Skip to main content

Merkle Tree Traversal in Log Space and Time

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNCS,volume 3027)


We present a technique for Merkle tree traversal which requires only logarithmic space and time. For a tree with N leaves, our algorithm computes sequential tree leaves and authentication path data in time 2 log2(N) and space less than 3 log2(N), where the units of computation are hash function evaluations or leaf value computations, and the units of space are the number of node values stored. This result is an asymptotic improvement over all other previous results (for example, measuring cost=space*time). We also prove that the complexity of our algorithm is optimal: There can exist no Merkle tree traversal algorithm which consumes both less than O(log2(N)) space and less than O(log2(N)) time. Our algorithm is especially of practical interest when space efficiency is required.


  • amortization
  • authentication path
  • Merkle tree
  • tail zipping
  • binary tree
  • fractal traversal
  • pebbling


  1. Coppersmith, D., Jakobsson, M.: Almost Optimal Hash Sequence Traversal. In: Financial Crypto 2002 (2002), Available at

  2. Jakobsson, M.: Fractal Hash Sequence Representation and Traversal. In: ISIT 2002, p. 437 (2002), Available at

  3. Jutla, C., Yung, M.: PayTree: Amortized-Signature for Flexible Micropayments. In: 2nd USENIX Workshop on Electronic Commerce, pp. 213–221 (1996)

    Google Scholar 

  4. Lamport, L.: Constructing Digital Signatures from a One Way Function. SRI International Technical Report CSL-98 (October 1979)

    Google Scholar 

  5. Lipmaa, H.: On Optimal Hash Tree Traversal for Interval Time-Stamping. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 357–371. Springer, Heidelberg (2002), Available at

    CrossRef  Google Scholar 

  6. Jakobsson, M., Leighton, T., Micali, S., Szydlo, M.: Fractal Merkle Tree Representation and Traversal. In: RSA Cryptographers Track, RSA Security Conference (2003)

    Google Scholar 

  7. Merkle, R.: Secrecy, Authentication, and Public Key Systems. UMI Research Press (1982); Also appears as a Stanford Ph.D. thesis in 1979 (1979)

    Google Scholar 

  8. Merkle, R.: A Digital Signature Based on a Conventional Encryption Function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)

    Google Scholar 

  9. Micali, S.: Efficient Certificate Revocation. In: RSA Cryptographers Track, RSA Security Conference, and U.S. Patent No. 5,666,416 (1997)

    Google Scholar 

  10. Malkin, T., Micciancio, D., Miner, S.: Efficient Generic Forward-Secure Signatures With An Unbounded Number Of Time Periods. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 400–417. Springer, Heidelberg (2002)

    CrossRef  Google Scholar 

  11. Perrig, A., Canetti, R., Tygar, D., Song, D.: The TESLA Broadcast Authentication Protocol. Cryptobytes 5(2), 2–13 (RSA Laboratories, Summer/Fall 2002), Available at

  12. Rivest, R., Shamir, A.: PayWord and MicroMint–Two Simple Micropayment Schemes. CryptoBytes 2(1), 7–11 (RSA Laboratories, Spring 1996), Available at

  13. FIPS PUB 180-1, Secure Hash Standard, SHA-1, Available at

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Szydlo, M. (2004). Merkle Tree Traversal in Log Space and Time. In: Cachin, C., Camenisch, J.L. (eds) Advances in Cryptology - EUROCRYPT 2004. EUROCRYPT 2004. Lecture Notes in Computer Science, vol 3027. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-21935-4

  • Online ISBN: 978-3-540-24676-3

  • eBook Packages: Springer Book Archive