Author: Bram Cohen 2018-06-07 21:15:35
Published on: 2018-06-07T21:15:35+00:00
The Bitcoin merkle tree algorithm fails to distinguish between inner nodes and 64 byte transactions as both are hashed the same way. This can create a problem for inclusion proofs if a miner could create a transaction that committed to a transaction not in the blockchain. However, Peter Todd has proposed a solution for this vulnerability by storing the depth of the merkle tree in the block header database. This will allow for safe verification of tx inclusion proofs without a soft-fork. Lite client verification without a trusted source of known-valid headers is dangerous anyway, so this protection makes for a fairly simple addition to any lite client protocol. Peter Todd also discusses the Brute Force Cost Assuming a Valid Tx. He suggests that an attacker can have free choices of fields such as prevhash, prev_n, seq, nValue, pubk, and nLockTime, which can be fully brute-forcible or attainable with limited brute force. Additionally, inflation control can make brute-force trivial. There may exist crypto-currencies for which this brute-force is much easier than it is on Bitcoin.
Updated on: 2023-06-13T03:15:25.345985+00:00