On Tue, Apr 09, 2013 at 11:03:01PM -0400, Peter Todd wrote:
> On Tue, Apr 09, 2013 at 07:53:38PM -0700, Gregory Maxwell wrote:
> 
> Note how we can already do this: P2SH uses Hash160, which is
> RIPE160(SHA256(d)) We still need a new P2SH *address* type, that
> provides the full 256 bits, but no-one uses P2SH addresses yet anyway.
> 
> This will restrict data stuffing to brute forcing hash collisions. It'd
> be interesting working out the math for how effective that is, but it'll
> certainely be expensive in terms of time hashing power that could solve
> shares instead.

Oh, and while we're at it, long-term (hard-fork) it'd be good to change
the tx hash algorithm to extend the merkle tree into the txouts/txins
itself, which means that to prove a given txout exists you only need to
provide it, rather than the full tx.

Currently pruning can't prune a whole tx until every output is spent.
Make that change and we can prune tx's bit by bit, and still be able to
serve nodes requesting proof of their UTXO without making life difficult
for anyone trying to spent old UTXO's. The idea is also part of UTXO
proof stuff anyway.

-- 
'peter'[:-1]@petertodd.org