On Thu, Sep 7, 2017 at 1:55 AM, Peter Todd <p...@petertodd.org> wrote:
> On Wed, Sep 06, 2017 at 09:59:54PM -0400, Russell O'Connor via bitcoin-dev > wrote: > > The fast hash for internal nodes needs to use an IV that is not the > > standard SHA-256 IV. Instead needs to use some other fixed value, which > > should itself be the SHA-256 hash of some fixed string (e.g. the string > > "BIP ???" or "Fash SHA-256"). > > Note that in general, designs should *not* create new hash functions by > using > custom IVs, but rather use bog-standard SHA256, and make a fixed first > block. > That allows unoptimised implementations to just hash a block with the > second > initialization value, and optimized implementations to start with the fixed > midstate. I 100% agree. With SHA256 every final state is also a valid midstate. Therefore, using a custom IV of the SHA256 hash of some fixed string results in a hash of data that is functionally equivalent to prefixing the data with the padded version of the fixed string and using a regular SHA256 hash of the combined data. This is important and I should have explicitly pointed it out.
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
