Author: Peter Todd 2017-02-23 01:26:11
Published on: 2017-02-23T01:26:11+00:00
In a recent discussion on bitcoin-dev, Bram Cohen proposed a use-case specific concept called 'generalized commitment' for reducing the amount of hashing required. The proposal suggests that when one side of a node is empty and the other contains exactly two things, the secure hash of the child is adopted verbatim rather than rehashing it. According to Cohen, this can roughly halve the amount of hashing done and make it more resistant to malicious data, although it comes at the cost of some extra complexity. Cohen explains that a commitment scheme needs only have the property that it's not feasible to find two messages that map to the same commitment, although it is not required that it be difficult to find the message given the commitment. He suggests that it may be reasonable to design a scheme such that the commitment to short messages is the message itself, which adds just a single bit of data to the minimum serialized size of the commitment. This could lead to overall savings in situations where sub-digest-sized messages are common. Another advantage of this approach, according to Cohen, is that the scheme becomes more user-friendly because programmers will notice when a commitment is not effectively hiding the message. If message privacy is required, an explicit nonce should be implemented instead of relying on the data to not be brute-forcable. Finally, Cohen notes that he is increasingly considering bit-granularity serialization schemes for these types of systems.
Updated on: 2023-06-11T21:46:07.625476+00:00