The cryptocurrency analysts, Bryce Weiner and Andrew Desantis, decided to explain why Segregated Witness (SegWit) – an implementation to make Bitcoin transactions’ size smaller – has a vulnerability. According to them, this improvement made via a soft-fork in 2017, has made Bitcoin susceptible to an attack vector that could steal Bitcoin’s funds from a specific wallet.
With Segregated Witness, Bitcoin transactions are faster and cheaper to be processed by the miners. They require less space in each block allowing more transactions to be processed in each of the blocks. This makes the network much more efficient without having to increase block sizes.
In a blog post written by ProofofResearch, this theory is debunked and explained. According to the author of the blog post, Andrew Desantis claims that they found a way to steal funds from a wallet address just using an address collision.
In a recent tweet, Bryce explains:
“In a single tweet: it has been proved that two deterministic addresses for which one has the private keys may create a transaction which allows one to spend funds at a simulated SegWit address. Should that address collide with an existing funded address, funds may be stolen.”
Following the excerpt used to create Segregated Witness (bech32) addresses it is possible to answer Bryce Weiner that the process of creating a SegWit address (PW2PKH) is the same as the one described by a Twitter user that answered to Bryce.
They are. If we're talking bech32 addresses, you must use a compressed public key, which is an ECDSA public key. That key is then hashed twice with ripemd160 & SHA256.
So there's no way there could be a collision in the way that you described. https://t.co/YHwAZmE8Wd
— CryptoMedication (@ProofofResearch) January 5, 2019
However, Bryce Weiner just explained that the author of the Tweet was wrong commenting in this way.
According to Winer, SegWit addresses could collide with existing addresses. The author also mentions the ECDSA notion, that is important because it makes reference to signatures that adhere to elliptic curve cryptography. According to ProofofResearch, Bitcoin uses the sepc256k1 standard.
If a public key is obfuscated, then, there is no reason to believe or suggest that the SegWit address would correspond to an already existing address.
“None of the above even takes into account that the compressed public key is hashed with SHA256, then hashed again using ripemd160 in order to produce P2KPKH address,” explains the author of the blog post.
In this blog post, the author makes a full explanation of how these two individuals, Weiner and Desantis, were wrong about the claims they made. The author says that if they are able to provide extra information or evidence about it, then they would be able to keep the discussion.