Author: Russell O'Connor 2017-09-07 01:59:54
Published on: 2017-09-07T01:59:54+00:00
The issue with the fast hash for internal nodes is that it needs to use an IV that is not the standard SHA-256 IV. Instead, it needs to use some other fixed value, which should itself be the SHA-256 hash of some fixed string such as "BIP ? ??" or "Fast SHA-256". Currently, someone can claim a leaf node as an internal node by creating a proof that provides a phony right-hand branch claiming to have hash 0x80000..0000100, which is really the padding value for the second half of a double SHA-256 hash. Peter Todd had previously schooled the author on a similar issue in the past. The proposed solution can be found in the Fast Merkle Trees BIP and code provided in the links.
Updated on: 2023-06-12T18:32:44.127278+00:00