Bitcoin Forum
September 14, 2025, 02:18:16 PM *
News: Latest Bitcoin Core release: 29.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > A vulnerability in olalonde's implementation of gmaxwell's proof-of-solvency
Pages: « 1 [2]  All
« previous topic next topic »
  Print  
Author Topic: A vulnerability in olalonde's implementation of gmaxwell's proof-of-solvency  (Read 2168 times)
charlescharles (OP)
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
October 08, 2014, 06:41:57 PM
 #21
So we've established that we need nodeC.left.val, nodeC.left.hash, nodeC.right.val, and nodeC.right.hash to verify the integrity of nodeC.val and nodeC.hash. The same logic applies recursively to nodeC.left and nodeC.right: this is why I said that proofs of inclusion now require O(N) space. You ultimately need to know all the leaves.
andytoshi
Full Member
***
Offline Offline

Activity: 179
Merit: 162

-


View Profile
October 08, 2014, 07:12:05 PM
 #22
You don't need to verify the integrity of nodeC.left.hash or nodeC.right.hash.
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4508
Merit: 9765



View Profile WWW
October 08, 2014, 07:35:20 PM
 #23
The requirement is that if there is fraud it must be detectable by some user under some path and that they have the ability to create a transferable proof of their detection. You can't achieve stronger than that (e.g. that if there is fraud all users can detect it) under this approach.  The criteria is met if you show the unsummed values (as listed on iwilcox page) or just show the one step deep off-path preimage.
Pages: « 1 [2]  All
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > A vulnerability in olalonde's implementation of gmaxwell's proof-of-solvency
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!