[Cryptography] Sony finding SHA1 collisions?

Peter Todd pete at petertodd.org
Mon Dec 15 04:36:27 EST 2014

On Mon, Dec 15, 2014 at 10:23:48PM +1300, Peter Gutmann wrote:
> Peter Todd <pete at petertodd.org> writes:
> >There's a 2.474BTC reward outstanding for anyone who has a SHA1 hash
> >collision: 37k7toV1Nv4DfmQbmZ8KuZDQCYK9x5KpzP
> I'd be far more interested in the \infty BTC reward outstanding for anyone who
> can find collisions for RIPEMD-160(SHA-256(x)).

RIPEMD160(SHA256()) is address 39VXyuoc6SXYKp9TcAhoiN1mb4ns6z3Yu6.
SHA256(SHA256()) is address 3DUQQvz4t57Jy7jxE86kyFcNpKtURNf1VW.

Note though that a simple collision is not sufficent to steal Bitcoins -
you specifically need a preimage attack except in certain escrow
situations where you can control the P2SH redeemScript generated.
(easily fixed by requiring all parties to pre-commit to a nonce and
including the hash of the concatenation of those nonces in the resulting

Also as I say in my disclaimers from my original post:

"Note that the value of your SHA256, RIPEMD160, RIPEMD160(SHA256()) or
SHA256^2 bounty may be diminished by the act of collecting it."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141215/56726f7e/attachment.sig>

More information about the cryptography mailing list