Two Attacks on Naive Tree Hashes
a year ago
- #Tree Hash
- #Security
- #Cryptography
- Naive recursive tree hashes based on SHA-3 can be vulnerable to attacks if not properly structured.
- Two main security issues identified: collision resistance and length extension vulnerabilities.
- Collision occurs when two different inputs produce the same hash, demonstrated with `tree_hash`.
- Length extension allows computing the hash of an extended input without knowing the original input.
- Solutions include differentiating leaf and parent hashes and root vs. non-root hashes using prefixes or suffixes.
- Modified `tree_hash` function introduced to mitigate these vulnerabilities by adding context-specific suffixes.
- References provided for further reading on secure tree hashing modes.