-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added a test to show a problem with leaf overriding #469
Conversation
You're probably noticing this because of these lines in the SMT update:
In theory, you could override an existing value in storage when However, we must consider that we control how we use SMTs and we don't manufacture any scenario where leaf keys are explicitly set to equal other leaf hashes. In order for this to happen in practice, there would have to be a case where a leaf hash - the 32 byte output of SHA256 - happens to equal another leaf key by chance. And since leaf keys are also 32 bytes, generally also the output SHA256, this means a SHA256 collision would have to happen. I've tested with millions of leaves, and even with millions of leaves I haven't seen a collision. The chances are still very low - that's essentially the promise of cryptographic hash functions. What is more interesting is this: Given the fact that we have an address space of 256 bits, we have (at most) 2^256 leaves. We also have (at most) 2^256 - 1 internal nodes. This means we have 2^257 - 1 total nodes sharing an address space of 256 bits. This represents another area of possible collisions. But again, in practice, this has yet to happen, even with millions of leaves. However, it's arguable that there is still risk, since the chance is still nonzero. To mitigate these risks, I think we could separate storage for internal and leaf nodes. |
Interesting - if a user can set the key, then there is potential for a malicious insert. I don't know enough about how/where the keys are created, but if that is a possibility, we can mitigate that by separating leaves and nodes. Additionally, do we need to allow users to set their own keys? Allowing direct user input into storage already sounds suspicious. What if we simply hash their input? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice find @xgreenx
@bvrooman It seems I found a bug=( We use the same storage for leafs and nodes, it means the node can override the leaf that hash
leaf_key == node_hash