: For total size ( n ), the binary representation of ( n ) determines the peaks. If ( n = \sum_j=1^t 2^k_j ) (binary expansion), there are ( t ) peaks. 7. Complexity Bounds: Why Merkle is "Top" 7.1 Lower bound for static data authentication Theorem 5 (Lower bound): Any authentication scheme for ( n ) independent data blocks that allows verification of a single block with less than ( \log_2 n ) transmitted cryptographic digests is insecure against a computationally unbounded adversary, assuming no pre-verifier state beyond root.
:
Thus, Merkle trees achieve (information-theoretically optimal) proof size up to constant factors. 4. Security Analysis: Collision Resistance and Binding 4.1 Formal Security Model Let ( H : 0,1^* \to 0,1^m ) be a cryptographic hash function (assumed collision-resistant). matematicka analiza merkle 19pdf top
Proof size = ( O(\log n) ) still holds, but path pruning reduces storage. For append-only logs without fixed ( n ), Merkle Mountain Ranges (MMRs) allow dynamic insertion with ( O(\log n) ) proof updates. The structure is a set of perfect binary trees (peaks). : For total size ( n ), the