A concept in Satoshi Nakamoto's creation paper is SPV, which means simple payment verification in Chinese. From here we can see that SPV refers to "payment verification" rather than "transaction verification", so what is the difference between the two? Difference? To put it simply, payment verification only needs to verify whether the transaction has been confirmed, while transaction verification needs to verify whether the transaction meets some conditions, such as whether the "balance" is sufficient, and whether there is double spending in the transaction, etc. For some problems, the transaction will be verified only after everything is OK. It can be seen that transaction verification is more complicated than payment verification, so it is usually completed by mining nodes, while payment verification only requires an ordinary light wallet. can be completed. Now there is a question, how is SPV implemented? The answer is the Merkel tree, which is the topic we are going to talk about today. After understanding the Merkel tree, you can understand SPV in retrospect.
What is a Merkle Tree?
Merkle tree is a binary tree, consisting of a set of leaf nodes, a set of intermediate nodes and a root node, see the figure below:
Let’s briefly talk about this picture. Let’s start from the bottom. D0, D1, D2 and D3 are the data contained in the leaf nodes, which is the value of the leaf node. Continue to look up. N0, N1, N2 and N3 are Leaf node, which is the hash value obtained after hashing the data (that is, D0, D1, D2 and D3); continuing to look up, N4 and N5 are intermediate nodes, which are obtained by hashing N0 and N1 respectively. The hash value and the hash value obtained by the hash operation of N2 and N3. Note that they merge two adjacent leaf nodes into a string, and then calculate the hash of this string; then go up, the Root node It is the hash value obtained after hashing N4 and N5. This is the root hash of this Merkel tree.
By analyzing this, we can probably know that the bottom large number of leaf nodes in the Merkel tree contain basic data; each intermediate node is the hash of its two leaf nodes, and the root node is also the hash of its two child nodes. Si, represents the top of the Merkel tree.
It can also be seen from the structure of the Merkel tree that if the transaction of any leaf node is modified, the hash value of the leaf node will change, and finally the hash value of the root node will change. Therefore, the determined hash value of the root node can accurately be used as the unique summary of a set of transactions.
Now you can summarize the characteristics of the Merkel tree:
1. The first is the structure of its tree. The common structure of the Merkel tree is a binary tree, but it can also be A multi-fork tree has all the characteristics of a tree structure.
2. The basic data of the Merkel tree is not fixed. It is up to you to decide what data you want to store, because it only needs the hash value obtained by hashing the data.
3. The Merkel tree is calculated layer by layer from bottom to top, that is to say, each intermediate node is calculated based on the combination of two adjacent leaf nodes, and the root node is calculated based on the combination of two intermediate nodes. , so the leaf nodes are the basis.
How to verify a transaction through Merkle tree?
After roughly understanding what a Merkle tree is, you may have a question: How does a Merkle tree verify a transaction? This is the SPV (payment verification) we mentioned above. Look at the picture below:
Suppose we want to verify that there is a transaction with a hash value of 9Dog:64 (green box) in the block. We only need to know 1FXq:18, ec20, 8f74 (yellow box) to calculate 781a, 5c71 and Root nodes (pink box). ), if the final calculated Root node hash is consistent with the hash (6c0a) recorded in the block header, it means that the transaction exists in the block. This is because of the two points I mentioned above. One is that the Merkle tree is calculated layer by layer from bottom to top, so as long as you know the hash value of another adjacent node, you can calculate it all the way up to the root node. , and the other is that the hash value of the root node can accurately be used as the unique summary of a set of transactions. Based on these two points, you can verify whether a transaction exists.
Merkle tree in Bitcoin
After introducing the basic knowledge of Merkle trees, let’s take a look at what the Merkle tree in Bitcoin looks like. Look at the picture below:
You can see that the block header contains the hash value of the root node, while the intermediate nodes, leaf nodes and basic data are placed in the block body.
One thing that needs to be mentioned here is that the Merkle tree in the bit network is a binary tree, so it requires an even number of leaf nodes. If there are only an odd number of transactions that need to be summarized, the last transaction will be copied to form an even number of leaf nodes. This tree with an even number of leaf nodes is also called a balanced tree.
Typical application scenarios of Merkle tree
The application scenarios of Merkle trees are actually very wide, and a typical one is P2P downloading. When transmitting data in a point-to-point network, data will be downloaded from multiple machines at the same time, and many machines can be considered unstable or untrustworthy. In order to verify the integrity of the data, a better approach is to split the large file into small data blocks (for example, into 2K data blocks). The advantage of this is that if a small piece of data is damaged during transmission, you only need to re-download this piece of data instead of re-downloading the entire file.
How to make sure that small data blocks are not damaged? Just do a Hash for each data block. When downloading BT, before downloading the real data, we will first download a Hash list. So the question comes again, how to determine whether the Hash list format is correct? The answer is to put the hash value of each small piece of data together, and then perform a hash operation on the long string, so as to obtain the root hash of the hash list. When downloading data, first get the correct root hash from a trusted data source, then use it to verify the hash list, and then verify the data block through the verified hash list.
In addition to P2P downloads, Merkle trees can also be used to quickly compare large amounts of data, because when two Merkel trees have the same root, it means that the data they represent must be the same. It can also be used to implement zero-knowledge proof (zero-knowledge proof means that the prover can make the verifier believe that a certain assertion is correct without providing any useful information to the verifier. For example, you You want me to prove to you that I own a certain key. At this time, I don’t need to show you the key directly. Instead, I use the key to open the lock and take out something in the cabinet to show you to prove that I own this key. Key), I will talk about zero-knowledge proof later when I have time. ZCash uses zero-knowledge proof to achieve the purpose of transaction anonymity. If you are interested, you can find the information.