merkle-lib

2.0.10 • Public • Published

merkle-lib

Build Status NPM

js-standard-style

A performance conscious library for merkle root and tree calculations.

NOTE: As is, this implementation is vulnerable to a forgery attack (as a second pre-image attack), see these[1][2] crypto.stackexchange questions for an explanation. To avoid this vulnerability, you should pre-hash your leaves using a different hash function than the function provided such that H(x) != H'(x).

Examples

Preamble

var crypto = require('crypto')
 
function sha256 (data) {
  return crypto.createHash('sha256').update(data).digest()
}
 
var data = [
  'cafebeef',
  'ffffffff',
  'aaaaaaaa',
  'bbbbbbbb',
  'cccccccc'
].map(x => new Buffer(x, 'hex'))
 
// ... now, the examples

Tree

var merkle = require('merkle-lib')
var tree = merkle(data, sha256)
 
console.log(tree.map(x => x.toString('hex')))
// => [
//  'cafebeef',
//  'ffffffff',
//  'aaaaaaaa',
//  'bbbbbbbb',
//  'cccccccc',
//  'bda5c39dec343da54ce91c57bf8e796c2ca16a1bd8cae6a2cefbdd16efc32578',
//  '8b722baf6775a313f1032ba9984c0dce32ff3c40d7a67b5df8de4dbaa43a3db0',
//  '3d2f424783df5853c8d7121b1371650c04241f318e1b0cd46bedbc805b9164c3',
//  'bb232963fd0efdeacb0fd76e26cf69055fa5facc19a5f5c2f2f27a6925d1db2f',
//  '2256e70bea2c591190a0d4d6c1415acd7458fae84d8d85cdc68b851da27777d4',
//  'c2692b0e127b3b774a92f6e1d8ff8c3a5ea9eef9a1d389fe294f0a7a2fec9be1'
//]

Root only (equivalent to tree[tree.length - 1])

var fastRoot = require('merkle-lib/fastRoot')
var root = fastRoot(data, sha256)
 
console.log(root.toString('hex'))
// => 'c2692b0e127b3b774a92f6e1d8ff8c3a5ea9eef9a1d389fe294f0a7a2fec9be1'

Proof (with verify)

var merkleProof = require('merkle-lib/proof')
var proof = merkleProof(tree, data[0])
 
if (proof === null) {
  console.error('No proof exists!')
}
 
console.log(proof.map(x => x && x.toString('hex')))
// => [
//   'cafebeef',
//   'ffffffff',
//   null,
//   '8b722baf6775a313f1032ba9984c0dce32ff3c40d7a67b5df8de4dbaa43a3db0',
//   null,
//   '2256e70bea2c591190a0d4d6c1415acd7458fae84d8d85cdc68b851da27777d4',
//   'c2692b0e127b3b774a92f6e1d8ff8c3a5ea9eef9a1d389fe294f0a7a2fec9be1'
// ]
 
console.log(merkleProof.verify(proof, sha256))
// => true

Credits

Thanks to Meni Rosenfield on bitcointalk for the math.

Package Sidebar

Install

npm i merkle-lib

Weekly Downloads

46,893

Version

2.0.10

License

MIT

Last publish

Collaborators

  • junderw
  • fanatid
  • jprichardson