Author: Johnson Lau 2017-09-12 11:44:48
Published on: 2017-09-12T11:44:48+00:00
A potential attack on Bitcoin's hash trees was discussed on the bitcoin-dev mailing list by Mark Friedenbach. The attack involves creating a script less than 55 bytes in length where nearly all the first 32 bytes are selected by the attacker, yet the script still appears safe to the counter-party. Friedenbach presented two possible scripts, including one that requires grinding 96 bits. To prevent such attacks, Friedenbach suggested modifying the scheme to use a different initialization vector (IV) for hash tree updates. A user in the mailing list responded with an example of a MAST branch that requires just a few bytes of collision, indicating that the attack may not be as difficult as initially thought.
Updated on: 2023-05-20T03:53:07.758935+00:00