🔎Verification within a Merkle Tree:

Book an audit with Zokyo

Understanding Merkle Proofs in Blockchain

In the world of blockchain, the validity and integrity of transactions are paramount. This is where Merkle proofs come into play. These proofs allow participants in the network, even those operating "lightweight" or "partial" nodes, to verify the existence of a specific transaction in a block without having to download and inspect the entire blockchain, saving resources and ensuring scalability.

Recap: what is a Merkle Tree?

A Merkle tree is a binary tree wherein each leaf node represents a transaction's hash and each non-leaf node is the hash of its child nodes. Consider eight transactions, labelled A to H. A basic visual representation of the resulting Merkle tree would look like this:

Each of the transactions (A to H) is hashed individually, and these hashes form the leaf nodes of the tree. Each non-leaf node is created by hashing the concatenation of its child nodes. For instance, the parent node of A and B (denoted as AB) is obtained by hashing Hash(A) and Hash(B) together. This process is repeated until we reach the root of the tree. The Merkle root is a unique hash representing all the transactions in the block. again To construct this tree, each transaction (A through H) is hashed individually, creating the leaf nodes. Parent nodes are then created by hashing the concatenation of the hashes of their respective child nodes. This process is repeated up the tree until reaching the Merkle root, a unique hash representing all transactions in the block. Crafting a Merkle Proof for Transaction Verification

Suppose we wish to confirm that transaction C occurred and is included in the block represented by the tree above. For this, we would create a Merkle proof for transaction C Transaction C (or any other transaction in the blockchain) represents an action taken by a user in the blockchain network. This could be anything from sending cryptocurrency like Bitcoin or Ethereum to another user, executing a smart contract, or interacting with a decentralized application. The details of that action, such as the amount of cryptocurrency sent and the sender and recipient's addresses, are what make up the content of transaction C.

So, when we talk about constructing a Merkle proof for transaction C, it means that we're trying to verify an action that a user claims to have taken on the blockchain. Maybe they say they've sent some cryptocurrency to another user, and we want to confirm whether this is true.

By creating and validating a Merkle proof, we can definitively confirm that the user's action (in this case, transaction C) was recorded in a specific block in the blockchain. This is important not just for transparency and accountability, but also for the functionality of many blockchain applications. For example, a decentralized financial service might need to confirm that you really do own the cryptocurrency you're trying to deposit To create a Merkle proof for transaction C, we do as follows:

H(A-D) represents Hash(ABDC) and H(E-H) represents Hash(EFGH)

Let's delve deeper into the process of crafting a Merkle proof for a specific transaction, Transaction C, in this case. We will break down each step, clarifying the 'why' behind every action.

First, to understand the necessity of a Merkle proof, we need to remember that in a blockchain network, many participants (or nodes) may not hold a complete copy of all transactions. These participants, especially lightweight or mobile nodes, want to verify transactions without downloading the entire blockchain, which can be gigabytes or even terabytes in size. That's where the Merkle proof comes into play.

The Initial Steps

We start with the raw data of the transaction, transaction C in this case. The raw data of a transaction, such as the sender's address, recipient's address, and the amount transferred, is the direct output of a user's action on the network.

This raw data is then processed through a cryptographic hash function to create Hash(C), which is a unique representation of transaction C. This transformation serves two primary purposes. First, it secures the transaction's details because the hashing process is one-way - you can't derive the original data from the hash value. Second, it standardizes the data size, making it easier to manage and process, regardless of how much data is in the original transaction.

Sibling and Parent Nodes

Next, we identify the sibling of Hash(C), which is Hash(D) in our Merkle tree. This is crucial because Hash(D), as a neighbor to Hash(C), forms part of the 'path' or 'trail' to the root.

After that, we identify the sibling of the parent node, which is Hash(AB). Including Hash(AB) in our Merkle proof is crucial because, as with Hash(D), it is part of the 'path' to the root.

We include the information about the position of the siblings because the order of inputs matters in cryptographic hashing. Hash(AB) is not the same as Hash(BA). Knowing which sibling hash was on the left or right is important for correctly reconstructing the path to the root.

Reconstructing the Root

(Note, on the diagram above H(A-D) represents Hash(ABDC) and H(E-H) represents Hash(EFGH))

With these pieces of information - Hash(C), Hash(D), Hash(AB), and Hash(EFGH) - any participant can reconstruct the path from transaction C to the root:

1. First, the node computes Hash(CD) by hashing Hash(C) and Hash(D) together, remembering that D was on the right. This gives us the parent node of Hash(C), which we'll call Hash(CD).

2. Next, it computes Hash(ABCD) by hashing Hash(AB) and Hash(CD) together, recalling that AB was on the left. This gives us the parent node of Hash(AB), which we'll call Hash(ABCD).

3. Finally, the participant computes the root by hashing Hash(ABCD) and Hash(EFGH) together, giving us the Merkle root.

After this, the participant has a computed root hash, a replica of what the Merkle root would look like if transaction C indeed happened and was included in the block.

By performing these steps, we've demonstrated that with Hash(AB), Hash(D), Hash(EFGH), and the original transaction C, any participant can validate the inclusion of transaction C in the block, demonstrating the power and efficiency of Merkle Proofs.

The Final Check

But, how do we ensure the accuracy of this process? This is where the 'known' Merkle root comes into play. Each block in the blockchain comes with a 'known' Merkle root - the root that results from hashing all transactions in the block. This known root is widely accepted as the truthful representation of all transactions within that block.

Now, if the root derived from our Merkle proof calculations matches the known Merkle root, it verifies that transaction C did take place and was recorded in the block. This is the crucial final check that validates the accuracy of the Merkle proof.

The need to submit a Merkle proof, therefore, arises from the need for efficient, secure transaction verification in a distributed system like a blockchain. It provides a way for participants to confirm the existence and integrity of specific transactions without needing to store or process all transactions in a block. This enhances the scalability of blockchain technology, allowing it to support vast numbers of transactions while maintaining security and transparency.