|
|
|
|
|
|
by tcoppi
3701 days ago
|
|
|
I didn't actually read the analysis, but to find two arbitrary inputs that hash to the same value for a 128-bit hash, collisions would follow the birthday bound, so it would take 2^(128/2) = 2^64 effort. Definitely not out of the realm of possibility for a modestly-funded effort, and certainly less security than I would expect for a cryptocurrency. |
|
|
The good news here is that a Zcash team member found this weakness in the Zcash protocol and it's being fixed before it ships.
Kudos to the Zcash team for employing aggressive internal security auditing.