arno/bitcoinbook
1
0
Fork 0
mirror of https://github.com/bitcoinbook/bitcoinbook synced 2025-05-29 20:28:48 +00:00
Code Issues Releases Wiki Activity

Edited ch04_keys.adoc with Atlas code editor

Browse Source
This commit is contained in:
rgordon 2023-09-29 23:43:31 +00:00
parent 12790ac979
commit 543c4aaecc
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ch04_keys.adoc
View File

@ -887,7 +887,7 @@ Then they'll replace it on the stack with its deserialized value:
The script is executed and, if it passes and all of the other The script is executed and, if it passes and all of the other
transaction details are correct, the transaction is valid. transaction details are correct, the transaction is valid.
Addresses for Pay-to-Script-Hash (P2SH) are also created with Addresses for P2SH are also created with
base58check. The version prefix is set to 5, which results in an base58check. The version prefix is set to 5, which results in an
encoded address starting with a +3+. An example of a P2SH address is encoded address starting with a +3+. An example of a P2SH address is
+3F6i6kwkevjR7AsAd4te2YB2zZyASEm1HM+. +3F6i6kwkevjR7AsAd4te2YB2zZyASEm1HM+.
@ -906,7 +906,7 @@ common over time.
Legacy addresses were supplanted by the bech32 family of addresses. Legacy addresses were supplanted by the bech32 family of addresses.
[[p2sh_collision_attacks]] [[p2sh_collision_attacks]]
.P2SH collision attacks .P2SH Collision Attacks
**** ****
All addresses based on hash functions are theoretically vulnerable to an All addresses based on hash functions are theoretically vulnerable to an
attacker independently finding the same input that produced the hash attacker independently finding the same input that produced the hash
@ -916,18 +916,17 @@ key and be able to spend that user's bitcoins. The chance of an attacker
independently generating the input for an existing commitment is independently generating the input for an existing commitment is
proportional to the strength of the hash algorithm. For a secure proportional to the strength of the hash algorithm. For a secure
160-bit algorithm like HASH160, the probability is 1-in-2^160^. This is 160-bit algorithm like HASH160, the probability is 1-in-2^160^. This is
a _pre-image attack_. a _preimage attack_.
An attacker can also try to generate two different inputs (e.g. redeem An attacker can also try to generate two different inputs (e.g., redeem
scripts) that produce the same commitment. For addresses created scripts) that produce the same commitment. For addresses created
entirely by a single party, the chance of an attacker generating a entirely by a single party, the chance of an attacker generating a
different input for an existing commitment is also about 1-in-2^160^ for different input for an existing commitment is also about 1-in-2^160^ for
the HASH160 algoritm. This is a _second pre-image attack_. the HASH160 algorithm. This is a _second preimage attack_.
However, this changes when an attacker is able to influence the original input However, this changes when an attacker is able to influence the original input
value. For example, an attacker participates in the creation of a value. For example, an attacker participates in the creation of a
multisignature script where the attacker doesn't need to submit his multisignature script where tthey don't need to submit their public key until after he learns all of the other party's public keys.
public key until after he learns all of the other party's public keys.
In that case, the strength of hash algorithm is reduced to its square In that case, the strength of hash algorithm is reduced to its square
root. For HASH160, the probability becomes 1-in-2^80^. This is a root. For HASH160, the probability becomes 1-in-2^80^. This is a
_collision attack_. _collision attack_.