익명 16:26

Why store Merkle tree of transactions rather than global ledger state?

Why store Merkle tree of transactions rather than global ledger state?

I'm implementing my own Cryptocurrency similar to Bitcoin from scratch in C++ (just for learning and deeper understanding) and had an interesting design question.

My understanding is that the Merkle tree is only for nodes that do not want to download the entire blockchain ("lite nodes") ... so they can be sent a single transaction and verify it by getting the hashes of all previous blocks and a number of hashes logarithmic in the number of transactions within a particular block.

It seems to me you could accomplish something with similar functionality by instead computing the Merkle tree over the entire ledger state. Even with 1 billion accounts, this comes down to 30 hashes to verify a portion of the ledger. You would write the merkle root of the ledger state to the root of each block node. To verify a transaction you just download the new account value, along with the 30 or so hashes.

Assuming a 20byte wallet address + 8byte double for value ... we get ~28GB of data for a billion addresses... doable in memory on beefy modern server hardware.

This is how I am thinking of approaching it in my design -- am I missing something critical in the security model here?



Top Answer/Comment:

It seems to me that this would be a performance hit with no real benefits.

Committing a Merkle root of the UTXO set to each block would certainly be possible (of course you would need to devise an algorithm to build the Merkle tree deterministically, as each client would have to do that by itself), and with some clever performance optimizations (as you mentioned in the comments, you might not need to rebuild the entire Merkle tree for each block) it might be somewhat manageable.

However, SPV clients (who use the Merkle tree of transactions) can already "prove" (to the extent that non-full nodes can prove anything) that a UTXO has been created by a transaction. Using the Merkle root of the UTXO set would only add the ability to prove that the specific UTXO hasn't yet been spent by another transaction.

If the UTXO belongs to you then you probably don't need to ask other nodes if you've already spent it. If the UTXO doesn't belong to you then you probably don't need to know anything about it. In short, I don't see a use case.

상단 광고의 [X] 버튼을 누르면 내용이 보입니다