I've been digging into Merkle trees lately and got to say, they play a big role in blockchains. They're like this clever way of organizing data, making sure all the transactions on the bitcoin network are securely stored. From what I've learned, they help miners check if transactions have been messed with, clear out any duplicates, and there's no lag when data is sent around the network. Plus, they sum up and keep track of all transactions in a block, creating a digital fingerprint for validation so users can easily verify if a transaction's part of a block.
It seems pretty clear to me that Merkle trees are essential in blockchain tech. But I'm curious about what would happen if they weren't part of the blockchain. What kind of issues would we run into without them? Any feedback would be awesome, as I’m trying to get a better grasp of bitcoin's technical side.
What if Merkle trees were left out of the blockchain?
15 replies 442 views
1. Bitcoin itself doesn't use encryption cryptography.
2. I'm not sure what do you mean by data identification, since Bitcoin is pseudonymous.
What would happen? SPV mechanism would be more difficult and less efficient, since it needs to download whole block which contain relevant TX.
SwiftMinerSenior Member
Posts: 259 · Reputation: 1036
#3Oct 10, 2020, 01:59 PM
Lack of usage of the Merkel tree would actually have a lot of negative effects on the network. One of them is that every transaction would need to be stored individually, leading to more space occupied in the blockchain. Also, without Merkle trees, verifying transactions would require checking every single transaction, making the process slower.
To a very large extent, merkle trees actually provide a way to efficiently verify transaction inclusion without revealing sensitive information. Without them, the blockchain would be more vulnerable to attacks, congestion and a less efficient proof of work system. Infact block propagation will be much slower.
Node prunning would not be possible since there would be no link to most data needed if everything is stored individually. Many things will be affected from congestion to high fee as a result of the fact that more computational power will be needed.
I have several thought and question,
1. Full node (excluding pruned ones) actually verify/check and store all transaction. So what exactly do you mean by "Also, without Merkle trees, verifying transactions would require checking every single transaction, making the process slower." ?
2. I don't understand how it makes node pruning impossible. After all, pruned node just need to store recent block and UTXO in order to verify new block.
3. How exactly lack of merkle tree would lead to high fee when transaction size and block size limit remain not changed?
Do you mind explain it more clearly?
Because it easier to identify and verify a large body of information that are store in blockchain and help miners identify easily when any transaction have been tempered with.
SwiftMinerSenior Member
Posts: 259 · Reputation: 1036
#6Oct 11, 2020, 12:34 AM
You're right about the aspect of full nodes storing and verifying all transactions. However without Merkle trees, verifying a transaction would require checking the entire block, not just the transaction itself. And that's because in a Merkle tree, transactions are hashed and combined in pairs, forming a tree-like structure and this actually allows nodes to efficiently verify a transaction by checking only the relevant branches of the tree. Now, without Merkle trees, nodes would need to verify the entire block by checking every transaction's signature, scripts, and other data. Just to verify it's POW stamp and origin.
Think of it like searching for a specific book in a library, with Merkle trees, you can quickly locate the book by checking the catalog (Merkle root) and then verifying the book's existence by checking only the relevant shelf (Merkle branch). And this kinda means that without Merkle trees, you'd need to search the entire library, checking every book individually.
As for the pruned nodes aspect,yes they actually store recent blocks and UTXOs. However, without Merkle trees, pruned nodes would struggle to efficiently verify new blocks, as they'll need to check every transaction in the block, not just the relevant ones. Meaning you will not only waste computational power but also if there is no Merkel tree some branches of data may be missing causing difficulties in a prunned node from getting the origin and POW data of a transaction since there is no branch like link and some data isn't present.
It's either i don't understand your statement or you didn't double check what you write, but
1. You admit that full node verify all transaction, but you also say that without merkle tree full node need to check whole block / every transaction in the block. That means it's not disadvantage of lack of merkle root.
2. Pruned node (at least for Bitcoin Core) doesn't even keep old merkle tree according to https://bitcoin.stackexchange.com/a/36101.
I think you need to explain further why lack of merkle trees leads to congestion, centralization and lower rates adaption. After all,
1. Merkle tree doesn't determine block size limit, which means total transaction which can fit in a block doesn't change.
2. Full nodes verify whole block, where lack of merkle tree wouldn't have such major impact on verification time.
3. Average user doesn't know or care about how Bitcoin works in details.
CMIIW.
Merkle trees are for the transactions, and they are included in each block for its own transactions.
They allow the Core client to verify that all of the transactions in the block are valid and intended to be there. There's one for TXIDs and another for WTXIDs (to validate both legacy transactions and their segwit versions, if applicable).
There's a specific process described in a BIP somewhere that dictates how the transactions are supposed to be ordered before hashing them as leaves. That is because they are combined two at a time, unless the number of transactions is odd, in which case I think the last transaction skips a branch or something.
