diff --git a/README.md b/README.md index 9b105fb..9110e4b 100644 --- a/README.md +++ b/README.md @@ -305,23 +305,18 @@ const verified = tree.verify(proof, leaves[2], root) * * * - - - - # Test ```bash npm test ``` +# Notes + +As is, this implemenation is vulnerable to a [second pre-image attack](https://en.wikipedia.org/wiki/Merkle_tree#Second_preimage_attack). Use a difference hashing algorithm function for leaves and nodes so that `H(x) != H'(x)`. + +As is, this implementation is also vulnerable to a forgery attack for an unbalanced tree, where the last leaf node can be duplicated to create an artificial balanced tree, resulting in the same Merkle root hash. Do not accept unbalanced tree to prevent this. + # Resources - [Bitcoin mining the hard way: the algorithms, protocols, and bytes](http://www.righto.com/2014/02/bitcoin-mining-hard-way-algorithms.html) @@ -334,6 +329,8 @@ npm test - [Why aren't Solidity sha3 hashes not matching what other sha3 libraries produce?](https://ethereum.stackexchange.com/questions/559/why-arent-solidity-sha3-hashes-not-matching-what-other-sha3-libraries-produce) +- [What is the purpose of using different hash functions for the leaves and internals of a hash tree?](https://crypto.stackexchange.com/questions/2106/what-is-the-purpose-of-using-different-hash-functions-for-the-leaves-and-interna) + # License MIT diff --git a/package.json b/package.json index 760e028..bf862db 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "m-tree", - "version": "0.0.2", + "version": "0.0.3", "description": "merkle-tree Filter algorithm in JavaScript.", "main": "index.js", "directories": {