Delivery-date: Sat, 03 May 2025 05:08:00 -0700
Received: from mail-yw1-f185.google.com ([209.85.128.185])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBCJNLJPWXAIBBF4O3DAAMGQELWMKZWQ@googlegroups.com>)
	id 1uBBex-0000SL-OW
	for bitcoindev@gnusha.org; Sat, 03 May 2025 05:08:00 -0700
Received: by mail-yw1-f185.google.com with SMTP id 00721157ae682-708b6b57e67sf35513227b3.0
        for <bitcoindev@gnusha.org>; Sat, 03 May 2025 05:07:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1746274074; x=1746878874; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=AKfWnzQdt8Cetx3u8ZEON95Sn8aM7+ZQsLlrd9bJh3k=;
        b=MkHBCyN+Yp2v+QVLl938G2MfBJUFqHFiEpi/Ev1mXJvNj8JUGs6Q7QYr5sHypVGwHc
         EioHCLAQo1Epd9LiMPpXPIy6Yt2hgAaebnrLtL8DdA+jygCb1H4Z4MrpqOQ+eeyijHpf
         j2dbQdQpQAGfE1woyLgdrox33VqfqE1skgaibPLYckTVdNsz8+4gUuxo2ml6gvD12YXq
         l8tYPitHqRXQHi6/Bb43ACup8j20kYSwdKhb5m4FnuOPQzUrlD2IDBa3CeOZjrVXmz2s
         epAh4ZnkiPN7UnV+ukLSNiubo0siyfD8sQSB2QcpUNuHiujLg7QMq8WIC6oJxrhSbBSH
         eNHg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1746274074; x=1746878874; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:from:to:cc
         :subject:date:message-id:reply-to;
        bh=AKfWnzQdt8Cetx3u8ZEON95Sn8aM7+ZQsLlrd9bJh3k=;
        b=lRR5ebfeIo2qwanGIAr1wQ77VglgKjVKxdcPp6HSbymOwJMFQcbD0ruoOXNmbTICm/
         f4Rd6uTwr7+Uil8qp9G2yOrQHTQv3AppWpv8yO84u7krtckZ52+ilp3LDopoboV+udaX
         bJ/Oovhi8zB0KQJXygItPtaUqQCuHoy1Lqu3AcckEzXf33IiVGGU3vUn0ZLGeoKp2xVt
         0GZ0KF9F2s4cjLRGG6eCD7ko36xAPXlsByYt475BCdxC2s4vc8c0Sh7sif95+lnqEuAY
         ZFU9nQTLJnh4EJESn+n1v+iNAQkjPrGr1wdUZisOaCnqKDBCC4jzO3b4SK8gFxNRZIye
         +UPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1746274074; x=1746878874;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:x-beenthere
         :x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=AKfWnzQdt8Cetx3u8ZEON95Sn8aM7+ZQsLlrd9bJh3k=;
        b=BPgpG/mG7eNwm+HF5k8AZu/y2oHd2LcnjU5D5tDUOjZW/2AGOZoz2eKewzYsaDn7JV
         BedJGTsrAK6Bqy1r2Gygz+aAygFFdidpHyzSk7XrsyCD9duZ1kuZwOGpK7iBnJQqsBsz
         xQyZAmAkl0U3pSh4N5BgH4963JRveB6q8aB74HAiN/NEQb98yx33r5r23oYABHFh8ID9
         ecjwEvShNr7Uzc+0cX3IeENt04lzVorA3djQ+okdeHs2mzk3MCjMp5D6CPollhzlqwA6
         h3Gm8aEVTsjXYt47P2ykN7xuB4hFt9u2NoCSO3aI/GrgcSThoF58A1lGABjVAC50sP8a
         pQsA==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCW2nrJFV9pB5T0m9c0li9e3cJ2EyU+mVjZvWsOyWHWXgfAkaU2KhoMBgzdmJg+XYRo/c/XFJvvZH4sX@gnusha.org
X-Gm-Message-State: AOJu0Yz8AUcs1JFV2A7SGbd2YFlQaBPBWPC9tp4PgFttyB7y5qYO7KXw
	kNr8rSFtHl2X85+enTcaKSrpV56sPtLdbBmYO1fcOD7aAFbFciAP
X-Google-Smtp-Source: AGHT+IE8mPQAv7bYOKOOJqYsHORY69+DRnkviy4c8uxJHuRfTSF0CQUlwWGyU+4rSn0cjGzTaxLRKg==
X-Received: by 2002:a05:6902:18cc:b0:e6e:84a:e7e5 with SMTP id 3f1490d57ef6-e757d0cc356mr855403276.7.1746274073887;
        Sat, 03 May 2025 05:07:53 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AVT/gBHzXP3yr5pYH3AsHL4RoRV54Amqff+ZBOXu2wdAMHa9og==
Received: by 2002:a25:2d0e:0:b0:e74:6e83:3091 with SMTP id 3f1490d57ef6-e74dc4dae65ls1242940276.1.-pod-prod-01-us;
 Sat, 03 May 2025 05:07:50 -0700 (PDT)
X-Received: by 2002:a05:690c:6308:b0:6ef:5c57:904 with SMTP id 00721157ae682-708cf00ed15mr82974807b3.7.1746274070648;
        Sat, 03 May 2025 05:07:50 -0700 (PDT)
Received: by 2002:a81:d448:0:b0:706:b535:945d with SMTP id 00721157ae682-708cfda3e38ms7b3;
        Sat, 3 May 2025 05:02:13 -0700 (PDT)
X-Received: by 2002:a05:690c:4c04:b0:702:46ca:dc7b with SMTP id 00721157ae682-708cf03e25amr92288587b3.16.1746273732438;
        Sat, 03 May 2025 05:02:12 -0700 (PDT)
Date: Sat, 3 May 2025 05:02:12 -0700 (PDT)
From: Greg Maxwell <gmaxwell@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <fbf06c5b-57b6-4615-99bb-3a7ea31ebf22n@googlegroups.com>
In-Reply-To: <CAExE9c8XfEH__onX3DhUQh0OnvpoOLwRRp8+Z6PozyKGtqpspw@mail.gmail.com>
References: <CAPv7TjaM0tfbcBTRa0_713Bk6Y9jr+ShOC1KZi2V3V2zooTXyg@mail.gmail.com>
 <cc2dfa79-89f0-4170-9725-894ea189a0e2n@googlegroups.com>
 <CAPv7TjaDGr4HCdQ0rR6_ma5zh2umU9r3_529szdswn_GjjnuCw@mail.gmail.com>
 <69194329-4ce6-4272-acc5-fd913a7986f3n@googlegroups.com>
 <CAExE9c8XfEH__onX3DhUQh0OnvpoOLwRRp8+Z6PozyKGtqpspw@mail.gmail.com>
Subject: Re: [bitcoindev] Re: SwiftSync - smarter synchronization with hints
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_114048_2047070228.1746273732107"
X-Original-Sender: gmaxwell@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)

