学习笔记
性质
https://www.cnblogs.com/Hahahang/p/11815401.html
-
基本性质
- 摘要性
- 输出很短的信息,定长输出
- 计算容易
- 适用于任意长度输入(可以将输入分组)
- 摘要性
-
安全性质
- 抗原象
- 单向函数:不可推导出原象
- 抗第二原象
- 对于更定一个原象,无法找到另一个原象使得两个hash值相同
- 抗碰撞
- 无法找到两个原象的hash值相同
- 抗原象
-
MD5 一个hash函数,但被证明不抗碰撞
-
Sha3/sha256现在blockchain中通用的hash函数
随机语言机
随机预言机是一种散列函数,我们可以把它理解为完美的散列函数:要求结果随机且均匀分布
- 一致性:对于相同的输入,其输出必然相同;
- 可计算性:输出的计算可以在多项式时间内完成;
- 均匀分布性:预言机的输出在取值空间内均匀分布,无碰撞。
在随机预言机模型中,假定敌手不会利用散列函数的弱点来攻击密码学方案。
校验和
弱化的hash函数,用于防止传输和存储中的异常错误,不能防止恶意攻击。
cyclic redundancy check (CRC) or Checksum
for error detection and correction code commonly used in digital Telecommunications networks and storage devices to detect accidental changes to raw data
扩展
Hash
- 验证数据完整性
Hash list
https://en.bitcoinwiki.org/wiki/Hash_list
- 方便验证大数据完整性
- 避免因为数据出错,而重新获取所以数据,在hash list方案下只需要获取出错的数据块即可。
- BitTorrent中使用了hash list。
- 避免因为数据出错,而重新获取所以数据,在hash list方案下只需要获取出错的数据块即可。
Hash chain
https://en.bitcoinwiki.org/wiki/Hash_chain
- 通过多次连续求hash,产生hash chain,可以用于password protection中产生one time key
Hash tree / Merkle tree
https://en.bitcoinwiki.org/wiki/Merkle_tree
- 方便存在性证明
- Merkle tree, inclusive proof, exclusion proof in bitcoin
- https://blog.csdn.net/shangsongwww/article/details/85339243
- 应用
- 多重一次签名:一次签名大量认证
https://baijiahao.baidu.com/s?id=1610206426480840018&wfr=spider&for=pc
- 多重一次签名:一次签名大量认证
- Attacks
- Second preimage attack: merkle tree does not indicate the depth. From https://en.bitcoinwiki.org/wiki/Merkle_tree
Add flag to node hash, x00 or x01
- Second preimage attack: merkle tree does not indicate the depth. From https://en.bitcoinwiki.org/wiki/Merkle_tree
Hash, hash list, hash tree
https://blog.csdn.net/wo541075754/article/details/54632929
Application of merkle tree
https://blog.csdn.net/wo541075754/article/details/54632929
Basic merkle tree is only efficient for leaf repleacements and appending to the end of the tree. But not efficient insertions and deletions in the middle.
- Update/append
- Inclusion proof
https://crypto.stackexchange.com/questions/22669/merkle-hash-tree-updates
So, there are some other variant of merkle tree
- Tire tree + Hash tree: merkle patricia tree: key, value
○ Insert(no order)/delete/update/search
○ Inclusion proof and exclusion proof - Spare merkle tree: key, value
○ Insert(no order)/delete/update/searsh
○ Inclusion proof and exclusion proof - Other balance tree + hash tree
○ Insert(keep order)/delete/update/search
○ Inclusion proof and exclusion proof - Indexed merkle tree proposed by me: add index in the leaf hash operations
○ Update/append
○ Inclusion proof and exclusion proof
Tire tree, patricia tree, and merkle patricia tree
- Leaf node
- Extension node
- Branch node
- Null node
A good picture of merkle patricia tree
https://blog.csdn.net/qq_33935254/article/details/55505472
Ethereum explain
https://github.com/ethereum/wiki/wiki/Patricia-Tree
Sparse merkle tree
A sparse Merkle tree is like a standard Merkle tree, except the contained data is indexed, and each datapoint is placed at the leaf that corresponds to that datapoint’s index.
From https://medium.com/@kelvinfichter/whats-a-sparse-merkle-tree-acda70aeb837
A sparse Merkle tree relies on two key principles. The first being zero hashes and the second is that leafs are inserted in numeric order by index.
From https://medium.com/@josephdelong/ethereum-2-0-deposit-merkle-tree-13ec8404ca4f
https://medium.com/newcryptoblock/sparse-merkle-tree-introduction-a267f3a29223
https://medium.com/@ouvrard.pierre.alain/sparse-merkle-tree-86e6e2fc26da
Many poc implementaion of SMT
https://medium.com/@ouvrard.pierre.alain/sparse-merkle-tree-86e6e2fc26da
Optimize SMT with MPT
https://ethresear.ch/t/optimizing-sparse-merkle-trees/3751
Implementation of libra:SMT similar to MPT
https://github.com/libra/libra/blob/master/storage
https://zhuanlan.zhihu.com/p/79949990
SMT in eth2.0
https://github.com/ethereum/deposit_contract