public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Watson Ladd <watsonbladd@gmail.com>
To: Gavin Andresen <gavinandresen@gmail.com>
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Time to worry about 80-bit collision attacks or not?
Date: Thu, 7 Jan 2016 17:27:02 -0800	[thread overview]
Message-ID: <CACsn0cn9ijwc+SzLqVgd+2RvL1xAdu9XdwVqU-zjy=2Qt9J0bg@mail.gmail.com> (raw)
In-Reply-To: <CABsx9T1cPYorAo=u5YjA1tOoN5GNQpb_hT-ZTG9G9Hp88GgAMA@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1615 bytes --]

On Jan 7, 2016 5:22 PM, "Gavin Andresen via bitcoin-dev" <
bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> On Thu, Jan 7, 2016 at 6:52 PM, Pieter Wuille <pieter.wuille@gmail.com>
wrote:
>>
>> Bitcoin does have parts that rely on economic arguments for security or
privacy, but can we please stick to using cryptography that is up to par
for parts where we can? It's a small constant factor of data, and it
categorically removes the worry about security levels.
>
> Our message may have crossed in the mod queue:
>
> "So can we quantify the incremental increase in security of
SHA256(SHA256) over RIPEMD160(SHA256) versus the incremental increase in
security of having a simpler implementation of segwitness?"

There are several clever ways to exploit even chosen prefix collisions
using the scripting language. One could search for collisions where one
message is some data and the other is a jump over a critical check.

>
> I believe the history of computer security is that implementation errors
and sidechannel attacks are much, much more common than brute-force breaks.
KEEP IT SIMPLE.

Ask the Iranian nuclear program. Or those brainwallet users.
>
> (and a quibble:  "do a 80-bit search for B and C such that H(A and B) =
H(B and C)"  isn't enough, you have to end up with a C public key for which
you know the corresponding private key or the attacker just succeeds in
burning the funds)
>
>
> --
> --
> Gavin Andresen
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 2173 bytes --]

  reply	other threads:[~2016-01-08  1:27 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-07 19:02 [bitcoin-dev] Time to worry about 80-bit collision attacks or not? Gavin Andresen
2016-01-07 19:13 ` Matt Corallo
2016-01-07 19:19 ` Adam Back
2016-01-07 20:56   ` Dave Scotese
2016-01-07 21:06     ` Gavin Andresen
2016-01-07 22:56       ` Ethan Heilman
2016-01-07 23:39         ` Gavin Andresen
2016-01-08  1:26           ` Matt Corallo
2016-01-08  1:54             ` Gavin Andresen
2016-01-08 17:38               ` Pieter Wuille
2016-01-08 18:41               ` Peter Todd
2016-01-07 20:40 ` Ethan Heilman
2016-01-07 23:52 ` Pieter Wuille
2016-01-08  1:00   ` Gavin Andresen
2016-01-08  1:27     ` Watson Ladd [this message]
2016-01-08  3:30   ` Rusty Russell
2016-01-08  3:41     ` Matt Corallo
2016-01-08 12:02       ` Rusty Russell
2016-01-08 12:38         ` Gavin Andresen
2016-01-08 14:34           ` Watson Ladd
2016-01-08 15:26             ` Adam Back
2016-01-08 15:33           ` Anthony Towns
2016-01-08 15:46             ` Gavin Andresen
2016-01-08 15:50               ` Gavin Andresen
2016-01-08 15:59                 ` Gavin Andresen
2016-01-11 20:32                 ` Jorge Timón
2016-01-08 16:06               ` Gavin Andresen
2016-01-11  3:57               ` Rusty Russell
2016-01-11  6:57                 ` Peter Todd
2016-01-11 23:57               ` Tier Nolan
2016-01-12  0:00                 ` Tier Nolan
2016-01-12 12:08                   ` Gavin Andresen
2016-01-12 23:22                     ` Zooko Wilcox-O'Hearn
2016-01-08 18:52     ` Peter Todd

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACsn0cn9ijwc+SzLqVgd+2RvL1xAdu9XdwVqU-zjy=2Qt9J0bg@mail.gmail.com' \
    --to=watsonbladd@gmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=gavinandresen@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox