1. How do you get Private Key B that's needed to sign the transaction?
You would compute PubKeyB from PrivKeyB.
2. Isn't address generation RIPEMD-160(SHA-256(PubKey)) rather than RIPEMD-160(SHA-256(SHA-256(PubKey))?
Yes. Posting technical answers after bedtime is not recommended. I fixed it.
Find a PubKeyB such that for an existing PubKey A they both produce the same PubKeyHash.
This implies a break in EC crypto as well, since by definition there is no efficient way to generate the private key from the public key the only way of doing this is by trial and error.
It depends on how severe the break in the hashing algorithm is. Current to find a PubKeyHash preimage requires 2^160 inputs. That is computationally infeasible. If both RIPEMD-160 & SHA-256 were found to be significantly weakened through cryptanalysis it is possible (although unlikely in my opinion) that the average number of operations to produce a preimage would be reduced to a level that would make it computationally possible feasible to produce that number of keypairs.
That being said I honestly don't think this will be a useful attack vector, just pointing it out for he sake of completeness. IMHO it is far more likely that ECDSA (or ECC in general or the specific curve used for Bitcoin) will be "broken" (and Bitcoin will migrate to new stronger address systems) than either hashing algorithm (much less both of them). Hashing algorithms have stood the test of time better than Public Key crypto and that advantage is compounded by the fact that Bitcoin uses two different algorithms.
Slight off topic but related: One thing I have always wondered is why Satoshi didn't "harden" mining the same way. Something made Satoshi decide to "harden" the PubKeyHash by using two separate algorithms. Why didn't he use the same hashing algorithm for both mining and pubkeys (i.e. hash = RIPEMD-160(SHA-2(SHA-2(input))) or hash = RIPEMD-160(SHA-2(input)) for both PubKeyHash and BlockHash )? Whatever enhanced protected (however small or academic) it provides one it would provide the other. It is likely academical because a break in SHA-256 might not even undermine mining but the code was there why not use it in both places? We likely will never know.
