Files

 v0.24.2-beta.rc1

/

rolling_merkle.go

Blame

Blame

Latest commit

 

History

History

136 lines (123 loc) · 4.47 KB

 v0.24.2-beta.rc1

/

rolling_merkle.go

Top

File metadata and controls

• Code
• Blame

136 lines (123 loc) · 4.47 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

package blockchain

import (

"math/bits"

"github.com/btcsuite/btcd/btcutil"

"github.com/btcsuite/btcd/chaincfg/chainhash"

)

// rollingMerkleTreeStore calculates the merkle root by only allocating O(logN)

// memory where N is the total amount of leaves being included in the tree.

type rollingMerkleTreeStore struct {

// roots are where the temporary merkle roots get stored while the

// merkle root is being calculated.

roots []chainhash.Hash

// numLeaves is the total leaves the store has processed. numLeaves

// is required for the root calculation algorithm to work.

numLeaves uint64

}

// newRollingMerkleTreeStore returns a rollingMerkleTreeStore with the roots

// allocated based on the passed in size.

//

// NOTE: If more elements are added in than the passed in size, there will be

// additional allocations which in turn hurts performance.

func newRollingMerkleTreeStore(size uint64) rollingMerkleTreeStore {

var alloc int

if size != 0 {

alloc = bits.Len64(size - 1)

}

return rollingMerkleTreeStore{roots: make([]chainhash.Hash, 0, alloc)}

}

// add adds a single hash to the merkle tree store. Refer to algorithm 1 "AddOne" in

// the utreexo paper (https://eprint.iacr.org/2019/611.pdf) for the exact algorithm.

func (s *rollingMerkleTreeStore) add(add chainhash.Hash) {

// We can tell where the roots are by looking at the binary representation

// of the numLeaves. Wherever there's a 1, there's a root.

//

// numLeaves of 8 will be '1000' in binary, so there will be one root at

// row 3. numLeaves of 3 will be '11' in binary, so there's two roots. One at

// row 0 and one at row 1. Row 0 is the leaf row.

//

// In this loop below, we're looking for these roots by checking if there's

// a '1', starting from the LSB. If there is a '1', we'll hash the root being

// added with that root until we hit a '0'.

newRoot := add

for h := uint8(0); (s.numLeaves>>h)&1 == 1; h++ {

// Pop off the last root.

var root chainhash.Hash

root, s.roots = s.roots[len(s.roots)-1], s.roots[:len(s.roots)-1]

// Calculate the hash of the new root and append it.

newRoot = HashMerkleBranches(&root, &newRoot)

}

s.roots = append(s.roots, newRoot)

s.numLeaves++

}

// calcMerkleRoot returns the merkle root for the passed in transactions.

func (s *rollingMerkleTreeStore) calcMerkleRoot(adds []*btcutil.Tx, witness bool) chainhash.Hash {

for i := range adds {

// If we're computing a witness merkle root, instead of the

// regular txid, we use the modified wtxid which includes a

// transaction's witness data within the digest. Additionally,

// the coinbase's wtxid is all zeroes.

switch {

case witness && i == 0:

var zeroHash chainhash.Hash

s.add(zeroHash)

case witness:

s.add(*adds[i].WitnessHash())

default:

s.add(*adds[i].Hash())

}

}

// If we only have one leaf, then the hash of that tx is the merkle root.

if s.numLeaves == 1 {

return s.roots[0]

}

// Add on the last tx again if there's an odd number of txs.

if len(adds) > 0 && len(adds)%2 != 0 {

switch {

case witness:

s.add(*adds[len(adds)-1].WitnessHash())

default:

s.add(*adds[len(adds)-1].Hash())

}

}

// If we still have more than 1 root after adding on the last tx again,

// we need to do the same for the upper rows.

//

// For example, the below tree has 6 leaves. For row 1, you'll need to

// hash 'F' with itself to create 'C' so you have something to hash with

// 'B'. For bigger trees we may need to do the same in rows 2 or 3 as

// well.

//

// row :3 A

// / \

// row :2 B C

// / \ / \

// row :1 D E F F

// / \ / \ / \

// row :0 1 2 3 4 5 6

for len(s.roots) > 1 {

// If we have to keep adding the last node in the set, bitshift

// the num leaves right by 1. This effectively moves the row up

// for calculation. We do this until we reach a row where there's

// an odd number of leaves.

//

// row :3 A

// / \

// row :2 B C D

// / \ / \ / \

// row :1 E F G H I J

// / \ / \ / \ / \ / \ / \

// row :0 1 2 3 4 5 6 7 8 9 10 11 12

//

// In the above tree, 12 leaves were added and there's an odd amount

// of leaves at row 2. Because of this, we'll bitshift right twice.

currentLeaves := s.numLeaves

for h := uint8(0); (currentLeaves>>h)&1 == 0; h++ {

s.numLeaves >>= 1

}

// Add the last root again so that it'll get hashed with itself.

h := s.roots[len(s.roots)-1]

s.add(h)

}

return s.roots[0]

}