emilbayes
commented
5 years ago Conversely, a malicious writer can deny a link, saying it was created by some other actor in bad faith
Open emilbayes opened 5 years ago
emilbayes
commented
5 years ago Conversely, a malicious writer can deny a link, saying it was created by some other actor in bad faith
Here's an attack where I can try to convince another peer that the writer is a liar, even though they aren't.
Since a strong link is a tuple of
(key, seq, tree hash), I can create a different merkle tree for a givenseqand present that as a strong link to another peer. If that peer chooses to believe that link, they may believe that the hypercore they are looking at, is in fact a fork. This is because nothing in the link proves that a given tree hash was definitely part of the hypercore at some point. If the signature for the tree hash is also included, then the link has non-repudiation, meaning that the writer definitely had the block written at some point, since only the writer has access to the signing private key (basic assumption of hypercore)