Author: Peter Todd 2017-05-28 08:26:24
Published on: 2017-05-28T08:26:24+00:00
Russell O'Connor, a member of the Bitcoin community, brought up a point about the SHA256 compression function. He stated that only the second argument of the function is applied to the SHA256 expander and that the first argument, `merkleRoot`, is designed to ensure that it is only fed some output of the SHA256 compression function. The output of the `merkleRoot` function is always the midstate of some SHA256 hash, which can be proven by separating the `sha256` function into the padding step and the recursive hashing step. However, this does not apply to pruned trees as the left merkleRoot cannot be guaranteed to be a midstate of a genuine SHA256 hash, making pruning difficult to use.
Updated on: 2023-06-12T01:07:07.514005+00:00