From 09b09c1558a38ea9ba0a217c306e4664e46c2657 Mon Sep 17 00:00:00 2001 From: KJ Date: Sun, 4 Jul 2021 23:42:11 +0800 Subject: [PATCH] Update proof_of_space.md (#220) no +1 ? --- documents/proof_of_space.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documents/proof_of_space.md b/documents/proof_of_space.md index e93c1e65d..9f0f93b1c 100644 --- a/documents/proof_of_space.md +++ b/documents/proof_of_space.md @@ -818,7 +818,7 @@ The problem with the above construction is that the verifier can perform a Hellm The new idea in the paper is to construct a function $[N] \to [N]$ that can resist such attacks, by making the function hard to compute in the forward direction for a chosen input. -The function that has to be inverted is $f(x_1) = f_2(x_1, x_2)$, where $f_2(x_1, x_2) = H(x_1 || x_2)$, but with the requirement that $f_1(x_1) = f_1(x_2) + 1$, where $f_1(x)$ can be another hash function. +The function that has to be inverted is $f(x_1) = f_2(x_1, x_2)$, where $f_2(x_1, x_2) = H(x_1 || x_2)$, but with the requirement that $f_1(x_1) = f_1(x_2)$, where $f_1(x)$ can be another hash function. Given a challenge $Chall$, the prover must find $x_1$ and $x_2$. Since we cannot efficiently compute $f(x_1)$ for any $x_1$ (without storing the $f_1$ table), Hellman attacks can be mitigated. However, the entire $f$ function table can still be computed in quasilinear time.