1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
Delivery-date: Sat, 03 May 2025 05:08:00 -0700
Received: from mail-yw1-f185.google.com ([209.85.128.185])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBCJNLJPWXAIBBF4O3DAAMGQELWMKZWQ@googlegroups.com>)
id 1uBBex-0000SL-OW
for bitcoindev@gnusha.org; Sat, 03 May 2025 05:08:00 -0700
Received: by mail-yw1-f185.google.com with SMTP id 00721157ae682-708b6b57e67sf35513227b3.0
for <bitcoindev@gnusha.org>; Sat, 03 May 2025 05:07:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1746274074; x=1746878874; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=AKfWnzQdt8Cetx3u8ZEON95Sn8aM7+ZQsLlrd9bJh3k=;
b=MkHBCyN+Yp2v+QVLl938G2MfBJUFqHFiEpi/Ev1mXJvNj8JUGs6Q7QYr5sHypVGwHc
EioHCLAQo1Epd9LiMPpXPIy6Yt2hgAaebnrLtL8DdA+jygCb1H4Z4MrpqOQ+eeyijHpf
j2dbQdQpQAGfE1woyLgdrox33VqfqE1skgaibPLYckTVdNsz8+4gUuxo2ml6gvD12YXq
l8tYPitHqRXQHi6/Bb43ACup8j20kYSwdKhb5m4FnuOPQzUrlD2IDBa3CeOZjrVXmz2s
epAh4ZnkiPN7UnV+ukLSNiubo0siyfD8sQSB2QcpUNuHiujLg7QMq8WIC6oJxrhSbBSH
eNHg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1746274074; x=1746878874; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:from:to:cc
:subject:date:message-id:reply-to;
bh=AKfWnzQdt8Cetx3u8ZEON95Sn8aM7+ZQsLlrd9bJh3k=;
b=lRR5ebfeIo2qwanGIAr1wQ77VglgKjVKxdcPp6HSbymOwJMFQcbD0ruoOXNmbTICm/
f4Rd6uTwr7+Uil8qp9G2yOrQHTQv3AppWpv8yO84u7krtckZ52+ilp3LDopoboV+udaX
bJ/Oovhi8zB0KQJXygItPtaUqQCuHoy1Lqu3AcckEzXf33IiVGGU3vUn0ZLGeoKp2xVt
0GZ0KF9F2s4cjLRGG6eCD7ko36xAPXlsByYt475BCdxC2s4vc8c0Sh7sif95+lnqEuAY
ZFU9nQTLJnh4EJESn+n1v+iNAQkjPrGr1wdUZisOaCnqKDBCC4jzO3b4SK8gFxNRZIye
+UPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1746274074; x=1746878874;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:x-beenthere
:x-gm-message-state:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=AKfWnzQdt8Cetx3u8ZEON95Sn8aM7+ZQsLlrd9bJh3k=;
b=BPgpG/mG7eNwm+HF5k8AZu/y2oHd2LcnjU5D5tDUOjZW/2AGOZoz2eKewzYsaDn7JV
BedJGTsrAK6Bqy1r2Gygz+aAygFFdidpHyzSk7XrsyCD9duZ1kuZwOGpK7iBnJQqsBsz
xQyZAmAkl0U3pSh4N5BgH4963JRveB6q8aB74HAiN/NEQb98yx33r5r23oYABHFh8ID9
ecjwEvShNr7Uzc+0cX3IeENt04lzVorA3djQ+okdeHs2mzk3MCjMp5D6CPollhzlqwA6
h3Gm8aEVTsjXYt47P2ykN7xuB4hFt9u2NoCSO3aI/GrgcSThoF58A1lGABjVAC50sP8a
pQsA==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCW2nrJFV9pB5T0m9c0li9e3cJ2EyU+mVjZvWsOyWHWXgfAkaU2KhoMBgzdmJg+XYRo/c/XFJvvZH4sX@gnusha.org
X-Gm-Message-State: AOJu0Yz8AUcs1JFV2A7SGbd2YFlQaBPBWPC9tp4PgFttyB7y5qYO7KXw
kNr8rSFtHl2X85+enTcaKSrpV56sPtLdbBmYO1fcOD7aAFbFciAP
X-Google-Smtp-Source: AGHT+IE8mPQAv7bYOKOOJqYsHORY69+DRnkviy4c8uxJHuRfTSF0CQUlwWGyU+4rSn0cjGzTaxLRKg==
X-Received: by 2002:a05:6902:18cc:b0:e6e:84a:e7e5 with SMTP id 3f1490d57ef6-e757d0cc356mr855403276.7.1746274073887;
Sat, 03 May 2025 05:07:53 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AVT/gBHzXP3yr5pYH3AsHL4RoRV54Amqff+ZBOXu2wdAMHa9og==
Received: by 2002:a25:2d0e:0:b0:e74:6e83:3091 with SMTP id 3f1490d57ef6-e74dc4dae65ls1242940276.1.-pod-prod-01-us;
Sat, 03 May 2025 05:07:50 -0700 (PDT)
X-Received: by 2002:a05:690c:6308:b0:6ef:5c57:904 with SMTP id 00721157ae682-708cf00ed15mr82974807b3.7.1746274070648;
Sat, 03 May 2025 05:07:50 -0700 (PDT)
Received: by 2002:a81:d448:0:b0:706:b535:945d with SMTP id 00721157ae682-708cfda3e38ms7b3;
Sat, 3 May 2025 05:02:13 -0700 (PDT)
X-Received: by 2002:a05:690c:4c04:b0:702:46ca:dc7b with SMTP id 00721157ae682-708cf03e25amr92288587b3.16.1746273732438;
Sat, 03 May 2025 05:02:12 -0700 (PDT)
Date: Sat, 3 May 2025 05:02:12 -0700 (PDT)
From: Greg Maxwell <gmaxwell@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <fbf06c5b-57b6-4615-99bb-3a7ea31ebf22n@googlegroups.com>
