1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
Return-Path: <roconnor@blockstream.io>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 9DE22B4B
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 7 Sep 2017 02:00:16 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-vk0-f47.google.com (mail-vk0-f47.google.com
[209.85.213.47])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 29A48127
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 7 Sep 2017 02:00:16 +0000 (UTC)
Received: by mail-vk0-f47.google.com with SMTP id c82so7326136vkd.4
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 06 Sep 2017 19:00:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=blockstream-io.20150623.gappssmtp.com; s=20150623;
h=mime-version:from:date:message-id:subject:to;
bh=VWfmxZDtjon43OlFu0GNSn3O730dRpCCia3H488ZOvs=;
b=M5Bnqpxq6xWs6EP7gpvdY1GMh+Dq3uDhHa75rum+9J6hrCXEJL8zFxO5zCepILe7pe
fAhpKauCXtY450+yf+0xkoasfUh30QOJYaDlJ/HXtFDNz8RbTubn75ibmMU2gnFln4Z2
7adHT2wRZN4Tp9Xr35PUeH5rAP/JTGQ/cl/ZAYoA98wlc7n2hGQtksId2urv9lqBrx3t
A7JgecOtDLx4j2lpKsd/bKNnvl+dIowuzV+tc+To3U/R5K9gc1QbF4SOmQIvYCRW8HZc
5hQyP9U3qm0CTz7na9neWXq8Hai12ENtPYeltDU4K/y/nw7J8f2smYxb/RkhMsLb+I7V
cGJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=VWfmxZDtjon43OlFu0GNSn3O730dRpCCia3H488ZOvs=;
b=mE02wPZE66GXSP/rDTRpjIuzUgHriHAacfSXMbSBagx95JcnnwzrCX7ruuXfHGG7ny
0QikT35NgVXHkfZ073106UMRWqFJKbLLKN9ve+hy2c9DeCof6QZWCk1OolgSHDuzP2+c
5pnbx2xDMQQtBj68zjXQsXNXcEvW6TyS3D2DttsY3SQHbaPoJTg3i0wxyeWqT951aB+T
DB5fO8hvVWFhD8UOIZM2vPGatLFvpwM12YHcHbvUUFpQaIh5DEYO9CYaFKdGy4LW6mmf
2Mu8ZMff35ELthjTMgVJE3DYQoSBPt9f9lizN/GLIPYx+OmNWLvJuG9V9ZDmd8ywHchH
+1gw==
X-Gm-Message-State: AHPjjUjyVrvWwUhB3GlpH/EmuRdWAPiXZXs8ZfxPi+TGFP8JOr44E0AP
+MbQaBrX432Ehtxxp8AZfR8PQYofHl77
X-Google-Smtp-Source: ADKCNb5PqaA4ahPb18TOrXKONG8UKeNjyJFvi2iwxD0PSh1bH0QvpswGNYlWCXA5EZPT+gX6YV2CLjm10WwjXPpl8Ss=
X-Received: by 10.31.189.134 with SMTP id n128mr580991vkf.11.1504749615209;
Wed, 06 Sep 2017 19:00:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.90.142 with HTTP; Wed, 6 Sep 2017 18:59:54 -0700 (PDT)
From: "Russell O'Connor" <roconnor@blockstream.io>
Date: Wed, 6 Sep 2017 21:59:54 -0400
Message-ID: <CAMZUoKmD4v4vn9L=kdyJNk-km3XHpNVkD_tmS+SseMsf6YaVPg@mail.gmail.com>
To: Mark Friedenbach <mark@friedenbach.org>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="001a114db88c4a779c05588fd215"
X-Spam-Status: No, score=0.5 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM autolearn=disabled
version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Fast Merkle Trees
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2017 02:00:16 -0000
--001a114db88c4a779c05588fd215
Content-Type: text/plain; charset="UTF-8"
The fast hash for internal nodes needs to use an IV that is not the
standard SHA-256 IV. Instead needs to use some other fixed value, which
should itself be the SHA-256 hash of some fixed string (e.g. the string
"BIP ???" or "Fash SHA-256").
As it stands, I believe someone can claim a leaf node as an internal node
by creating a proof that provides a phony right-hand branch claiming to
have hash 0x80000..0000100 (which is really the padding value for the
second half of a double SHA-256 hash).
(I was schooled by Peter Todd by a similar issue in the past.)
On Wed, Sep 6, 2017 at 8:38 PM, Mark Friedenbach via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Fast Merkle Trees
> BIP: https://gist.github.com/maaku/41b0054de0731321d23e9da90ba4ee0a
> Code: https://github.com/maaku/bitcoin/tree/fast-merkle-tree
>
--001a114db88c4a779c05588fd215
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div>The fast hash for internal nodes needs to use an=
IV that is not the standard SHA-256 IV. Instead needs to use some other fi=
xed value, which should itself be the SHA-256 hash of some fixed string (e.=
g. the string "BIP ???" or "Fash SHA-256").<br><br></di=
v>As it stands, I believe someone can claim a leaf node as an internal node=
by creating a proof that provides a phony right-hand branch claiming to ha=
ve hash 0x80000..0000100 (which is really the padding value for the second =
half of a double SHA-256 hash).<br><br></div>(I was schooled by Peter Todd =
by a similar issue in the past.)<br><div><div><div><div><div><div><div clas=
s=3D"gmail_extra"><br><div class=3D"gmail_quote">On Wed, Sep 6, 2017 at 8:3=
8 PM, Mark Friedenbach via bitcoin-dev <span dir=3D"ltr"><<a href=3D"mai=
lto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin-dev@li=
sts.linuxfoundation.org</a>></span> wrote:<br><blockquote class=3D"gmail=
_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:=
1ex">
Fast Merkle Trees<br>
BIP: <a href=3D"https://gist.github.com/maaku/41b0054de0731321d23e9da90ba4e=
e0a" rel=3D"noreferrer" target=3D"_blank">https://gist.github.com/maaku/<wb=
r>41b0054de0731321d23e9da90ba4ee<wbr>0a</a><br>
Code: <a href=3D"https://github.com/maaku/bitcoin/tree/fast-merkle-tree" re=
l=3D"noreferrer" target=3D"_blank">https://github.com/maaku/<wbr>bitcoin/tr=
ee/fast-merkle-tree</a><br></blockquote></div></div></div></div></div></div=
></div></div></div>
--001a114db88c4a779c05588fd215--
|
