diff options
author | Peter Todd <pete@petertodd.org> | 2017-06-27 00:13:08 -0400 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2017-06-27 04:13:14 +0000 |
commit | 776cf70c29b0e975ea8727e575478f445079ad93 (patch) | |
tree | a6d43ba553631aa33bb128d9b6da14de9db7da1e | |
parent | 17afaa811714d611db6c46bb227dea6a62fb2948 (diff) | |
download | pi-bitcoindev-776cf70c29b0e975ea8727e575478f445079ad93.tar.gz pi-bitcoindev-776cf70c29b0e975ea8727e575478f445079ad93.zip |
Re: [bitcoin-dev] A Method for Computing Merkle Roots of Annotated Binary Trees
-rw-r--r-- | ff/7f3a5e981f43af9cb1c93aaa583d6207cbcb48 | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/ff/7f3a5e981f43af9cb1c93aaa583d6207cbcb48 b/ff/7f3a5e981f43af9cb1c93aaa583d6207cbcb48 new file mode 100644 index 000000000..050d443cf --- /dev/null +++ b/ff/7f3a5e981f43af9cb1c93aaa583d6207cbcb48 @@ -0,0 +1,119 @@ +Return-Path: <pete@petertodd.org> +Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org + [172.17.192.35]) + by mail.linuxfoundation.org (Postfix) with ESMTPS id BEC96918 + for <bitcoin-dev@lists.linuxfoundation.org>; + Tue, 27 Jun 2017 04:13:14 +0000 (UTC) +X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 +Received: from outmail149055.authsmtp.co.uk (outmail149055.authsmtp.co.uk + [62.13.149.55]) + by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0B98FCC + for <bitcoin-dev@lists.linuxfoundation.org>; + Tue, 27 Jun 2017 04:13:13 +0000 (UTC) +Received: from mail-c245.authsmtp.com (mail-c245.authsmtp.com [62.13.128.245]) + by punt21.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v5R4DBnX062202; + Tue, 27 Jun 2017 05:13:11 +0100 (BST) +Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com + [52.5.185.120]) (authenticated bits=0) + by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v5R4D9iJ064003 + (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); + Tue, 27 Jun 2017 05:13:10 +0100 (BST) +Received: from [127.0.0.1] (localhost [127.0.0.1]) + by petertodd.org (Postfix) with ESMTPSA id 18E5A4019E; + Tue, 27 Jun 2017 04:13:09 +0000 (UTC) +Received: by localhost (Postfix, from userid 1000) + id 6D66F207F9; Tue, 27 Jun 2017 00:13:08 -0400 (EDT) +Date: Tue, 27 Jun 2017 00:13:08 -0400 +From: Peter Todd <pete@petertodd.org> +To: "Russell O'Connor" <roconnor@blockstream.io> +Message-ID: <20170627041308.GA23776@savin.petertodd.org> +References: <CAMZUoK=f3hXHkqJBDfiLGSrgXi_ppgyH6+XWD9W54EYFWLm1+Q@mail.gmail.com> + <20170528082624.GA14552@fedora-23-dvm> + <CAMZUoK=8xaVp2Qoc7kvx8FdPbpY0rEpSba8kQVRQGjX4p0haxg@mail.gmail.com> +MIME-Version: 1.0 +Content-Type: multipart/signed; micalg=pgp-sha256; + protocol="application/pgp-signature"; boundary="a8Wt8u1KmwUX3Y2C" +Content-Disposition: inline +In-Reply-To: <CAMZUoK=8xaVp2Qoc7kvx8FdPbpY0rEpSba8kQVRQGjX4p0haxg@mail.gmail.com> +User-Agent: Mutt/1.5.23 (2014-03-12) +X-Server-Quench: ee7e8ab8-5aee-11e7-801f-9cb654bb2504 +X-AuthReport-Spam: If SPAM / abuse - report it at: + http://www.authsmtp.com/abuse +X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR + aAdMdAUUEkAaAgsB AmEbW1FeUV57WGM7 bghPaBtcak9QXgdq + T0pMXVMcUgAKBWgI X2QeVB1ydwYIfXx0 ZQg3C3cOVBUofVt4 + ExsBCGwHMGB9YGAe Bl1RJFFSdQcYLB1A alQxNiYHcQ5VPz4z + GA41ejw8IwAXAWxw Tx0NKl5aT0ERVhU7 QggfATQpEgUgSj8w + KxFuEFkbAF1ZNUt6 GF0nXk4RLxIeaEV0 HkdEGj4RG0MMSjFD +X-Authentic-SMTP: 61633532353630.1039:706 +X-AuthFastPath: 0 (Was 255) +X-AuthSMTP-Origin: 52.5.185.120/25 +X-AuthVirus-Status: No virus detected - but ensure you scan with your own + anti-virus system. +X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW + autolearn=ham version=3.3.1 +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + smtp1.linux-foundation.org +Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> +Subject: Re: [bitcoin-dev] A Method for Computing Merkle Roots of Annotated + Binary Trees +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.12 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Tue, 27 Jun 2017 04:13:14 -0000 + + +--a8Wt8u1KmwUX3Y2C +Content-Type: text/plain; charset=us-ascii +Content-Disposition: inline +Content-Transfer-Encoding: quoted-printable + +On Mon, May 29, 2017 at 10:55:37AM -0400, Russell O'Connor wrote: +> > This doesn't hold true in the case of pruned trees, as for the pruning = +to +> > be +> > useful, you don't know what produced the left merkleRoot, and thus you +> > can't +> > guarantee it is in fact a midstate of a genuine SHA256 hash. +> > +>=20 +> Thanks for the review Peter. This does seem like a serious issue that I +> hadn't considered yet. As far as I understand, we have no reason to think +> that the SHA-256 compression function will be secure with chosen initial +> values. + +Relevant: fixed points can be found for the SHA256 compression function, if= + the +attacker can control the IV: + +https://crypto.stackexchange.com/questions/48580/fixed-point-of-the-sha-256= +-compression-function + +--=20 +https://petertodd.org 'peter'[:-1]@petertodd.org + +--a8Wt8u1KmwUX3Y2C +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: Digital signature + +-----BEGIN PGP SIGNATURE----- + +iQEcBAEBCAAGBQJZUdtPAAoJECSBQD2l8JH7vW8H+wTog/EVQkNq5Zu5i8dNMSk1 +u7XfJST+3iJn7BluFL2OqEQMOWw6IxVha96ETHE45rxSdpugfDg4Jz7tZ1kuuoId +onkGVvAQeRXWgAY/AKjZ6CrMF1bEpmoNzed2Mz4cq4M4VfItLQupM7dmeTiM/VEN +DgiBXmE3PhnLkM9Oj8evjiuW9BQaqGNfHBHxIWQyNmB7YfhlB+WPY2M4RFhsW65z +s0vuQTMS7/jTSK0luRFmDmQmv781XQhgFfuqWLwZtIPKU9YODiBil3WQClQOV1J/ +PDHcZvl2DaNjO2IhIh20EvJjwbuFtUC5Qv4iEJedjadv+1iwpTmsFp63rhkrc7Y= +=rZye +-----END PGP SIGNATURE----- + +--a8Wt8u1KmwUX3Y2C-- + |