Developers.Hash.TigerTree.Web

From Shareaza Wiki
Jump to navigation Jump to search

notes

[1] TigerTree is calculated by applying the Tiger hash to 1024-byte blocks of a stream, then combining the interim values through a binary hash tree.

so, it takes 1 KB chunks of a file, and hashes them

TigerTree Note that when encountering the word 'Tiger-Tree', an author may sometimes be referring to the Tiger Tree root hash, or at other times the entire hash tree structure.

so, there is a root hash, and seprately, an entire hash tree structure

[2] The idea is to break the file up into a number of small pieces, hash those pieces, and then iteratively combine and rehash the resulting hashes in a tree-like fashion until a single "root hash" is created.

With these, you can verify that S3 and S4 can combine up to create the ROOT -- even if other sources are providing bogus S1 and S2 segments.

flip one byte in a file and it's SHA1 hash is completely different, the internal tiger hash must be different to make the statement above possible

Consider for example an initial segment size of 1,024 bytes, and a file of 32GB. You could verify a single 1,024-byte block, with about 25 proof-assist values, or a block of size 16GB, with a single proof-assist value -- or anything in between.

what is a proof assist value?

The strength of the hash tree construct is only as strong as the underlying hash algorithm. Thus, it is RECOMMENDED that a secure hash algorithm such as SHA-1 be used as the basis of the hash tree.

shareaza doesn't use sha1 inside tiger tree, it uses the tiger hash algorithm instead

Thus the authors recommend a segment size of 1,024 bytes for most applications, as a sort of "smallest common denominator", even for applications involving multi-gigabyte or terabyte files.

the file is split into 1 KB chunks, each of which is hashed, and these hashes make up the leaves of the tree

The only information that needs to be obtained from a trusted source is the root hash and the segment size. The root hash by itself can be used to verify the integrity of the serialized tree and of the file itself.

the root hash and serialized tree are not the same thing how big is the serialized tree? it doesn't need to come from a trusted source - where does shareaza get it from?

The hashes would be serialized in the following order: ROOT, H, E, F, G, E, A, B, C, D, E.

oh, so the serialized tree is just all the hashes from the tree, listed one after the other so how much can you do without that? can you tell a piece is bad with just root, or do you need the whole tree