Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: SHA-2* family maybe broken in several years.
by
DeathAndTaxes
on 22/12/2013, 06:58:11 UTC
Quote from: masterlogin on December 22, 2013, 06:34:51 AM
In either case it's not enough to break SHA256, it's also needed to break RIPEMD160 and ECDSA.

You could "just" break RIPEMD-160 & SHA-256 OR ECDSA (limited to addresses where the PubKey is known).

Find a PubKeyB such that for an existing PubKey A they both produce the same PubKeyHash.

i.e.
PubKeyA =/= PubKey B
RIPEMD-160(SHA-256(PubKeyA)) == PubKeyHashA
RIPEMD-160(SHA-256(PubKeyB)) == PubKeyHashB
PubKeyHashA == PubKeyHashB

If PubKeyHashA == PubKeyHashB then the private key for either PubKeyA or PubKeyB can spend coins sent to Address A or B. In a "normal" Bitcoin tx (PayToPubKeyHash) you are not locking funds to a specific PubKey but locking them to a specific PubKeyHash.