diff --git a/ch04_keys.adoc b/ch04_keys.adoc index 73dc736d..d7708254 100644 --- a/ch04_keys.adoc +++ b/ch04_keys.adoc @@ -887,7 +887,7 @@ Then they'll replace it on the stack with its deserialized value: The script is executed and, if it passes and all of the other transaction details are correct, the transaction is valid. -Addresses for Pay-to-Script-Hash (P2SH) are also created with +Addresses for P2SH are also created with base58check. The version prefix is set to 5, which results in an encoded address starting with a +3+. An example of a P2SH address is +3F6i6kwkevjR7AsAd4te2YB2zZyASEm1HM+. @@ -906,7 +906,7 @@ common over time. Legacy addresses were supplanted by the bech32 family of addresses. [[p2sh_collision_attacks]] -.P2SH collision attacks +.P2SH Collision Attacks **** All addresses based on hash functions are theoretically vulnerable to an attacker independently finding the same input that produced the hash @@ -916,18 +916,17 @@ key and be able to spend that user's bitcoins. The chance of an attacker independently generating the input for an existing commitment is proportional to the strength of the hash algorithm. For a secure 160-bit algorithm like HASH160, the probability is 1-in-2^160^. This is -a _pre-image attack_. +a _preimage attack_. -An attacker can also try to generate two different inputs (e.g. redeem +An attacker can also try to generate two different inputs (e.g., redeem scripts) that produce the same commitment. For addresses created entirely by a single party, the chance of an attacker generating a different input for an existing commitment is also about 1-in-2^160^ for -the HASH160 algoritm. This is a _second pre-image attack_. +the HASH160 algorithm. This is a _second preimage attack_. However, this changes when an attacker is able to influence the original input value. For example, an attacker participates in the creation of a -multisignature script where the attacker doesn't need to submit his -public key until after he learns all of the other party's public keys. +multisignature script where tthey don't need to submit their public key until after he learns all of the other party's public keys. In that case, the strength of hash algorithm is reduced to its square root. For HASH160, the probability becomes 1-in-2^80^. This is a _collision attack_.