🐊
Ambush attacks on 160bit
objectIDs & addresses
by Mysten Labs cryptography team March 27, 2023
Our recent internal audits and analysis re hash execution cost show that the cost of
160bit hash collision attacks is in the feasibility range of just a few millions $,
making it possible even for non-statewide adversaries.
Proposal: switch to 256bit objectIDs (and inherently addresses too).
Impact and attacks
Before going into details on why this attack is feasible, let’s assume someone can
create two objectIDs that collide. This is an offline attack, no need to interact with the
blockchain until you find a collision. This is possible because ObjectID creation is a
deterministic function based on the transaction data or the parent ObjectID, depending
on the object type. In any case, no unpredictable randomness is involved, and thus one
could offline compute potential ObjectIDs.