lbcd/merkle.go

109 lines
3.9 KiB
Go
Raw Normal View History

2014-01-09 06:52:54 +01:00
// Copyright (c) 2013-2014 Conformal Systems LLC.
2013-07-18 16:49:28 +02:00
// Use of this source code is governed by an ISC
// license that can be found in the LICENSE file.
package btcchain
import (
"github.com/conformal/btcutil"
"github.com/conformal/btcwire"
"math"
)
// nextPowerOfTwo returns the next highest power of two from a given number if
// it is not already a power of two. This is a helper function used during the
// calculation of a merkle tree.
func nextPowerOfTwo(n int) int {
// Return the number if it's already a power of 2.
if n&(n-1) == 0 {
return n
}
// Figure out and return the next power of two.
exponent := uint(math.Log2(float64(n))) + 1
return 1 << exponent // 2^exponent
}
2014-05-22 19:29:39 +02:00
// HashMerkleBranches takes two hashes, treated as the left and right tree
2013-07-18 16:49:28 +02:00
// nodes, and returns the hash of their concatenation. This is a helper
2014-05-22 19:29:39 +02:00
// function used to aid in the generation of a merkle tree.
func HashMerkleBranches(left *btcwire.ShaHash, right *btcwire.ShaHash) *btcwire.ShaHash {
2013-07-18 16:49:28 +02:00
// Concatenate the left and right nodes.
var sha [btcwire.HashSize * 2]byte
copy(sha[:btcwire.HashSize], left.Bytes())
copy(sha[btcwire.HashSize:], right.Bytes())
// Create a new sha hash from the double sha 256. Ignore the error
// here since SetBytes can't fail here due to the fact DoubleSha256
// always returns a []byte of the right size regardless of input.
newSha, _ := btcwire.NewShaHash(btcwire.DoubleSha256(sha[:]))
return newSha
}
// BuildMerkleTreeStore creates a merkle tree from a slice of transactions,
// stores it using a linear array, and returns a slice of the backing array. A
// linear array was chosen as opposed to an actual tree structure since it uses
// about half as much memory. The following describes a merkle tree and how it
// is stored in a linear array.
2013-07-18 16:49:28 +02:00
//
// A merkle tree is a tree in which every non-leaf node is the hash of its
// children nodes. A diagram depicting how this works for bitcoin transactions
// where h(x) is a double sha256 follows:
//
// root = h1234 = h(h12 + h34)
// / \
// h12 = h(h1 + h2) h34 = h(h3 + h4)
// / \ / \
// h1 = h(tx1) h2 = h(tx2) h3 = h(tx3) h4 = h(tx4)
//
// The above stored as a linear array is as follows:
//
// [h1 h2 h3 h4 h12 h34 root]
//
// As the above shows, the merkle root is always the last element in the array.
//
// The number of inputs is not always a power of two which results in a
// balanced tree structure as above. In that case, parent nodes with no
// children are also zero and parent nodes with only a single left node
// are calculated by concatenating the left node with itself before hashing.
// Since this function uses nodes that are pointers to the hashes, empty nodes
// will be nil.
func BuildMerkleTreeStore(transactions []*btcutil.Tx) []*btcwire.ShaHash {
2013-07-18 16:49:28 +02:00
// Calculate how many entries are required to hold the binary merkle
// tree as a linear array and create an array of that size.
nextPoT := nextPowerOfTwo(len(transactions))
2013-07-18 16:49:28 +02:00
arraySize := nextPoT*2 - 1
merkles := make([]*btcwire.ShaHash, arraySize)
// Create the base transaction shas and populate the array with them.
for i, tx := range transactions {
merkles[i] = tx.Sha()
2013-07-18 16:49:28 +02:00
}
// Start the array offset after the last transaction and adjusted to the
// next power of two.
offset := nextPoT
for i := 0; i < arraySize-1; i += 2 {
switch {
// When there is no left child node, the parent is nil too.
case merkles[i] == nil:
merkles[offset] = nil
// When there is no right child, the parent is generated by
// hashing the concatenation of the left child with itself.
case merkles[i+1] == nil:
2014-05-22 19:29:39 +02:00
newSha := HashMerkleBranches(merkles[i], merkles[i])
2013-07-18 16:49:28 +02:00
merkles[offset] = newSha
// The normal case sets the parent node to the double sha256
// of the concatentation of the left and right children.
default:
2014-05-22 19:29:39 +02:00
newSha := HashMerkleBranches(merkles[i], merkles[i+1])
2013-07-18 16:49:28 +02:00
merkles[offset] = newSha
}
offset++
}
return merkles
}