|
Title: Why do we need double hashing in a Merkle tree? Post by: fevirfevir on August 13, 2015, 11:32:33 AM Hi,
In Bitcoin, the Merkle tree created from all transactions contains nodes that represent a double hash of each transaction: N = SHA256(SHA256(tx0) What's the point of doing so? Can't we just do a N = SHA256(tx0)? Thanks. Title: Re: Why do we need double hashing in a Merkle tree? Post by: Kazimir on August 13, 2015, 11:36:09 AM Any hash would do, and Sha256(Sha256(x)) can also be considered "just a hash".
I assume Satoshi chose this double Sha256 (also called "Sha256d") just in case a future possible vulnerability is discovered with Sha256. It would give us more time to switch to something else (like Sha3). Title: Re: Why do we need double hashing in a Merkle tree? Post by: fevirfevir on August 13, 2015, 11:49:02 AM Thanks for your answer. I was thinking along the same lines, that it's somewhat of a security measure.
But if there would be a flaw in SHA256, wouldn't that impact both SHA256d hashed transactions, pretty much the same as SHA256 hashed transactions? It would of course depend on the flaw found, but reasoning that Satoshi choose this as a security measure, we're talking delay here. Just wondering if the choice for SHA256d is a functional decision, like speed improvement. Title: Re: Why do we need double hashing in a Merkle tree? Post by: Kazimir on August 13, 2015, 12:41:50 PM Not every kind of Sha256 vulnerability would also apply on Sha256d. So I guess it's for security.
Still, I would rather have seen something like Sha256(x+Sha256(x)) instead of just Sha256(Sha256(x)). But either way, it's fine. |