-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why use 16-byte truncated hashes? #7
Comments
@prestwich it seems the Merkle Tree is used to proof ethash PoW validity. While bruteforcing merkle tree costs more than Ethereum PoW it is not an issue. |
Sure, but then you should clearly make the argument that this merkle tree is not critical to the security of the verifier |
@prestwich agree |
It seems also that current difficulty it about 2^51, so we have time until network difficulty will grow in 2^13 times (8192). |
It breaks the security in a 2 hours delay. However, in the production environment, the hash should be at least 128 bits collision resistance. The current version I have in this repo is actually for a PoC (experiments) and it is pretty easy to change it in the code. Another note: If someone wants to apply the preimage attack (eg. they have an ideal hash and need to find another element to produce the same hash), the resistance is still |
Generally, sha2 has
2^(len/2)
bits of collision resistance. So truncating to 128 bit digests gives only 64 bits of collision resistance. This means your commitments can be collided in ~2 hours on a modern GPU. How does this affect the security of the verifier?The text was updated successfully, but these errors were encountered: