Merkle Tree Generator
Build Merkle trees from any list of leaves. Compute root hashes, visualize the full tree, and generate inclusion proofs for any leaf. SHA-256 and Keccak-256 supported.
5 leafves — last leaf duplicated to make even
Hash Algorithm
Options
How Merkle Trees Work
A Merkle tree is built bottom-up from a set of leaf values. Each leaf is hashed individually, then pairs of adjacent hashes are concatenated and hashed again to produce the next level. This process repeats until only one hash remains — the Merkle root. If the number of leaves is odd, the last leaf is duplicated to create an even number of pairs.
Hash Leaves
Each input value is hashed with the chosen algorithm (SHA-256 or Keccak-256).
Combine Pairs
Adjacent hashes are concatenated (optionally sorted) and hashed together to form the next level.
Root Hash
The process repeats upward until a single root hash is produced, summarizing all data.
Merkle Proofs and Verification
A Merkle proof enables verifying that a specific leaf belongs to a tree without having all other leaves. The proof contains only the sibling hash at each tree level from the leaf to the root. Given the leaf, the proof, and the root, a verifier can re-compute the path and confirm that the result matches the trusted root. For a tree of N leaves, the proof is only log₂(N) hashes long.
| Leaves | Tree Depth | Proof Size (hashes) |
|---|---|---|
| 8 | 3 | 3 |
| 16 | 4 | 4 |
| 1,024 | 10 | 10 |
| 1,000,000 | 20 | 20 |
| 1,000,000,000 | 30 | 30 |
Common Blockchain Applications
Merkle trees appear throughout blockchain infrastructure. Bitcoin uses them to summarize block transactions — the root is in every block header, allowing light clients (SPV nodes) to verify a payment with a 500-byte proof instead of downloading the entire block. Ethereum uses Patricia-Merkle tries for state, transactions, and receipts. Modern ERC-20 airdrop contracts use Keccak-256 Merkle trees with sorted pairs so that eligible addresses can be verified on-chain in O(log N) cost with only a small proof array stored off-chain.
Frequently Asked Questions
What is a Merkle tree?
A Merkle tree is a binary tree structure where every leaf node contains a cryptographic hash of a data block, and every non-leaf node contains the hash of its two child nodes. This allows efficient and secure verification that any single piece of data is part of a larger dataset without needing the full dataset. Merkle trees are foundational to Bitcoin, Ethereum, and most distributed systems requiring tamper-proof data integrity.
What is a Merkle root?
The Merkle root is the single hash at the top of the tree that cryptographically summarizes all the data in the tree. If any leaf value changes, every hash along the path to the root will change too, producing a completely different root hash. In Bitcoin, the Merkle root of all transactions in a block is stored in the block header, making it impossible to tamper with any transaction without invalidating the block.
What is a Merkle proof?
A Merkle proof (also called an inclusion proof or audit proof) is a set of sibling hashes along the path from a specific leaf to the root. Given a leaf value, its proof, and the root hash, anyone can verify that the leaf is in the tree by re-computing the path and checking that it produces the known root — without needing all other leaf data. This makes Merkle proofs extremely compact: a proof for a tree of 1 million leaves requires only 20 hashes (log2 of 1 million).
What is the difference between sorted and unsorted Merkle trees?
In an unsorted Merkle tree, siblings are concatenated in their natural left-to-right order. In a sorted tree, the smaller hash always goes on the left before concatenation. Sorting produces deterministic results regardless of how leaves are ordered and is commonly used in smart contract applications (such as Merkle airdrop contracts) so that proof generation is order-independent. OpenZeppelin's MerkleProof library uses sorted pairs by default.
Why use Keccak-256 instead of SHA-256 for blockchain use?
Keccak-256 is the hash function used natively by the Ethereum Virtual Machine (EVM). It is what the Solidity keccak256() built-in calls. If you are building a smart contract that verifies Merkle proofs on-chain (e.g., for whitelists, airdrops, or allowlists), you must use Keccak-256 to produce hashes that match what the EVM will compute. SHA-256 is more common for Bitcoin-related use cases and general data integrity. Both are cryptographically secure for Merkle tree construction.