In-Reply-To: <CAExE9c8XfEH__onX3DhUQh0OnvpoOLwRRp8+Z6PozyKGtqpspw@mail.gmail.com>
References: <CAPv7TjaM0tfbcBTRa0_713Bk6Y9jr+ShOC1KZi2V3V2zooTXyg@mail.gmail.com>
<cc2dfa79-89f0-4170-9725-894ea189a0e2n@googlegroups.com>
<CAPv7TjaDGr4HCdQ0rR6_ma5zh2umU9r3_529szdswn_GjjnuCw@mail.gmail.com>
<69194329-4ce6-4272-acc5-fd913a7986f3n@googlegroups.com>
<CAExE9c8XfEH__onX3DhUQh0OnvpoOLwRRp8+Z6PozyKGtqpspw@mail.gmail.com>
Subject: Re: [bitcoindev] Re: SwiftSync - smarter synchronization with hints
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_114048_2047070228.1746273732107"
X-Original-Sender: gmaxwell@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
------=_Part_114048_2047070228.1746273732107
Content-Type: multipart/alternative;
boundary="----=_Part_114049_1352252162.1746273732107"
------=_Part_114049_1352252162.1746273732107
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
On Saturday, May 3, 2025 at 11:55:28=E2=80=AFAM UTC Sanket Kanjalkar wrote:
> hash(UTXO_A||salt) + hash(UTXO_B||salt) - hash(UTXO_C||salt) -=20
hash(UTXO_D||salt) =3D=3D 0 (proving (A=3D=3DC && B=3D=3DD) || (A=3D=3DD &&=
B=3D=3DC))
What if instead of hash we encrypt with AES and modular add/subs? I cannot=
=20
prove it; but I also don't see a clear way this is broken.=20
1. Sample random symmetric key `k`
2. Instead of above; AES_k(UTXO_A) + AES_k(UTXO_B) - AES_k(UTXO_C) -=20
AES(UTXO_D) =3D=3D 0 =3D> (proving (A=3D=3DC && B=3D=3DD) || (A=3D=3DD && =
B=3D=3DC))?
AES in CTR mode is, I'm not sure about other modes? Obviously CTR mode=20
would be unsuitable! (I mean sure modular add/sub and xor are different=20
operations but they are quite close). I think that in many modes the=20
collision resistance would have to at least be restricted by the birthday=
=20
bound with the small block size. I think CMC might be needed to avoid that=
=20
sort of issue.
=20
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
fbf06c5b-57b6-4615-99bb-3a7ea31ebf22n%40googlegroups.com.
------=_Part_114049_1352252162.1746273732107
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div><div dir=3D"auto">On Saturday, May 3, 2025 at 11:55:28=E2=80=AFAM UTC =
Sanket Kanjalkar wrote:<br /></div><blockquote style=3D"margin: 0px 0px 0px=
0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div=
dir=3D"ltr">> hash(UTXO_A||salt) + hash(UTXO_B||salt) - hash(UTXO_C||sa=
lt) - hash(UTXO_D||salt) =3D=3D 0 (proving (A=3D=3DC && B=3D=3DD) |=
| (A=3D=3DD && B=3D=3DC))<br /><br /></div><div dir=3D"ltr">What if=
instead of hash we encrypt with AES and modular add/subs? I cannot prove i=
t; but I also don't see a clear way this is broken.=C2=A0<br /><br />1. Sam=
ple random symmetric key `k`<br />2. Instead of above; AES_k(UTXO_A) + AES_=
k(UTXO_B) - AES_k(UTXO_C) - AES(UTXO_D) =3D=3D 0 =3D>=C2=A0=C2=A0(provin=
g (A=3D=3DC && B=3D=3DD) || (A=3D=3DD && B=3D=3DC))?</div><=
/blockquote><div><br /></div><div>AES in CTR mode is, I'm not sure about ot=
her modes? Obviously CTR mode would be unsuitable! (I mean sure modular add=
/sub and xor are different operations but they are quite close).=C2=A0 I th=
ink that in many modes the collision resistance would have to at least be r=
estricted by the birthday bound with the small block size. I think CMC migh=
t be needed to avoid that sort of issue.</div><div><br /></div><div>=C2=A0<=
/div></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/fbf06c5b-57b6-4615-99bb-3a7ea31ebf22n%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
ev/fbf06c5b-57b6-4615-99bb-3a7ea31ebf22n%40googlegroups.com</a>.<br />
------=_Part_114049_1352252162.1746273732107--
------=_Part_114048_2047070228.1746273732107--
|
