[bitcoin-dev] Fraud proofs for block size/weight

Matt Corallo lf-lists at mattcorallo.com
Tue Mar 28 22:35:05 UTC 2017

I dont think thats true? Sure, you have to assume the block is valid
aside from a too-large size, but it seems sane.

You don't strictly need to show that a leaf is a parseable transaction,
as long as you can assume that the block is valid and that you cannot
forge a SHA256 midstate which, when combined with data with a given
length tag, would result in a hash of a given value (this is a pretty
strong assumption, IMO, IIRC this was not a studied nor a claimed
feature of SHA256).

The only issue is that, since parts of the merkle tree are repeated, you
need to be sure that the counting for minimum number of transactions is
accurate, though I did not review your proposal text to check that.

On 03/25/17 05:16, Luke Dashjr wrote:
 - snip -
> The only way to establish the number of transactions at all, is to show that a 
> leaf is a parsable transaction. Which this doesn't actually show, so it's 
> broken. :( Need to think on this. Any ideas? :/
> Luke

More information about the bitcoin-dev mailing list