Is this implementation safe against second preimage attacks?

[void4]

https://flawed.net.nz/2018/02/21/attacking-merkle-trees-with-a-second-preimage-attack/

https://en.wikipedia.org/wiki/Merkle_tree#Second_preimage_attack

[LucaPaterlini]

#16

[andreaskern]

Yes, but!

add_leaf() should per default apply a hash to the value, even if it is a list

so instead of add_leaf(value, do_hash) it should really be add_leaf(value, do_not_hash)

if you don't hash the leaf of a merkle tree you are not applying the correct merkle tree algorithm.

or even better add add_node(hash), make add_node([hash]) illegal, make a add_nodes([hash]), make add_leaf() always apply hash to the value, make add_leaves([value]) map the hash function over the list first.

[andreaskern]

After Re Reading the attack it should be possible.

So it is not safe.

[void4]

Can you add a note about this in the README?

[jdbertron]

This is from 2018 and still not fixed. Any chance you'll fix this with a 0x00 prefix for leaves and a 0x01 prefix for branches ?