks; none of it is= relevant in the normal case where your wallet generates the scriptPubKey.<= /div>



--
--
Gavi= n Andresen
--001a11c2abd60d671b0528d47fe5--