4844: use hash_tree_root for tx hash
#6385
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
c-update
All tests passed; auto-merging...(pass) eip-4844.md
|
|
Strongly support going in this direction. We have a medium-term goal of moving transactions as a whole away from RLP and Merkle Patricia trees to SSZ, and The main downside that I see is that this will break some infrastructure that depends on |
|
The signed hash must be protected against malleability In this example, both type
Foo = object
a: uint64
b: uint64
c: uint64
Bar = object
a: uint64
b: uint64
c: uint64
d: uint64
let
foo = Foo(
a: 0x42,
b: 0x42,
c: 0x42)
bar = Bar(
a: 0x42,
b: 0x42,
c: 0x42,
d: 0)
debug "Foo", f = toHex(hash_tree_root(foo).data)
debug "Bar", f = toHex(hash_tree_root(bar).data)The transaction hash should be perpetually stable and unique. In consensus, there is Overall, the solution should be compatible with whatever we are deciding during ethereum/pm#721 regarding the overarching SSZ As for security, if we decide to mix |
etan-status
added a commit
to etan-status/EIPs
that referenced
this pull request
Feb 10, 2023
This PR builds on top of prior work from: - @lightclient at ethereum#6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction.
etan-status
added a commit
to etan-status/EIPs
that referenced
this pull request
Feb 10, 2023
This PR builds on top of prior work from: - @lightclient at ethereum#6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction.
etan-status
added a commit
to etan-status/EIPs
that referenced
this pull request
Feb 10, 2023
This PR builds on top of prior work from: - @lightclient at ethereum#6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction.
|
Attempt to fix malleability: #6493 |
etan-status
added a commit
to etan-status/EIPs
that referenced
this pull request
Feb 10, 2023
This PR builds on top of prior work from: - @lightclient at ethereum#6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction.
etan-status
added a commit
to etan-status/EIPs
that referenced
this pull request
Feb 10, 2023
This PR builds on top of prior work from: - @lightclient at ethereum#6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction.
|
Thanks @etan-status I understand the issue with malleability now. I will close this in favor of #6493 |
eth-bot
pushed a commit
that referenced
this pull request
Feb 26, 2023
* Update EIP-4844: `hash_tree_root` based transaction hashes This PR builds on top of prior work from: - @lightclient at #6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction. * Fix `signed_tx_hash` * Use static chain ID for purpose of domain computation * Extract SSZ signature scheme to EIP for reuse * Add URL * Split 4844 changes to separate PR * Fix * rm redundant test * Apply most of @g11tech's review Co-authored-by: g11tech <[email protected]> --------- Co-authored-by: Gavin John <[email protected]> Co-authored-by: g11tech <[email protected]>
fulldecent
pushed a commit
to fulldecent/EIPs
that referenced
this pull request
Mar 13, 2023
* Update EIP-4844: `hash_tree_root` based transaction hashes This PR builds on top of prior work from: - @lightclient at ethereum#6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction. * Fix `signed_tx_hash` * Use static chain ID for purpose of domain computation * Extract SSZ signature scheme to EIP for reuse * Add URL * Split 4844 changes to separate PR * Fix * rm redundant test * Apply most of @g11tech's review Co-authored-by: g11tech <[email protected]> --------- Co-authored-by: Gavin John <[email protected]> Co-authored-by: g11tech <[email protected]>
axelcabee
pushed a commit
to axelcabee/EIPs
that referenced
this pull request
May 6, 2023
* Update EIP-4844: `hash_tree_root` based transaction hashes This PR builds on top of prior work from: - @lightclient at ethereum#6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction. * Fix `signed_tx_hash` * Use static chain ID for purpose of domain computation * Extract SSZ signature scheme to EIP for reuse * Add URL * Split 4844 changes to separate PR * Fix * rm redundant test * Apply most of @g11tech's review Co-authored-by: g11tech <[email protected]> --------- Co-authored-by: Gavin John <[email protected]> Co-authored-by: g11tech <[email protected]>
GAEAlimited
pushed a commit
to GAEAlimited/EIPs
that referenced
this pull request
Jun 19, 2024
* Update EIP-4844: `hash_tree_root` based transaction hashes This PR builds on top of prior work from: - @lightclient at ethereum#6385 The signature malleability issue in the original PR is addressed by reusing the consensus `compute_signing_root` mechanism to link each hash with the transaction's underlying `chain_id` and `tx_type`. Note that this makes the transaction hashes different from the plain `hash_tree_root` values. This means that if the `transactions_root` MPT is replaced with SSZ (EIP-6404), that the `transaction_hash` would need to be tracked separately, same as for legacy RLP-based transactions. This is mainly a cosmetic issue, not a practical one. In an SSZ tx tree, we could simply include both the HTR as well as the perpetual tx hash. Cryptographic analysis may be necessary to determine the amount by which the hash collision probability is increased, if we use different hashing algorithms for transactions. On the other hand, using different algo for SSZ transactions reduces the impact of a custom network defining 0x05 as a RLP transaction that might serialize same as the blob SSZ transaction. * Fix `signed_tx_hash` * Use static chain ID for purpose of domain computation * Extract SSZ signature scheme to EIP for reuse * Add URL * Split 4844 changes to separate PR * Fix * rm redundant test * Apply most of @g11tech's review Co-authored-by: g11tech <[email protected]> --------- Co-authored-by: Gavin John <[email protected]> Co-authored-by: g11tech <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I think we should move to
hash_tree_rootfor calculating the transaction hash of 4844 transactions if we plan to migrate to an SSZ list of transactions.The reason for staying with (and originally choosing) keccak is that it fits nicely into the expectation that the MPT hashing algorithm has for leaves greater than 32 bytes, it will simply take the keccak of it.