Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite MerkleTreeNode merging rule #157

Closed
DmiSergeev opened this issue Sep 9, 2018 · 1 comment
Closed

Rewrite MerkleTreeNode merging rule #157

DmiSergeev opened this issue Sep 9, 2018 · 1 comment
Labels
enhancement refactoring type: refactoring

Comments

@DmiSergeev
Copy link
Contributor

DmiSergeev commented Sep 9, 2018
edited
Loading

Motivation

Future work for a better merkelized storage is planned in #156. This is relatively large work. Before we do that we would still face problems with an existing implementation of Merkle hash merging:

  • Two merging rules are provided, one is mostly for debugging purposes.
  • The current implementation is potentially vulnerable to 2nd preimage attack: different combinations of merging hashes produce the same digest function input. (While it is impossible for the current implementation because the lengths of the merged hashes are always the same, these lengths are not validated.)

These problems would not require huge efforts to resolve them so they might be resolved prior to #156.

Proposed change

  • To leave the only one merging rule.
  • To rewrite hash merging either validating the lengths or prepending the hashes with the lengths, thus preventing the most straightforward 2nd preimage attack scenario.
@folex folex added the refactoring type: refactoring label Feb 12, 2019
@alari
Copy link
Member

alari commented Feb 12, 2019

Closed as obsolete

@alari alari closed this as completed Feb 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement refactoring type: refactoring
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alari @folex @DmiSergeev