Author: Mark Friedenbach 2017-09-07 02:20:06
Published on: 2017-09-07T02:20:06+00:00
The context discusses the design of fast Merkle trees, which intentionally does not distinguish between leaf nodes and internal nodes to allow validation of paths longer than 32 branches. However, Russell O'Connor points out a vulnerability due to this lack of distinction, where a phony right-hand branch claiming to have hash value 0x80000..0000100 can be created to claim a leaf node as an internal node. O'Connor suggests using a fixed IV value for the fast hash of internal nodes, such as the SHA-256 hash of a fixed string like "BIP ? ??" or "Fast SHA-256". Mark Friedenbach introduced the concept of fast Merkle trees in a Bitcoin Improvement Proposal (BIP) and provided code on GitHub.
Updated on: 2023-06-12T18:33:28.165646+00:00