-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent second preimage attack #16
Prevent second preimage attack #16
Conversation
Looking good! Do you mind sharing briefly about:
In order to eventually merge and release the new changes, we'd need to document it for users. |
Hi @yosriady. First of all, thanks for the work you put into MerkleTree. In the second preimage attack attacker can leverage the fact that we do not differentiate between nodes and leafs in the following way:
Knowing the hash function and images of leafs: The proposed fix prevents that because now attacker would have to find x such that |
@pgebal Noted 👍 |
hey @yosriady what do you think about merging this? anything else we could do or provide? thanks! |
@InoMurko Looks good. Are there are any breaking changes (e.g. |
@yosriady
So it's not backwards compatible. |
@pgebal Noted, thanks for confirming. I'll publish a new major version in light of these changes. |
The |
No description provided.