Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: O(2^80) theoretical attack on P2SH
by
grau
on 02/11/2013, 16:02:56 UTC
Quote from: Undecidable on November 02, 2013, 03:17:36 PM
Quote from: grau on November 02, 2013, 03:04:17 PM
Quote from: adam3us on November 02, 2013, 01:27:54 PM
 That can be done in work O(2^80) (and massive storage), or various time memory tradeoffs with lower storage and more work.

While work might become feasible, a successful attack on P2SH needs more than a collision: an alternate script valid and redeemable by the attacker.


The attacker uses a 1-of-N multisig redeemScript where the first public key is legitimately his and the other keys (up to 130 bytes) are what he keeps twiddling until he finds a collision.
How is this easier than mining private keys that lead to public key hash (aka. an address) of pay to address transaction?