A vulnerability in olalonde's implementation of gmaxwell's proof-of-solvency

Bitcoin Forum

April 23, 2024, 09:49:09 PM

Welcome, Guest. Please login or register.

News: Latest Bitcoin Core release: 27.0 [Torrent]

Home

Help

Bitcoin Forum > Bitcoin > Development & Technical Discussion > A vulnerability in olalonde's implementation of gmaxwell's proof-of-solvency

Pages: « 1 [2] All

« previous topic next topic »

Author

Topic: A vulnerability in olalonde's implementation of gmaxwell's proof-of-solvency (Read 2090 times)

charlescharles (OP)

Newbie

Offline

Activity: 11
Merit: 0

Re: A vulnerability in olalonde's implementation of gmaxwell's proof-of-solvency

October 08, 2014, 06:41:57 PM

#21

So we've established that we need nodeC.left.val, nodeC.left.hash, nodeC.right.val, and nodeC.right.hash to verify the integrity of nodeC.val and nodeC.hash. The same logic applies recursively to nodeC.left and nodeC.right: this is why I said that proofs of inclusion now require O(N) space. You ultimately need to know all the leaves.

1713908949

Hero Member

Offline

Posts: 1713908949

Ignore

1713908949

1713908949


	Report to moderator

Even if you use Bitcoin through Tor, the way transactions are handled by the network makes anonymity difficult to achieve. Do not expect your transactions to be anonymous unless you really know what you're doing.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1713908949

Hero Member

Offline

Posts: 1713908949

Ignore

1713908949


	Report to moderator

1713908949

Hero Member

Offline

Posts: 1713908949

Ignore

1713908949


	Report to moderator

1713908949

Hero Member

Offline

Posts: 1713908949

Ignore

1713908949


	Report to moderator

andytoshi

Full Member

Offline

Activity: 179
Merit: 151

-

Re: A vulnerability in olalonde's implementation of gmaxwell's proof-of-solvency

October 08, 2014, 07:12:05 PM

#22

You don't need to verify the integrity of nodeC.left.hash or nodeC.right.hash.

gmaxwell

Moderator
Legendary

Offline

Activity: 4158
Merit: 8382

Re: A vulnerability in olalonde's implementation of gmaxwell's proof-of-solvency

October 08, 2014, 07:35:20 PM

#23

The requirement is that if there is fraud it must be detectable by some user under some path and that they have the ability to create a transferable proof of their detection. You can't achieve stronger than that (e.g. that if there is fraud all users can detect it) under this approach. The criteria is met if you show the unsummed values (as listed on iwilcox page) or just show the one step deep off-path preimage.

Pages: « 1 [2] All

Bitcoin Forum > Bitcoin > Development & Technical Discussion > A vulnerability in olalonde's implementation of gmaxwell's proof-of-solvency

« previous topic next topic »

Jump to: