lucash.dev on Nostr: Some cryptographic structures are so simple to implement — and so often implemented ...
Some cryptographic structures are so simple to implement — and so often implemented in very specialized ways — that you might not be worse off just writing one yourself.
I don’t recommend ever reusing a Merkle Tree implementation outside of its narrow original use case — unless you thoroughly review the implementation.
Most Merkle Tree implementations I’ve seen are either broken or one tiny change or assumption away from being completely broken.
Bitcoin’s implementation is a famous case.
But there are others.
Seen plenty of vulnerabilities in the wild.
Every novel use case for cryptography is dangerous.
Don’t assume yours is safe just because you copied it’s parts from someone else.
Published at
2023-03-08 19:39:37Event JSON
{
"id": "003794e5291b6437bdee5e2c5dd88769f153ab1129251953c8d90007d91aa1b8",
"pubkey": "82d70f9685eabec271201bacd1fc1941e9686a9bf2b686c381a5b662f60002b1",
"created_at": 1678304377,
"kind": 1,
"tags": [],
"content": "Some cryptographic structures are so simple to implement — and so often implemented in very specialized ways — that you might not be worse off just writing one yourself.\n\nI don’t recommend ever reusing a Merkle Tree implementation outside of its narrow original use case — unless you thoroughly review the implementation.\n\nMost Merkle Tree implementations I’ve seen are either broken or one tiny change or assumption away from being completely broken.\n\nBitcoin’s implementation is a famous case.\n\nBut there are others.\n\nSeen plenty of vulnerabilities in the wild.\n\nEvery novel use case for cryptography is dangerous. \n\nDon’t assume yours is safe just because you copied it’s parts from someone else.",
"sig": "884cc126d0d9dd19bf19af6f15ff3f59ccce34f7dfc72c3e805353354011c7a57c619d967c352b869f4f42729cff506d06e8d4c51bbdd39ab625ed379c3a81bf"
}