What is a Merkle tree?
A tree of hashes where each leaf is the SHA-256 of an artefact and each internal node is the SHA-256 of its two children's concatenation. The root hash commits to every leaf — change any leaf, and the root changes.
Glossary · crypto
Merkle tree
A binary hash tree that lets a single root hash commit to an arbitrarily large set of artefacts, with cheap inclusion proofs.
Why use one for evidence packs?
A pack has 24 artefacts. Without a Merkle tree we'd sign each one individually (24 signatures) or sign a flat hash of all of them (no per-artefact proof). The Merkle tree gives us one signed root and the ability to prove any individual artefact's membership in the pack with a log₂(N)-sized proof (5 hashes for our 32-leaf padded tree).
How does Importable assemble the tree?
Leaves are ordered by the canonical ordinal (artefact #1 first, #24 last) and padded with SHA-256("") up to the next power of two (32 leaves). Parents are SHA-256(left ‖ right). The root is signed by the hub master Ed25519 key. The assembly is deterministic — any verifier with the same artefacts gets the same root.
What attacks does this prevent?
Substitution attacks on individual artefacts (the root changes), reordering attacks (the ordinal is fixed in the spec), and addition or removal attacks (the leaf count is fixed at 24 + padding to 32). The signature on the root means even Importable cannot retroactively alter a pack.
Citations
Related
Last reviewed by Lead engineer,