Replies: 4 comments 1 reply
-
Apparently, since our current approach of XORing hashes (or Multiset Hashing) is prone to birthday paradox vulnerability, we need to replace it with something similar but resistant to birthday paradox attacks. Currently, the proposed solutions are -
While Sparse Merkle Tree is like a Merkle tree which is sparse, the algorithm of Incremental Hashing is rather simple New Hash = HASHalg( Old Hash || New Value). In order to make an informed decision, several factors for existing and two proposed solutions need to be compared. The following table gives a gist of the comparison.
*Legends: NE - Number of Elements, NC - Number of Changes ToDos:
|
Beta Was this translation helpful? Give feedback.
-
Just for information's sake, I went through the Verkle Tree concept. The promise of this is the proofs are compact compared to Patricia Trie. The proofs and intermediate nodes are constructed using certain polynomial functions (still not clear). So the drawback of this is, it takes a little more time to create and edit the Verkle Tree (with my basic understanding). So, even if the Proof of Presence can be quicker than Sparse Merkle Tree, for other operations like Insertion, Deletion, etc., it might be heavier. |
Beta Was this translation helpful? Give feedback.
-
Sorry I forgot yesterday to upload the presentation I did along with the benchmark results: smt.pdf |
Beta Was this translation helpful? Give feedback.
-
After further study with Seb, there is a way to make the XOR secure against the algorithm we mentioned. So if we want a 128 bit security (the same as the one of 256bit hash collisions) we need to increase the hash size to |
Beta Was this translation helpful? Give feedback.
-
Problem
XORing 256 bit item hashes to compute the hash of a list of items is vulnerable: people are able to generate lists of elements that have a zero hash.
https://www.iacr.org/archive/crypto2002/24420288/24420288.pdf
Sparse Merkle Trees
Maybe a Sparse Merkle Tree is the way to go ? Efficient insertion/deletion on sorted entries, efficient proofs of existence but also (unlike merkle trees) efficient proof of absence !
Intros:
https://medium.com/@kelvinfichter/whats-a-sparse-merkle-tree-acda70aeb837
https://medium.com/newcryptoblock/sparse-merkle-tree-introduction-a267f3a29223
http://www.links.org/files/RevocationTransparency.pdf
Some crates to explore :
https://diem.github.io/diem/diem_jellyfish_merkle/index.html
https://github.com/y-pakorn/cw-merkle-tree
https://docs.rs/lsmtree/latest/lsmtree/
https://docs.rs/sparse-merkle-tree/latest/sparse_merkle_tree/
https://docs.rs/monotree/latest/monotree/ => Looks really cool: out of the box blake3 and rocksdb support !
Beta Was this translation helpful? Give feedback.
All reactions