Merkle Tree Simulator: Build & Verify Cryptographic Proofs

simulator intermediate ~10 min
Loading simulation...
Root: 3a7f...c2d1 — 8 transactions, depth 3

Eight transactions produce a Merkle tree of depth 3. Proving any single transaction's inclusion requires only 3 sibling hashes — a dramatic compression from 8 transactions to 3 proof elements.

Formula

root = H(H(H(tx₀||tx₁) || H(tx₂||tx₃)) || ...)
proof_size = ⌈log₂(N)⌉
tree_depth = ⌈log₂(N)⌉

Trees of Trust

Ralph Merkle's 1979 invention elegantly solves a fundamental problem: how do you efficiently verify the integrity of a large data set? A Merkle tree hashes pairs of data blocks at the leaves, then hashes pairs of hashes at the next level, continuing until a single root hash remains. This 32-byte root is a cryptographic fingerprint of the entire data set — change one bit anywhere, and the root changes unpredictably.

Logarithmic Proofs

The power of Merkle trees lies in their proof efficiency. To prove that a specific transaction is included in a block with N transactions, you need only log₂(N) hashes — the sibling at each level along the path from leaf to root. For a Bitcoin block with 2000 transactions, that is just 11 hashes (352 bytes) instead of transmitting all 2000 transactions. This enables mobile wallets to verify payments without downloading the entire blockchain.

Tamper Detection

When you tamper with any leaf in this simulator, watch the cascade: the leaf hash changes, its parent changes, the grandparent changes, all the way to the root. This avalanche effect — inherited from the underlying hash function — means there is no way to modify a transaction without changing the Merkle root stored in the block header. And since block headers are chained together, modifying one root invalidates every subsequent block.

Beyond Blockchain

Merkle trees are used far beyond cryptocurrency. Git uses them to track file changes efficiently. Certificate Transparency logs use Merkle trees to detect rogue SSL certificates. IPFS uses them for content addressing. Any system that needs to verify data integrity across distributed, untrusted participants benefits from Merkle's elegant construction.

FAQ

What is a Merkle tree?

A Merkle tree (or hash tree) is a binary tree where each leaf contains the hash of a data block and each internal node contains the hash of its two children. The root hash (Merkle root) is a compact fingerprint of all the data. Any change to any leaf cascades to the root, making tampering detectable. Invented by Ralph Merkle in 1979.

How does Merkle proof (inclusion proof) work?

To prove a transaction is in a block, you only need the sibling hashes along the path from the leaf to the root — O(log N) hashes instead of all N transactions. The verifier recomputes the path upward and checks that it matches the known Merkle root. This enables lightweight SPV (simplified payment verification) clients.

Why do blockchains use Merkle trees?

Merkle trees allow efficient and secure verification of large data sets. Bitcoin block headers contain only the 32-byte Merkle root, not all transactions. This enables light clients to verify transaction inclusion without downloading the full block, and allows pruning old transactions while preserving integrity proofs.

What happens if a transaction is tampered with?

Changing even one bit of any transaction changes its leaf hash, which changes its parent hash, which propagates all the way to the root. The new root will not match the root stored in the block header, immediately revealing the tampering. This cascading effect is the foundation of blockchain immutability.

Sources

Other simulations: Cryptocurrency & Blockchain

simulator

Blockchain Mining Simulator
simulator

Consensus Algorithm Visualizer
simulator

Cryptographic Hash Function Explorer
simulator

Proof-of-Work Puzzle

Embed

<iframe src="https://homo-deus.com/lab/cryptocurrency/merkle-tree/embed" width="100%" height="400" frameborder="0"></iframe>
View source on GitHub