April 6, 2023

Understanding Merkle Trees

Advantages and drawbacks of the Merkle tree approach.

In this article, I will be exploring Merkle trees.

Merkle Tree Meme


Merkle trees have found their most popular use case in the Bitcoin blockchain. They are tree-like data structures where each node is a cryptographic hash of its child nodes. The Merkle root, located at the top of the tree, represents the entire dataset.

A Merkle tree is a collision-resistant hash function, denoted by 𝖬𝖧𝖳, which takes n inputs (x1,x2,……,xn) and outputs a Merkle root hash h=𝖬𝖧𝖳(x1,x2,……,xn).

Merkle trees are used to store and verify transactions. Transactions are first hashed individually and then grouped together in pairs, which are then hashed again to create new nodes. This process is repeated until there is only one node left, the Merkle root.

A Verifier has the root node hash H and it can be given an xi with an associated Merkle proof that proves that xi was the ith input used to compute h.

Creating a Merkle Tree

Let us start by taking an example of an input array A = (x1, x2, x3, x4, x5, x6, x7, x8). It has 8 elements. If we have to create a Merkle Tree from it, following will be the process.

  • Take pairs of input and pass it through a cryptographic hash functions which is collision resistant.
  • Take the output of that and go recursive until you reach one value.
  • That value becomes the root node.

A hash function H is collision resistant if it is computationally intractable (it is algorithmically impossible to find a solution for breaking collision resistance in this lifetime!) for an adversary to find two different inputs x and x′ with the same hash (i.e., with H(x)=H(x′)).

Merkle Tree Verification

Mathematically, a Merkle Hash Tree can be represented as follows:

Merkle root = MHT(x1, x2, … , x8)
= h(
h( h(x1), h(x2) ), h( h(x3), h(x4) ) ),
h( h(x5), h(x6) ), h( h(x7), h(x8) )

This again shows us the recursiveness of Merkle trees.

Now, let's say we are given an input x* and we are asked if it belongs to the array which was used to create the Merkle tree.

We can use part of a Merkle hash tree and fill in the blanks in the diagram below to get a Merkle root node. Now, if the Merkle root node matches the original Merkle root node then we can say with absolute certainty that x* belonged in the array at 5th spot.

Merkle Tree Advantages

Using Merkle trees has several advantages for a blockchain. Firstly, it allows for efficient transaction verification. Instead of verifying each transaction individually, a node can verify the Merkle root, which represents the entire dataset.

Secondly, it allows for compact storage of transactions. The Merkle tree enables only the Merkle root to be stored instead of storing all transactions in one block, which is much smaller.

Finally, Merkle trees allow for quick synchronization of nodes. When a new node joins the network, it requests only the Merkle root instead of the entire dataset, allowing for faster and more efficient sync.

Merkle Tree Drawbacks

While Merkle Trees provide several benefits to blockchain technology, there are some potential issues to consider.

One issue is the possibility of a collision attack, where two different sets of data result in the same Merkle root. This can potentially allow for malicious actors to tamper with the data without being detected.

Another issue is the potential for a 51% attack, where a single entity or group controls the majority of the network's computing power. In this scenario, the attacker could potentially modify transactions and their corresponding hashes in the Merkle tree, which could then be accepted by the network as valid.

It's important to note that while these issues exist, they do not necessarily render Merkle trees ineffective. Proper implementation and security measures can help mitigate these risks and ensure the integrity of the blockchain.


Apart from blockchains, Merkle trees can also be used to detect malicious or accidental modifications of any of your files if downloading from malicious channels.

While Merkle trees are a widely used and effective method for storing and verifying data in blockchain technology, there are some alternative approaches as well.

One such approach is the use of Sparse Merkle trees, which are similar to regular Merkle trees but only store the non-empty leaves of the tree. This can reduce the storage requirements and improve efficiency in some cases.

A Merkle tree with n leaves has O(log2 n)-sized proofs. In large trees, sending the proofs can dominate bandwidth consumption. Vector commitments (VCs) pose a potential alternative to Merkle trees, with constant-sized proofs.

Space and Time, being a decentralized data warehouse, is also inspired from various methods like Merkle trees, etc. However, Proof of SQL has its own implementation which is used to solve the problems of decentralization. Our proofs team has been working to create a sustainable method which improves on Merkle trees and uses various approaches from zk-SNARKs. We will write more on that soon.

Ultimately, the choice of data structure for a blockchain system will depend on the specific needs and requirements of the network. Merkle trees remain a popular and effective choice for many blockchain applications, but other options may be more suitable in certain cases.