* Re: [Bitcoin-development] From block 0 to block 72499 the Merkle root is the same as the coinbase transaction id. Why is that?
2014-09-20 15:38 [Bitcoin-development] From block 0 to block 72499 the Merkle root is the same as the coinbase transaction id. Why is that? Peter Grigor
2014-09-20 16:22 ` Christophe Biocca
@ 2014-09-20 16:24 ` Peter Todd
1 sibling, 0 replies; 3+ messages in thread
From: Peter Todd @ 2014-09-20 16:24 UTC (permalink / raw)
To: Peter Grigor; +Cc: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 2291 bytes --]
On Sat, Sep 20, 2014 at 08:38:15AM -0700, Peter Grigor wrote:
> From block 0 to block 72499 the Merkle root is the same as the
> coinbase transaction id. Why is that?
It's because of how the merkle tree algorithm works:
uint256 CBlock::BuildMerkleTree() const
{
vMerkleTree.clear();
So here all the txids are pushed onto the vMerkleTree vector:
BOOST_FOREACH(const CTransaction& tx, vtx)
vMerkleTree.push_back(tx.GetHash());
For most of the early blocks there's just the coinbase transaction and
no other transactions.
int j = 0;
for (int nSize = vtx.size(); nSize > 1; nSize = (nSize + 1) / 2)
That means this for loop never executes! nSize = vtx.size() == 1, and
the loop terminates when nSize <= 1
{
for (int i = 0; i < nSize; i += 2)
{
int i2 = std::min(i+1, nSize-1);
vMerkleTree.push_back(Hash(BEGIN(vMerkleTree[j+i]), END(vMerkleTree[j+i]),
BEGIN(vMerkleTree[j+i2]), END(vMerkleTree[j+i2])));
}
j += nSize;
}
return (vMerkleTree.empty() ? 0 : vMerkleTree.back());
}
Thus the vMerkleTree still has only the coinbase txid in it, and and
vMerkleTree.back() returns that txid as the merkle root. There's no
problem with the merkle root algorithm working that way - to make a long
story short all this means is that the merkle tree algorithm
consistently uses the txid as the merkle root whenever there is only one
transaction. The contents of the block is still being securely committed
to by the merkleroot, which is the important thing, and there's no way
to lie about those contents.
There is however a serious flaw in the algorithm, unrelated to the case
of a single transaction, where the merkle tree is indistinguishable from
a merkle tree with duplicate txids if there are a non-power-of-two
number of items in the tree. For bitcoin we fixed this flaw with BIP30
and BIP34; for any other application you should *never* use the Satoshi
merkle root calculation code. Get it right on day one and do things
correctly.
--
'peter'[:-1]@petertodd.org
00000000000000000fbf83c9e14d8711e4b2264ceda0d1d06d169c811387eadd
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 650 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread