Return-Path: <gavinandresen@gmail.com> Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 9C2C8CBC for <bitcoin-dev@lists.linuxfoundation.org>; Fri, 8 Jan 2016 01:00:45 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-lf0-f46.google.com (mail-lf0-f46.google.com [209.85.215.46]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 04D1711F for <bitcoin-dev@lists.linuxfoundation.org>; Fri, 8 Jan 2016 01:00:44 +0000 (UTC) Received: by mail-lf0-f46.google.com with SMTP id m198so19007017lfm.0 for <bitcoin-dev@lists.linuxfoundation.org>; Thu, 07 Jan 2016 17:00:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=SesBJZCpbb6c9OKVwayIr6l/3YWRpLXhX4nEJcDpNWg=; b=jCBJlEXH1CyPBAisBYVETCdfcrzaOMW3/wFVirSw6d+0aVkEg27J8y6n6dF5KUNIUg /wXMcmjO+TTTmKanrOBUIqyQvaqyNtM+CBqX5LI3df/aADbjrOZsBLBrvt1SgH+AXn1u VjY1ckUeVxdWUwsDJSXxHnwiFXKcsRIbHURsZBRnr+E/Xte5v/mMOLguFkjIn8f9NCFY kzA3vpux+vp/hroXym43dBb4cBpzS3MCObPuO2sKASHMIud/0vf697p4ubZAm7w/58hh hNZ32RlvdoYVYxXyYgqbMPXNxMjVJU6lZpby5fF83axSFuJb0urtIqJ4HVfaN5mfAwsS Xf6Q== MIME-Version: 1.0 X-Received: by 10.25.134.130 with SMTP id i124mr29417174lfd.63.1452214843006; Thu, 07 Jan 2016 17:00:43 -0800 (PST) Received: by 10.25.25.78 with HTTP; Thu, 7 Jan 2016 17:00:42 -0800 (PST) In-Reply-To: <CAPg+sBhH0MODjjp8Avx+Fy_UGqzMjUq_jn3vT3oH=u3711tsSA@mail.gmail.com> References: <CABsx9T3aTme2EQATamGGzeqNqJkUcPGa=0LVidJSRYNznM-myQ@mail.gmail.com> <CAPg+sBhH0MODjjp8Avx+Fy_UGqzMjUq_jn3vT3oH=u3711tsSA@mail.gmail.com> Date: Thu, 7 Jan 2016 20:00:42 -0500 Message-ID: <CABsx9T1cPYorAo=u5YjA1tOoN5GNQpb_hT-ZTG9G9Hp88GgAMA@mail.gmail.com> From: Gavin Andresen <gavinandresen@gmail.com> To: Pieter Wuille <pieter.wuille@gmail.com> Content-Type: multipart/alternative; boundary=001a113fb2e8daec5c0528c81d45 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 08 Jan 2016 01:21:59 +0000 Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org> Subject: Re: [bitcoin-dev] Time to worry about 80-bit collision attacks or not? X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Fri, 08 Jan 2016 01:00:45 -0000 --001a113fb2e8daec5c0528c81d45 Content-Type: text/plain; charset=UTF-8 On Thu, Jan 7, 2016 at 6:52 PM, Pieter Wuille <pieter.wuille@gmail.com> wrote: > Bitcoin does have parts that rely on economic arguments for security or > privacy, but can we please stick to using cryptography that is up to par > for parts where we can? It's a small constant factor of data, and it > categorically removes the worry about security levels. > Our message may have crossed in the mod queue: "So can we quantify the incremental increase in security of SHA256(SHA256) over RIPEMD160(SHA256) versus the incremental increase in security of having a simpler implementation of segwitness?" I believe the history of computer security is that implementation errors and sidechannel attacks are much, much more common than brute-force breaks. KEEP IT SIMPLE. (and a quibble: "do a 80-bit search for B and C such that H(A and B) = H(B and C)" isn't enough, you have to end up with a C public key for which you know the corresponding private key or the attacker just succeeds in burning the funds) -- -- Gavin Andresen --001a113fb2e8daec5c0528c81d45 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On T= hu, Jan 7, 2016 at 6:52 PM, Pieter Wuille <span dir=3D"ltr"><<a href=3D"= mailto:pieter.wuille@gmail.com" target=3D"_blank">pieter.wuille@gmail.com</= a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0= px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);b= order-left-style:solid;padding-left:1ex"><p dir=3D"ltr">Bitcoin does have p= arts that rely on economic arguments for security or privacy, but can we pl= ease stick to using cryptography that is up to par for parts where we can? = It's a small constant factor of data, and it categorically removes the = worry about security levels.</p></blockquote></div>Our message may have cro= ssed in the mod queue:</div><div class=3D"gmail_extra"><br></div><div class= =3D"gmail_extra">"<span style=3D"font-size:12.8px">So can we quantify = the incremental increase in security of SHA256(SHA256) over RIPEMD160(SHA25= 6) versus the incremental increase in security of having a simpler implemen= tation of segwitness?"</span></div><div class=3D"gmail_extra"><br>I be= lieve the history of computer security is that implementation errors and si= dechannel attacks are much, much more common than brute-force breaks. KEEP = IT SIMPLE.</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_ex= tra">(and a quibble: =C2=A0"<span style=3D"font-size:12.8px">do a 80-b= it search for B and C such that H(A and B) =3D H(B and C)" =C2=A0isn&#= 39;t enough, you have to end up with a C public key for which you know the = corresponding private key or the attacker just succeeds in burning the fund= s)</span></div><div class=3D"gmail_extra"><br clear=3D"all"><div><br></div>= -- <br><div class=3D"gmail_signature">--<br>Gavin Andresen<br></div> </div></div> --001a113fb2e8daec5c0528c81d45--