Is this implementation safe against second preimage attacks?

Tierion / pymerkletools

Python tools for creating Merkle trees, generating Merkle proofs, and verification of Merkle proofs

MIT License

166 stars 53 forks source link

Is this implementation safe against second preimage attacks? #13

Open void4 opened 6 years ago

void4 commented 6 years ago

https://flawed.net.nz/2018/02/21/attacking-merkle-trees-with-a-second-preimage-attack/

https://en.wikipedia.org/wiki/Merkle_tree#Second_preimage_attack

LucaPaterlini commented 5 years ago

https://github.com/Tierion/pymerkletools/issues/16

andreaskern commented 5 years ago

Yes, but!

add_leaf() should per default apply a hash to the value, even if it is a list

so instead of add_leaf(value, do_hash) it should really be add_leaf(value, do_not_hash)

if you don't hash the leaf of a merkle tree you are not applying the correct merkle tree algorithm.

or even better add add_node(hash), make add_node([hash]) illegal, make a add_nodes([hash]), make add_leaf() always apply hash to the value, make add_leaves([value]) map the hash function over the list first.

andreaskern commented 5 years ago

After Re Reading the attack it should be possible.

So it is not safe.

void4 commented 5 years ago

Can you add a note about this in the README?

jdbertron commented 1 year ago

This is from 2018 and still not fixed. Any chance you'll fix this with a 0x00 prefix for leaves and a 0x01 prefix for branches ?