Author: Jeremy Spilman 2014-02-05 07:57:36
Published on: 2014-02-05T07:57:36+00:00
The Merkle tree is used for checking if a node was present in the tree or not. By hashing, it becomes hard for an attacker to produce the expected top value, and thus the authenticity of the node can be verified. However, if the hash function is XOR, it becomes easy for an attacker to claim any value they want was in the tree. The attacker just needs to pick the fake value they want to claim as a leaf node, choose some random values to fake the depth in the tree, calculate the last value as 'Prev(x) Top', and their victim will get the top value they expected. In response to Natanael's comment that XOR is a bad digest scheme because it's trivial to create collisions, Peter Todd explains that in the case of a Merkle tree where data is timestamped at the bottom, it's easy for an attacker to make a fake timestamp if the tree is using XOR instead of a proper hash function.
Updated on: 2023-06-08T02:20:30.687875+00:00