From: Jonas Nick <jonasd.nick@gmail•com>
To: conduition <conduition@proton•me>
Cc: bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] OP_CAT Enables Winternitz Signatures
Date: Tue, 8 Jul 2025 08:07:08 +0000 [thread overview]
Message-ID: <f7f72e13-eaa1-4837-9ba0-4b8d1eddf160@gmail.com> (raw)
In-Reply-To: <Um1180WhyfREJS4CHTfTCzAuDywzNlFlsaIFFwLEGcETcwKCDuJMgSwSs4idfqgCDqtMTuc4FUmcTHWnK2z_tzxw8bdVD9zDiGTCfdbJFjs=@proton.me>
> Agreed. AFAICT, the only reason we'd use WOTS+ over stock
> WOTS (w/o randomizers) would be if we wanted to use a less
> collision-resistant hash algo (RMD160) as the primary hash
> function.
When using RMD160 in WOTS+ instead of SHA256, you reduce the security level to
80 bits. Roughly speaking, while WOTS+ relies only on preimage resistance,
quantum computers get a quadratic speedup finding preimages due to Grover's
algorithm. A more detailed analysis of this is in [0] (see Theorem 2 and Table
1).
> Would OP_HASH160 (aka rmd160(sha256(...))) be a
> possible contender for the hash function here, to shrink
> the witness size further while still retaining some of the
> collision resistance of SHA256?
I'm probably missing something, but I don't see how this would work because you
can find a collision with about 2^80 queries.
[0] https://eprint.iacr.org/2015/1256.pdf (This should have been link [5] in the
previous email, sorry)
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/f7f72e13-eaa1-4837-9ba0-4b8d1eddf160%40gmail.com.
next prev parent reply other threads:[~2025-07-09 18:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-08 3:20 'conduition' via Bitcoin Development Mailing List
[not found] ` <QcOCx8vBMDuw4xf05H5SbIOPee2MZqV5IQa2opvAXcMeMzzFooHYL97qy5ZCLUEjqXHlHoyAucpmkwwU2i3bhO95SJrWP-oRU6mqamnTvRc=@pm.me>
2025-06-09 15:31 ` 'conduition' via Bitcoin Development Mailing List
2025-07-07 10:40 ` Jonas Nick
2025-07-08 0:49 ` 'conduition' via Bitcoin Development Mailing List
2025-07-08 7:03 ` 'conduition' via Bitcoin Development Mailing List
2025-07-08 8:07 ` Jonas Nick [this message]
2025-07-05 12:18 ` Anthony Towns
2025-07-08 0:16 ` 'conduition' via Bitcoin Development Mailing List
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f7f72e13-eaa1-4837-9ba0-4b8d1eddf160@gmail.com \
--to=jonasd.nick@gmail$(echo .)com \
--cc=bitcoindev@googlegroups.com \
--cc=conduition@proton$(echo .)me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox