Author: Mark Friedenbach 2013-11-04 19:53:05
Published on: 2013-11-04T19:53:05+00:00
Mike Hearn suggests that the data stored in the coinbase output can always be just the 256-bit root hash truncated to less. However, if merged mining is done, the bits make a difference. In order to have 128 bits of security for merged mined aux chains, 256 bits of hash are needed in the coinbase. This is because the birthday attack can be used to construct two data trees whose hash match the (truncated) value, each containing separate aux block headers. This allows for double-counting the bitcoin PoW for more than one aux block on the same chain, potentially facilitating aux chain attacks.
Updated on: 2023-06-07T19:16:54.296287+00:00