* [Bitcoin-development] From block 0 to block 72499 the Merkle root is the same as the coinbase transaction id. Why is that?
@ 2014-09-20 15:38 Peter Grigor
2014-09-20 16:22 ` Christophe Biocca
2014-09-20 16:24 ` Peter Todd
0 siblings, 2 replies; 3+ messages in thread
From: Peter Grigor @ 2014-09-20 15:38 UTC (permalink / raw)
To: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 1 bytes --]
[-- Attachment #2: Type: text/html, Size: 26 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Bitcoin-development] From block 0 to block 72499 the Merkle root is the same as the coinbase transaction id. Why is that?
2014-09-20 15:38 [Bitcoin-development] From block 0 to block 72499 the Merkle root is the same as the coinbase transaction id. Why is that? Peter Grigor
@ 2014-09-20 16:22 ` Christophe Biocca
2014-09-20 16:24 ` Peter Todd
1 sibling, 0 replies; 3+ messages in thread
From: Christophe Biocca @ 2014-09-20 16:22 UTC (permalink / raw)
To: Peter Grigor; +Cc: bitcoin-development
1. Not all of them (just the ones that have a coinbase transaction and
nothing else).
2. The merkle root of a tree with just one item is the hash of that item.
On Sat, Sep 20, 2014 at 11:38 AM, Peter Grigor <peter@grigor•ws> wrote:
>
>
> ------------------------------------------------------------------------------
> Slashdot TV. Video for Nerds. Stuff that Matters.
> http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Bitcoin-development] From block 0 to block 72499 the Merkle root is the same as the coinbase transaction id. Why is that?
2014-09-20 15:38 [Bitcoin-development] From block 0 to block 72499 the Merkle root is the same as the coinbase transaction id. Why is that? Peter Grigor
2014-09-20 16:22 ` Christophe Biocca
@ 2014-09-20 16:24 ` Peter Todd
1 sibling, 0 replies; 3+ messages in thread
From: Peter Todd @ 2014-09-20 16:24 UTC (permalink / raw)
To: Peter Grigor; +Cc: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 2291 bytes --]
On Sat, Sep 20, 2014 at 08:38:15AM -0700, Peter Grigor wrote:
> From block 0 to block 72499 the Merkle root is the same as the
> coinbase transaction id. Why is that?
It's because of how the merkle tree algorithm works:
uint256 CBlock::BuildMerkleTree() const
{
vMerkleTree.clear();
So here all the txids are pushed onto the vMerkleTree vector:
BOOST_FOREACH(const CTransaction& tx, vtx)
vMerkleTree.push_back(tx.GetHash());
For most of the early blocks there's just the coinbase transaction and
no other transactions.
int j = 0;
for (int nSize = vtx.size(); nSize > 1; nSize = (nSize + 1) / 2)
That means this for loop never executes! nSize = vtx.size() == 1, and
the loop terminates when nSize <= 1
{
for (int i = 0; i < nSize; i += 2)
{
int i2 = std::min(i+1, nSize-1);
vMerkleTree.push_back(Hash(BEGIN(vMerkleTree[j+i]), END(vMerkleTree[j+i]),
BEGIN(vMerkleTree[j+i2]), END(vMerkleTree[j+i2])));
}
j += nSize;
}
return (vMerkleTree.empty() ? 0 : vMerkleTree.back());
}
Thus the vMerkleTree still has only the coinbase txid in it, and and
vMerkleTree.back() returns that txid as the merkle root. There's no
problem with the merkle root algorithm working that way - to make a long
story short all this means is that the merkle tree algorithm
consistently uses the txid as the merkle root whenever there is only one
transaction. The contents of the block is still being securely committed
to by the merkleroot, which is the important thing, and there's no way
to lie about those contents.
There is however a serious flaw in the algorithm, unrelated to the case
of a single transaction, where the merkle tree is indistinguishable from
a merkle tree with duplicate txids if there are a non-power-of-two
number of items in the tree. For bitcoin we fixed this flaw with BIP30
and BIP34; for any other application you should *never* use the Satoshi
merkle root calculation code. Get it right on day one and do things
correctly.
--
'peter'[:-1]@petertodd.org
00000000000000000fbf83c9e14d8711e4b2264ceda0d1d06d169c811387eadd
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-09-20 16:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-20 15:38 [Bitcoin-development] From block 0 to block 72499 the Merkle root is the same as the coinbase transaction id. Why is that? Peter Grigor
2014-09-20 16:22 ` Christophe Biocca
2014-09-20 16:24 ` Peter Todd
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox