Author: Russell O'Connor 2017-06-01 15:10:56
Published on: 2017-06-01T15:10:56+00:00
In an email thread, Peter Todd and Russell O'Connor discuss a proposal for the Merkle tree data structure. O'Connor suggests using the hash of tags in Sha256Compress's first argument to avoid the need for SHA256's padding, while still maintaining the Merkle-Damgård property. Todd points out that this is similar to using SHA256 directly, and suggests computing the midstate sha256Compress(IV, t) rather than sha256(t). They also discuss the idea of using safe tags to avoid collisions between the Sha256 and MerkleRoot functions, but Todd argues that depending on tags being unique is a "footgun", as two different systems could end up using the same tag due to designers forgetting to create new tags while copying and pasting old code. Ultimately, Todd concludes that if a system is designed where collisions don't matter, then collisions between the sha256 and merkleroot functions won't matter either. O'Connor admits that he was looking to add the property mostly because it was free to do with his original design when the set of tags was small and could make some applications more robust and/or easier to debug.
Updated on: 2023-06-12T01:06:54.629662+00:00