12
The Bitcoin scripting language has OP_SHA1 as one of its opcodes. However, I'm not able to find any usage of this opcode (it is not used in any standard scripts nor in any other procedures such as block hashing). So my question is: is sha-1 used anywhere in Bitcoin?
16
SHA1 was never commonly used in Bitcoin, but it there is at least one notable use of it, a P2SH script created by Peter Todd to allow anyone to pay to an address that could be spent by anyone proving they had found a SHA1 collision. This bounty was claimed using the published results of several security researchers who generated such a collision. Additional bounties remain open for other hash functions supported by Bitcoin: SHA256, RIPEMD160, SHA256d, and RIPEMD(SHA256()).
There may be other users of OP_SHA1. Because of the way P2SH works (as well as segwit witness script hashes), we can't see what opcodes people have paid to until they've spent from those scripts, so we can't be sure whether or not any particular opcode is currently in use.
Outside of the Bitcoin Protocol, software commonly used in relationship to Bitcoin (such as Git and BitTorrent) continue to use SHA1. Some projects (such as Bitcoin Core) have taken steps to protect their work with more secure hash functions in situations vulnerable to hash collisions.
0
Yes. The earliest use of OP_SHA1 on mainnet is in output script of tx 5342c96b946ea2c5e497de5dbf7762021f94aba2c8222c17ed28492fdbb4a6d9:
SIZE DUP 1 GREATERTHAN VERIFY NEGATE HASH256 HASH160 SHA256 SHA1 RIPEMD160 EQUAL
1Thanks, very interesting, I was not aware of the existance of these bounties! – cpsola – 2018-05-14T12:08:19.350