Thanks, Anthony, that works! So...
How many years until we think a 2^84 attack where the work is an ECDSA private->public key derivation will take a reasonable amount of time? And Ethan or Anthony: can you think of a similar attack scheme if you assume we had switched to Schnorr 2-of-2 signatures by then? And to everybody who might not be reading this closely: All of the above is discussing collision attacks; none of it is relevant in the normal case where your wallet generates the scriptPubKey. -- -- Gavin Andresen
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev