Feed for tag: leaf-node-weakness
A Change to the MERKLEBLOCK command to protect from Leaf-Node weakness

We covered recently the Leaf-Node weakness and the different proposals that were discussed to address it.

Sergio Demian Lerner, from the RSK team and one of the participants in the discussion, went on presenting his idea for a new fix on his blog.

Recently a fix to the Bitcoin Merkle tree design weakness in the RSK’s bridge was built by making invalid SPV proofs whose internal hashes are valid Bitcoin transaction. While this solves the problem, it is by no means a “clean” solution: it creates false-negative cases (with very low probability) and it reduces verification efficiency.

CVE-2017-12842: Trusted Merkle Tree Depth for Safe Tx Inclusion Proofs Without a Soft Fork
Recently a weakness in the merkle tree algorithm of Bitcoin, called Leaf-Node weakness was discussed during a responsible discolsure. It’s been known for a while that the Merkle tree algorithm fails to distinguish between inner nodes and a 64 byte transaction, as inner nodes of the merkle tree are constructed by concatenation of two 32 byte SHA256'd hashes.