ripemd160 - collisions

[ripemdhash]

Hello,

I am a new user of this forum. However, before registering, I have been reading various posts related to technical issues for a long time. I'm very curious if anyone has managed to find a collision in RIPEMD160 on Bitcoin addresses. Are there any known collision data with public keys, and if possible, with private keys as well?

[GR Sasa]

shortest answer that you'll ever hear in your life.

no

[vjudeu]

You can just watch 3KyiQEGqqdb4nqfhUzGKN6KPhXmQsLNpay address from this puzzle. As long as those coins are here, you can be quite sure that there are no collisions. And you can always add more coins to be sure that people have enough incentive to share such collisions.

[ripemdhash]

1NqyFopy2LAghcL4o5xjiuSaRFo3KoPNSo  - after hash160 ->  c51b66bced5e4491001bd702669770dccf440982
1GVXnKbEbcuUAB6iF2dvgVTUKQwpZ2NpUk - after hash160 -> c51b66bced5e4491001bd702669770dccf440982
1LRhnNWHoAfLjVZe51XXMYCuBJmvPvE1sE - after hash160 -> c51b66bced5e4491001bd702669770dccf440982


hash160 -> sha 256 with ripemd160

of course after it is real address "1JyCwfjA8jYwMxcf6E7DXSs6rpcnZ2uppi"

it is collision? in sha256 or in ripemd160?

[PawGo]

1NqyFopy2LAghcL4o5xjiuSaRFo3KoPNSo  - after hash160 ->  c51b66bced5e4491001bd702669770dccf440982
1GVXnKbEbcuUAB6iF2dvgVTUKQwpZ2NpUk - after hash160 -> c51b66bced5e4491001bd702669770dccf440982
1LRhnNWHoAfLjVZe51XXMYCuBJmvPvE1sE - after hash160 -> c51b66bced5e4491001bd702669770dccf440982

I am not sure what you wanted to show, but it completely makes no sense for me. Could you explain step by step?

I am a new user of this forum. However, before registering, I have been reading various posts related to technical issues for a long time. I'm very curious if anyone has managed to find a collision in RIPEMD160 on Bitcoin addresses. Are there any known collision data with public keys, and if possible, with private keys as well?

Some scientific progress has been made (https://eprint.iacr.org/2023/285) but it is still very far from a simple every-day use. In other words - RIPEMD160 is still secure.

[ripemdhash]

input to sha256:
1NqyFopy2LAghcL4o5xjiuSaRFo3KoPNSo
1GVXnKbEbcuUAB6iF2dvgVTUKQwpZ2NpUk
1LRhnNWHoAfLjVZe51XXMYCuBJmvPvE1sE

output of sha256:

4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a


so it is collisions on sha256:)

am I first?

Is any reward for finding collision on sha256?

[garlonicon]

4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

This value is just SHA-256 for "01" byte. That means you are calling SHA-256 on different data than you think.

Is any reward for finding collision on sha256?

You can try to spend coins from 35Snmmy3uhaer2gTboc81ayCip4m9DT4ko, but then you need two values: providing "01" byte alone is not sufficient.

[witcher_sense]

input to sha256:
1NqyFopy2LAghcL4o5xjiuSaRFo3KoPNSo
1GVXnKbEbcuUAB6iF2dvgVTUKQwpZ2NpUk
1LRhnNWHoAfLjVZe51XXMYCuBJmvPvE1sE

output of sha256:

4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a


so it is collisions on sha256:)

am I first?

Is any reward for finding collision on sha256?

You are the first who calculated sha256 hash incorrectly 3 times in a row.

Code:

~ $ echo -n 1NqyFopy2LAghcL4o5xjiuSaRFo3KoPNSo | sha256sum
42ba835e9f265ec93bc684ea0ddc40d08dfbe1e73c52eaf91248219135bb46d2  -

~ $ echo -n 1GVXnKbEbcuUAB6iF2dvgVTUKQwpZ2NpUk | sha256sum
0be415623f3adca5d958654df19e19ecf60fd25aa31b1b1b44bb41a8cdae2b7c  -

~ $ echo -n 1LRhnNWHoAfLjVZe51XXMYCuBJmvPvE1sE | sha256sum
d08bd4cf1aaafbf137a42350170d3e7fb127655dcd0edbc26dae683eba8193cc

[ymgve2]

input to sha256:
1NqyFopy2LAghcL4o5xjiuSaRFo3KoPNSo
1GVXnKbEbcuUAB6iF2dvgVTUKQwpZ2NpUk
1LRhnNWHoAfLjVZe51XXMYCuBJmvPvE1sE

output of sha256:

4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a


so it is collisions on sha256:)

am I first?

Is any reward for finding collision on sha256?

your sha256/ripemd160 library is expecting a hexadecimal input, and stops on the first non-hex character it encounters. they all start with "1" then a non-hex char so they all have the "same" "hash"

[digaran]

Look, stop mixing things, you could hash whatever you want and extract addresses from them, I even found an address with more than 70 BTC balance, it has a colliding RMD hash.

When I was working on hashes, I found so many interesting things, like hashing an address with SHA-256 and then RMD-160 to arrive at the same address again, can't recall exactly, when I have the time to go through my laptop files, I will show you so many things, like finding your desired checksum using WIFsolver tool etc.

Take this address,
12zqc8j8Btu8fvDbTTky9PXEMkd9ub5K5s
Perform SHA-256 on the first 2 characters "12" and Perform RMD-160 on the hash 256 then convert to address, you will see the same address, coincidence? Definitely.

Hash 160 (sha256+rmd160) of (converted to address)

12 = 12zqc8j8Btu8fvDbTTky9PXEMkd9ub5K5s
14 = 16gbG4hC3sTsZXn47KG6uWcjN8ww6EB5Xi

Here, a magic trick!  Just perform sha256 on the following address  ,12noFjFNrtaCcBDMZ5ZMpJQbUPLD4MGpL6 or "12"  3 times, then use the third hash as private key to generate uncompressed address, tell me what you see? 😉 this happens when you mix base58, rmd160, sha256 and secp256k1. Totally normal, I was so excited first when I discovered all of these, now I spend my time on the real deal stuff (public keys + & - ). 🙂

[pooya87]

Perform SHA-256 on the first 2 characters "12" and Perform RMD-160 on the hash 256 then convert to address, you will see the same address, coincidence? Definitely.

Most probably this is not a coincidence or a collision for that matter. Considering the addresses you shared were never spent from they could be categorized as addresses that were created from the hash like some sort of silly puzzle not from a public key. In other words nobody can spend these coins because they don't have the key, they just did what you did (hashed 2 characters and then created that address).
Something like this:

Code:

for (chars from 0x10 to 0x1f)
  hash = compute(Base16.Decode(0x+chars))
  address = encode(hash)
  if (address[1..2] == chars)
    print (address)
    burn_coins_by_sending_to(address)