Why are transactions stored in a hash/merkle tree ?

[Skybuck]

Hello,

There is something I don't understand about bitcoin:

Why are the transactions stored in a hash/merkle tree ?

Why simply not store them sequential and calculate a single hash over all of them ?

Only reason I can think of is "more security" because of hash tree, more hashes to calculate...

Seems kind of cheesy.

One possible reason could be "quantum computers" merkle hash tree might protect a bit more against it.

Bye,
  Skybuck.

[1715238272]

1715238272

[1715238272]

1715238272

[1715238272]

1715238272

[Stefan Thomas]

If they were stored sequentially, you'd need all transactions to verify that any single one belongs to a given block. With a merkle tree, you only need to provide the transaction and the merkle branch to prove that this transaction in fact appears in this block.

[deepceleron]

Transactions are not "stored" in a hash tree, but rather the proof-of-work that says a block is authentic is based on hashing the Merkle tree input of all the transactions. The Merkle root and a nonce (salt) is what miners are hashing to find a high-difficulty solution. Since the final Merkle root hash is always a 32 byte word size, this gives several desirable properties:

1. The Merkle root input is always the same small size, making it a consistent amount of work, easily transmittable for pooled mining, and simplifying writing hashing algorithms and the dataset size used in hardware.

2. The "shape" of the input data looks nothing like transactions, so if there was a preimage attack for SHA256, the obfuscating layers of hashing make it more impenetrable.

3. The Merkle tree gives several layers of checksumming that could be used to validate individual transactions, verify the tree, or verify the block.

4. Transactions are broken into blocks, and the previous block's hash is included in the current block, making a long strong blockchain of valid transactions.

It's not really much hashing, considering that you only need recalculate it once per new transaction a miner receives, and generating a block typically takes 5000 trillion hashes anyway.

[DeathAndTaxes]

The largest advantage is it can lead to lite clients which don't need full blocks and instead can request block headers and merkle branch from other nodes.  This isn't implemented yet and I believe one of the developers indicated it may require a seperate protocol.

The use of merkle tree can also allow blockchain pruning by removing older transactions once a newer transaction for a particular address is deep enough in the block chain.  With a single hash for all transactions this wouldn't be possible not without some mechanism to re-sign the pruned block and that would require some sort of alternate proof-of-work to ensure decentralized consensus.

More generally speaking using a merkle tree allows more granularity in transaction validation.  You can validate an entire block, a group of transactions, or just a single transaction.  Using a merkle tree allows options to deal w/ future issues that the network may need to deal with.