SwiftMinerSenior Member
Posts: 259 · Reputation: 1036
#10Oct 13, 2020, 07:09 AM
Well it seems you haven't fully gotten my point. I don't know why but my telegram bot didn't display this mention if not I would have replied earlier I decided to check the thread while I was surfing and found you quoted me with some questions again. Firstly I think the problem is you are actually viewing the whole situation as if full nodes don't make use of the Merkel tree and that's not the case here.
Computers or rather ASIC mining wares are actually designed to carry out one particular task efficiently and that simply means that they would need to make use of Merkel trees to validate transactions so even in the case of a full node, for a faster and more efficient validation it would use the Merkel tree instead of individual scattered data.
Yes but it still keeps the newest ones to show how important the Merkel tree is. You can't risk having ungrouped data (data without the Merkel tree) for a node without all the data since you could risk missing out some important data.
Every transaction is stored individually. Bitcoin does not use the Merkle tree to delete transactions
Every single transaction is verified
DYOR
They're not crucial. Are you sure you did any research?
It is crucial to have a commitment in the block header which represents all the transactions in a way that allows proof that the transactions have not been modified after the block was created. A hash (SHA2-256 is used) serves as a proof because it is not forgeable
It is crucial to minimize the size of the block header, so that block-level chain proofs can be very fast. A hash is only 32 bytes. It serves as an efficient compression of several thousand transactions
The hash commitment which represents the transactions could be calculated by serializing all the transactions in order and making a single hash calculation
The hash commitment which represents the transactions could be calculated by concatenating all the transactions' ID hashes in order and making a single hash calculation
Merkle trees have benefits for coders - a clearer separation between the function of a transaction and the hashing functions used to implement immutability in the chain. This benefit persists over the long term, reducing the possibility of bugs being created by future software maintenance
Not crucial, but very useful
DYOR
I still don't get your point.
1. I'm sure ASIC miner doesn't perform verification at all, since it's only designed to perform SHA-256.
2. Computer generally designed to perform general or all kinds of tasks.
3. Full node already verify all TX. In fact, it already verify most/all of them when it reached their mempool, before added in a block.
That makes sense. Without merkle tree, there's no information on block header which can be used to know about whether you receive complete block data from other node.
SwiftMinerSenior Member
Posts: 259 · Reputation: 1036
#14Oct 13, 2020, 11:02 PM
Exactly now you get my point. This was the main reason why I said earlier on that without the implementation of Merkel trees , there would pretty much be no group data in an organised format to be able to select key ones to form a prunned node. It's like saying you want to confirm is a couple of books are not fake and available in a library when you don't even have the whole library and a catalogue (which is a Merkel tree in this case). In simple terms I'll just say the Merkel tree makes it possible for prunned nodes to summarise the block chain and save space.
As for this, ASIC mining wares carryout hashing, and if you agree to that then you will also recall that hashing is carried out multiple times on the block header during hashing and validation meaning without Merkel trees there wouldn't be data grouped so that you can have a head to hash on.
I see. It seems your definition of verification is far more broad than mine, which caused some confusion.
Then, instead of a single 256-bit number, you would have only the transaction counter in the block message, and all transactions after that.
If you use a hash function like SHA-256, which is based on MerkleDamgård construction, then things can be optimized, and then done in SPV way. For example: you can give someone the initialization vector, just before the latest SHA-256 internal block, and the last 512-bit chunk. It would be sufficient to verify, that the hash of the whole block was mined correctly.
The same about proving transaction inclusion: even if you hash all data, as a single SHA-256 call, then still: you can prove, that a chunk "X" is included, by giving the initialization vector, some chunks in-between, and a final SHA-256 result, for that specific chunk.
So, SPV would be of course harder, but still possible, because SHA-256 splits data into 512-bit chunks by definition.
Edit: With Merkle tree:
What is hashed, and how:
And without Merkle tree, it would be still possible to prove data inclusion. For example: if you share with anyone, that there is a chunk of data, which starts from "bc909a33 6358bff0 90ccac7d 1e59caa8 c3c8d8e9 4f0103c8 96b18736 4719f91b", and ends with "af42031e 805ff493 a07341e2 f74ff581 49d22ab9 ba19f613 43e2c86c 71c5d66d", then, the only matching in-between data, is equal to this "second chunk". And: the size of in-between data can be arbitrarily large, you will just share the starting 256-bit value, and the ending 256-bit value, and then, you can prove, that as long as SHA-256 is safe, nobody changed anything here.
?Reply
Sign in to reply to this topic
Related topics
- Extracting R values from blockchain signatures 14
- Bitcoin Core displaying coins (UTXOs) in a new tab 13
- Are you in favor of BIP-110? Let's get a Bitcoin poll going. 0
- Erlay seems to have some issues here’s a better proposal for a bitcoin protocol without invites 3
- New Optional Hourglass Implementation is Live 3
- Ways to earn some sats by contributing to bitcoin core development 5