Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This changes quite a few things and make the proof verification
slightly more complicated, but overall remains manageable. This change
is however necessary to prevent one from including entire sub-trees in
one go by making look like a _value_; thus resulting in multiple trees
with the same root hash.
So for example, one could construct the following tree:
```
╔═══════════════════════════════════════════════════════════════════╗
║ #f6ee5ad5391e966a7e0f24465d98ab5df2596e5987f189b67479d271b6e938a7 ║
╚═══════════════════════════════════════════════════════════════════╝
┌─ 09ad7..[55 digits]..19d9 → apple
└─ 177ca..[55 digits]..98a3 → <some gibberish value>
```
Which is in fact, a way of disguising the following tree:
```
╔═══════════════════════════════════════════════════════════════════╗
║ #f6ee5ad5391e966a7e0f24465d98ab5df2596e5987f189b67479d271b6e938a7 ║
╚═══════════════════════════════════════════════════════════════════╝
┌─ 09ad7..[55 digits]..19d9 → apple
└─ f #177cab65ae5d
├─ 3 #9a4b2591979d
│ ├─ 2e49b..[53 digits]..9728 → pomegranate
│ └─ 7d2a6..[53 digits]..d578 → kiwi
└─ a3c8d..[54 digits]..52ff → plum
```
The value is just chosen to be the pre-image of the 'f' node. However,
this completely breaks the logic and guarantee that comes with
insert/delete as now, one is able to add or remove entire parts of the
tree in one go.
The fix: includes the remaining key path in the leaf's hash, all the
way up to the root.
By including the remaining path (or suffix) in the final leaf, the
trie is made completely tampered proof as the root now fully depends
on not only the elements present in the tree, but also the structure
of the tree itself. So, the root tree effectively depends on the
number of branches, and their positions. So a situation like the above
is no longer possible; the first tree would yield a different root
hash and the proof would be invalid against the second tree.
NOTE: The on-chain implementation, as well as the proof serialisation
format must be adjusted.- Loading branch information
