summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Todd <pete@petertodd.org>2017-06-27 00:13:08 -0400
committerbitcoindev <bitcoindev@gnusha.org>2017-06-27 04:13:14 +0000
commit776cf70c29b0e975ea8727e575478f445079ad93 (patch)
treea6d43ba553631aa33bb128d9b6da14de9db7da1e
parent17afaa811714d611db6c46bb227dea6a62fb2948 (diff)
downloadpi-bitcoindev-776cf70c29b0e975ea8727e575478f445079ad93.tar.gz
pi-bitcoindev-776cf70c29b0e975ea8727e575478f445079ad93.zip
Re: [bitcoin-dev] A Method for Computing Merkle Roots of Annotated Binary Trees
-rw-r--r--ff/7f3a5e981f43af9cb1c93aaa583d6207cbcb48119
1 files changed, 119 insertions, 0 deletions
diff --git a/ff/7f3a5e981f43af9cb1c93aaa583d6207cbcb48 b/ff/7f3a5e981f43af9cb1c93aaa583d6207cbcb48
new file mode 100644
index 000000000..050d443cf
--- /dev/null
+++ b/ff/7f3a5e981f43af9cb1c93aaa583d6207cbcb48
@@ -0,0 +1,119 @@
+Return-Path: <pete@petertodd.org>
+Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
+ [172.17.192.35])
+ by mail.linuxfoundation.org (Postfix) with ESMTPS id BEC96918
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Tue, 27 Jun 2017 04:13:14 +0000 (UTC)
+X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
+Received: from outmail149055.authsmtp.co.uk (outmail149055.authsmtp.co.uk
+ [62.13.149.55])
+ by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0B98FCC
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Tue, 27 Jun 2017 04:13:13 +0000 (UTC)
+Received: from mail-c245.authsmtp.com (mail-c245.authsmtp.com [62.13.128.245])
+ by punt21.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v5R4DBnX062202;
+ Tue, 27 Jun 2017 05:13:11 +0100 (BST)
+Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com
+ [52.5.185.120]) (authenticated bits=0)
+ by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id v5R4D9iJ064003
+ (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
+ Tue, 27 Jun 2017 05:13:10 +0100 (BST)
+Received: from [127.0.0.1] (localhost [127.0.0.1])
+ by petertodd.org (Postfix) with ESMTPSA id 18E5A4019E;
+ Tue, 27 Jun 2017 04:13:09 +0000 (UTC)
+Received: by localhost (Postfix, from userid 1000)
+ id 6D66F207F9; Tue, 27 Jun 2017 00:13:08 -0400 (EDT)
+Date: Tue, 27 Jun 2017 00:13:08 -0400
+From: Peter Todd <pete@petertodd.org>
+To: "Russell O'Connor" <roconnor@blockstream.io>
+Message-ID: <20170627041308.GA23776@savin.petertodd.org>
+References: <CAMZUoK=f3hXHkqJBDfiLGSrgXi_ppgyH6+XWD9W54EYFWLm1+Q@mail.gmail.com>
+ <20170528082624.GA14552@fedora-23-dvm>
+ <CAMZUoK=8xaVp2Qoc7kvx8FdPbpY0rEpSba8kQVRQGjX4p0haxg@mail.gmail.com>
+MIME-Version: 1.0
+Content-Type: multipart/signed; micalg=pgp-sha256;
+ protocol="application/pgp-signature"; boundary="a8Wt8u1KmwUX3Y2C"
+Content-Disposition: inline
+In-Reply-To: <CAMZUoK=8xaVp2Qoc7kvx8FdPbpY0rEpSba8kQVRQGjX4p0haxg@mail.gmail.com>
+User-Agent: Mutt/1.5.23 (2014-03-12)
+X-Server-Quench: ee7e8ab8-5aee-11e7-801f-9cb654bb2504
+X-AuthReport-Spam: If SPAM / abuse - report it at:
+ http://www.authsmtp.com/abuse
+X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
+ aAdMdAUUEkAaAgsB AmEbW1FeUV57WGM7 bghPaBtcak9QXgdq
+ T0pMXVMcUgAKBWgI X2QeVB1ydwYIfXx0 ZQg3C3cOVBUofVt4
+ ExsBCGwHMGB9YGAe Bl1RJFFSdQcYLB1A alQxNiYHcQ5VPz4z
+ GA41ejw8IwAXAWxw Tx0NKl5aT0ERVhU7 QggfATQpEgUgSj8w
+ KxFuEFkbAF1ZNUt6 GF0nXk4RLxIeaEV0 HkdEGj4RG0MMSjFD
+X-Authentic-SMTP: 61633532353630.1039:706
+X-AuthFastPath: 0 (Was 255)
+X-AuthSMTP-Origin: 52.5.185.120/25
+X-AuthVirus-Status: No virus detected - but ensure you scan with your own
+ anti-virus system.
+X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
+ autolearn=ham version=3.3.1
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+ smtp1.linux-foundation.org
+Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
+Subject: Re: [bitcoin-dev] A Method for Computing Merkle Roots of Annotated
+ Binary Trees
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.12
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Tue, 27 Jun 2017 04:13:14 -0000
+
+
+--a8Wt8u1KmwUX3Y2C
+Content-Type: text/plain; charset=us-ascii
+Content-Disposition: inline
+Content-Transfer-Encoding: quoted-printable
+
+On Mon, May 29, 2017 at 10:55:37AM -0400, Russell O'Connor wrote:
+> > This doesn't hold true in the case of pruned trees, as for the pruning =
+to
+> > be
+> > useful, you don't know what produced the left merkleRoot, and thus you
+> > can't
+> > guarantee it is in fact a midstate of a genuine SHA256 hash.
+> >
+>=20
+> Thanks for the review Peter. This does seem like a serious issue that I
+> hadn't considered yet. As far as I understand, we have no reason to think
+> that the SHA-256 compression function will be secure with chosen initial
+> values.
+
+Relevant: fixed points can be found for the SHA256 compression function, if=
+ the
+attacker can control the IV:
+
+https://crypto.stackexchange.com/questions/48580/fixed-point-of-the-sha-256=
+-compression-function
+
+--=20
+https://petertodd.org 'peter'[:-1]@petertodd.org
+
+--a8Wt8u1KmwUX3Y2C
+Content-Type: application/pgp-signature; name="signature.asc"
+Content-Description: Digital signature
+
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAEBCAAGBQJZUdtPAAoJECSBQD2l8JH7vW8H+wTog/EVQkNq5Zu5i8dNMSk1
+u7XfJST+3iJn7BluFL2OqEQMOWw6IxVha96ETHE45rxSdpugfDg4Jz7tZ1kuuoId
+onkGVvAQeRXWgAY/AKjZ6CrMF1bEpmoNzed2Mz4cq4M4VfItLQupM7dmeTiM/VEN
+DgiBXmE3PhnLkM9Oj8evjiuW9BQaqGNfHBHxIWQyNmB7YfhlB+WPY2M4RFhsW65z
+s0vuQTMS7/jTSK0luRFmDmQmv781XQhgFfuqWLwZtIPKU9YODiBil3WQClQOV1J/
+PDHcZvl2DaNjO2IhIh20EvJjwbuFtUC5Qv4iEJedjadv+1iwpTmsFp63rhkrc7Y=
+=rZye
+-----END PGP SIGNATURE-----
+
+--a8Wt8u1KmwUX3Y2C--
+