------=_Part_114048_2047070228.1746273732107
Content-Type: multipart/alternative; 
	boundary="----=_Part_114049_1352252162.1746273732107"

------=_Part_114049_1352252162.1746273732107
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Saturday, May 3, 2025 at 11:55:28=E2=80=AFAM UTC Sanket Kanjalkar wrote:

> hash(UTXO_A||salt) + hash(UTXO_B||salt) - hash(UTXO_C||salt) -=20
hash(UTXO_D||salt) =3D=3D 0 (proving (A=3D=3DC && B=3D=3DD) || (A=3D=3DD &&=
 B=3D=3DC))

What if instead of hash we encrypt with AES and modular add/subs? I cannot=
=20
prove it; but I also don't see a clear way this is broken.=20

1. Sample random symmetric key `k`
2. Instead of above; AES_k(UTXO_A) + AES_k(UTXO_B) - AES_k(UTXO_C) -=20
AES(UTXO_D) =3D=3D 0 =3D>  (proving (A=3D=3DC && B=3D=3DD) || (A=3D=3DD && =
B=3D=3DC))?


AES in CTR mode is, I'm not sure about other modes? Obviously CTR mode=20
would be unsuitable! (I mean sure modular add/sub and xor are different=20
operations but they are quite close).  I think that in many modes the=20
collision resistance would have to at least be restricted by the birthday=
=20
bound with the small block size. I think CMC might be needed to avoid that=
=20
sort of issue.

=20

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
fbf06c5b-57b6-4615-99bb-3a7ea31ebf22n%40googlegroups.com.

------=_Part_114049_1352252162.1746273732107
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div><div dir=3D"auto">On Saturday, May 3, 2025 at 11:55:28=E2=80=AFAM UTC =
Sanket Kanjalkar wrote:<br /></div><blockquote style=3D"margin: 0px 0px 0px=
 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div=
 dir=3D"ltr">&gt; hash(UTXO_A||salt) + hash(UTXO_B||salt) - hash(UTXO_C||sa=
lt) - hash(UTXO_D||salt) =3D=3D 0 (proving (A=3D=3DC &amp;&amp; B=3D=3DD) |=
| (A=3D=3DD &amp;&amp; B=3D=3DC))<br /><br /></div><div dir=3D"ltr">What if=
 instead of hash we encrypt with AES and modular add/subs? I cannot prove i=
t; but I also don't see a clear way this is broken.=C2=A0<br /><br />1. Sam=
ple random symmetric key `k`<br />2. Instead of above; AES_k(UTXO_A) + AES_=
k(UTXO_B) - AES_k(UTXO_C) - AES(UTXO_D) =3D=3D 0 =3D&gt;=C2=A0=C2=A0(provin=
g (A=3D=3DC &amp;&amp; B=3D=3DD) || (A=3D=3DD &amp;&amp; B=3D=3DC))?</div><=
/blockquote><div><br /></div><div>AES in CTR mode is, I'm not sure about ot=
her modes? Obviously CTR mode would be unsuitable! (I mean sure modular add=
/sub and xor are different operations but they are quite close).=C2=A0 I th=
ink that in many modes the collision resistance would have to at least be r=
estricted by the birthday bound with the small block size. I think CMC migh=
t be needed to avoid that sort of issue.</div><div><br /></div><div>=C2=A0<=
/div></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/fbf06c5b-57b6-4615-99bb-3a7ea31ebf22n%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
ev/fbf06c5b-57b6-4615-99bb-3a7ea31ebf22n%40googlegroups.com</a>.<br />

------=_Part_114049_1352252162.1746273732107--

------=_Part_114048_2047070228.1746273732107--