Security: HASH160 vs. SHA256

One of the hidden upgrades in the transition to SegWit Multisig was the move from 160-bit hashes to 256-bit hashes. This was a proactive move by the Bitcoin developers to defend against future mathematical attacks.

1. The Collision Problem

A "Collision" is when two different scripts produce the same hash. If an attacker can find two scripts:

• Script A: A fair 2-of-3 multisig.

• Script B: A script that gives the attacker full control. If both have the same hash, the attacker could trick you into sending money to that hash and then use Script B to steal it.

2. Birthday Attack Math

The difficulty of finding a collision is related to the length of the hash.

• 160-bit hash (HASH160): Requires approximately 2^80 operations to find a collision. This is extremely difficult but theoretically possible for a state-level actor with massive supercomputers.

• 256-bit hash (SHA256): Requires 2^128 operations. This is considered physically impossible for the foreseeable future, even with every computer on earth working together.

3. SegWit's Upgrade

When SegWit was designed, the developers decided that P2WSH (Witness Scripts) should always use the stronger 32-byte (256-bit) SHA256.

• Single Key: Uses 20-byte HASH160 (because a single key hash is harder to manipulate).

• Multisig: Uses 32-byte SHA256 (because scripts are flexible and easier to craft for collisions).

4. Why Legacy P2SH is still safe

Legacy P2SH (the 3-series addresses) still uses 20-byte HASH160. While theoretically less secure than 256-bit, no one has ever successfully performed a collision attack on a 160-bit Bitcoin script. However, by moving multisig to 256-bit, Bitcoin has ensured its security for decades to come.

Feature	Legacy P2SH	SegWit Multisig (WSH)
Hash Length	160 Bits	256 Bits
Security Level	~80 Bits	~128 Bits
Attack Type	Birthday Attack	Mathematically Impossible

In the final section, we will build a Python P2SH-P2WSH Auditor.