From b5115b3398b2be1d52e321d50cad36a6bfd3ba78 Mon Sep 17 00:00:00 2001 From: Philipp Gackstatter Date: Wed, 25 Oct 2023 12:50:30 +0100 Subject: [PATCH] Improve merkle tree section, clarify serialization --- tips/TIP-0045/tip-0045.md | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/tips/TIP-0045/tip-0045.md b/tips/TIP-0045/tip-0045.md index 1a26a2ffc..fe3461456 100644 --- a/tips/TIP-0045/tip-0045.md +++ b/tips/TIP-0045/tip-0045.md @@ -43,12 +43,16 @@ to a Block Issuance Credits account. ## Merkle Tree A [merkle tree](https://en.wikipedia.org/wiki/Merkle_tree) is a tree data structure that allows for efficient proofs of -inclusion. +inclusion. The serialization schemes defined here are only for a merkle proof of a value in the tree or for the tree's +merkle root. As the tree itself can be represented as the array of its leaves, it does not have its own serialization +scheme. + +### Merkle Proof A merkle tree proof is serialized as one of two possible schemas: A tree node or the hash of the value for which the proof is computed. A `Leaf Hash` schema is additionally used in tree nodes, but cannot be at the top-level of a proof. -### Node +#### Node
Node @@ -107,7 +111,7 @@ proof is computed. A `Leaf Hash` schema is additionally used in tree nodes, but -### Leaf Hash +#### Leaf Hash
Leaf Hash @@ -137,7 +141,7 @@ proof is computed. A `Leaf Hash` schema is additionally used in tree nodes, but -### Value Hash +#### Value Hash
Value Hash @@ -167,7 +171,7 @@ proof is computed. A `Leaf Hash` schema is additionally used in tree nodes, but -### Proof Computation +#### Proof Computation A **merkle proof** is computed as follows: @@ -213,13 +217,13 @@ A **merkle proof** is computed as follows: - `Left` set to a `Leaf Hash` with its `Hash` field set to `Hash Subtree(Leaves[0:Split])`. - `Right` set to the result of `Compute Proof(Leaves[Split:Leaves Len], Index)`. -### Root Computation +### Merkle Root The **merkle root** is a `ByteArray[32]` and can be computed from two different inputs: -- From a merkle tree with its array of `Leaves` by calling `Hash Subtree(Leaves)`. -- From a merkle proof by calling `Hash Component` on the top-level component of the proof, where `Hash Component` is - defined as: +- From a merkle tree with its array of `Leaves` by executing `Hash Subtree(Leaves)`. +- From a merkle proof by executing `Hash Component` on the top-level component of the proof, where + `Hash Component(Merkle Tree Component)` is a procedure defined as: - If the component is a `Leaf Hash`, return its field `Hash`. - If the component is a `Value Hash`, return its field `Hash`. - If the component is a `Node` return `Hash Node(Hash Component(Left), Hash Component(Right))`. @@ -592,8 +596,8 @@ that the output and its ID match which in turn renders the Inputs Commitment unn More generally, this setup is also useful to prove that a given transaction produced an output with a certain state. -Such an Output ID Proof is a [merkle proof](#merkle-tree), with the array of the serialized `Outputs` as the `Leaves` of -the tree. +Such an Output ID Proof is a [merkle proof](#merkle-proof), with the array of the serialized `Outputs` as the `Leaves` +of the tree. A proof is serialized as follows: @@ -718,9 +722,9 @@ A proof is serialized as follows: -By computing the [merkle root](#root-computation) from the `Output Commitment Proof` the -[Transaction ID](#transaction-id) and Output ID can be reconstructed, using the other fields of the proof. The -`Output ID Proof` can thus be used to prove that a given Output ID was derived from a given Output. +By computing the [merkle root](#merkle-root) from the `Output Commitment Proof` the [Transaction ID](#transaction-id) +and Output ID can be reconstructed, using the other fields of the proof. The `Output ID Proof` can thus be used to prove +that a given Output ID was derived from a given Output. ### Transaction ID @@ -729,8 +733,8 @@ A Transaction ID consists of two commitments, the _Transaction Commitment_ and t - Let `Transaction Bytes` be the concatenated serialization of the fields from `Network ID` to `Payload`. - Let `Transaction Commitment` be the BLAKE2b-256 hash of `Transaction Bytes`. -- Let `Output Commitment` be the [merkle root](#root-computation) over the merkle tree with the serialized `Outputs` as - its `Leaves`. +- Let `Output Commitment` be the [merkle root](#merkle-root) over the merkle tree with the serialized `Outputs` as its + `Leaves`. - Let `ID` be the BLAKE2b-256 of the concatenation of `Transaction Commitment` and `Output Commitment`. - Construct the `Transaction ID` as the concatenation of the `ID` and the little-endian encoded `Creation Slot`.