On Feb 25, 2017 22:26, "Steve Davis" <steven.charles.davis@gmail.com> wrote:

Hi Pieter,

> On Feb 25, 2017, at 4:14 PM, Pieter Wuille <pieter.wuille@gmail.com> wrote:
>
> Any alternative to move us away from RIPEMD160 would require:

> <snipped>

“Any alternative”? What about reverting to:

[<public_key>, OP_CHECKSIG]

snip

Could that be the alternative?

Ok, fair enough, that is an alternative that avoids the 160-bit hash function, but not where it matters. The 80-bit collision attack only applies to jointly constructed addresses like multisig P2SH, not single-key ones. As far as I know for those we only rely preimage security, and RIPEMD160 has 160 bit security there, which is even more than our ECDSA signatures offer.

Pieter