1
2
Pay to public key hash is used in version 1 bitcoin address. Bitcoin address is calculated by sha-256 -ing the public key followed by ripemd160- ing the result. The result can then be encoded in base 58 after 3 more steps as shown in https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses Version byte and address checksum are added to the ripemd which yeilds same result without them-
This: 010966776006953D5567439E5E39F86A0D273BEE
And this: 00010966776006953D5567439E5E39F86A0D273BEED61967F6
Yeilds same result when encoded, then Why is that done?
Thanks! This also means that there's no way to stop spending of funds in case of a public key- address collision, since it deals with ripemd160 part only. We can know that the public key was different after the transaction has taken place. Or am I missing something? – prof.Zoom – 2017-03-11T18:37:17.670
I'm not sure I understand. Private key is used to derive only one public key. Public key is used to derive only one address. No collisions or weaknesses have been found in RIPEMD160. In case of btc, it would mean you need to first get SHA256 right to be able to use it for RIPEMD collision. – ManfredMacx – 2017-03-14T18:58:21.377
Every private key has a unique public key. Every public key is then sha256'd to get a 256 bits hash. A digest of this hash is then created using ripemd 160. Now, for all of 2^256 unique sha256 to be unique we require a sample space of at least n. See: https://en.bitcoin.it/wiki/Secp256k1 which is a little less than 2^256. My question is, how can you create 2^256 unique digests using 2^160 bits of ripemd-160
– prof.Zoom – 2017-03-18T05:25:48.270Ah. Well you can't. For each address there are 2^96 private keys. The collision doesn't happen because of good design of RIPEMD160. – ManfredMacx – 2017-03-18T08:38:28.060