Author: Peter Todd 2017-05-29 16:10:59
Published on: 2017-05-29T16:10:59+00:00
In a discussion about the security of SHA-256 compression function with chosen initial values in pruned trees, Russell O'Connor put forth a proposal that involved putting the hash of tags into Sha256Compress's first argument. He suggested that this would salvage part of the proposal and avoid the need for SHA256's padding. Peter Todd responded to this by pointing out that what O'Connor proposed was almost the same as using SHA256 directly. However, Todd advised against depending on tags being unique, as it can be challenging to ensure this uniqueness across different systems and could lead to collisions between the sha256 and merkleroot functions. Todd's newer rust-proofmarshal work commitments are only valid for a specific type, and he uses blake2b, which is faster than SHA256 and processes up to 128 bytes of message on each invocation; this hashing algorithm has a large enough block size to fit most use-cases into a single block.
Updated on: 2023-06-12T01:07:15.138219+00:00