From “Mastering Bitcoin: Programming the Open Blockchain 3d edition, Ch4” :
All addresses based on hash functions are theoretically vulnerable to an attacker independently finding the same input that produced the hash function output (com‐ mitment). In the case of Bitcoin, if they find the input the same way the original user did, they’ll know the user’s private key and be able to spend that user’s bitcoins.
Bitcoin uses elliptic curve arithmetics for private and public keys, the only thing which is hashed is a public key, so the best thing we can reveal is a public key, isn’t it?
(I’m not considering P2SH)
Or we can somehow get a private key with successful collision attack?
