Author: Brooks Boyd 2014-02-05 15:09:31
Published on: 2014-02-05T15:09:31+00:00
The discussion revolves around the use of XOR in a Merkle Tree to timestamp data at the bottom of the tree. While it is possible to successfully timestamp the top digest in the Bitcoin blockchain, there are concerns about the digests at the bottom of the tree. The problem arises because an attacker can create arbitrary values that XOR together into the root hash of the tree, and claim that a particular value is part of the tree by providing its sibling. To illustrate this, a tree with five levels is provided, where G is the root hash and A is the legitimate data included in the tree. An attacker could make up an arbitrary set of values that XOR together into G and claim that Z is part of the tree by providing Y. However, if A is also trying to prove that it is part of G, then one of the two users is lying, and the deceit is obvious.To make the attack more convincing, the attacker can work off of the lowest branch provided by A in its verification and create fake data such that it can claim that Z is part of G by supplying Y, C, and F. Since G was verified by timestamp, it appears that Z existed before that timestamp, when in reality, it could be added at any time by calculating Z XOR D.
Updated on: 2023-06-08T02:18:23.524844+00:00