Cryptothreads.io

Ethereum Merkle Tree: Inside Ethereum’s Data Structure

How does Ethereum prove the state of millions of accounts in 32 bytes? Inside the Merkle Patricia Trie – the data structure holding the network together.

Ethereum Merkle Tree: Inside Ethereum’s Data Structure

Key takeaways

  • Merkle Tree is the foundational structure that lets a single hash represent any amount of data – change any piece, and the root changes too.
  • Ethereum can't use a plain Merkle tree because its state changes every block. It needs a structure that supports fast key-based access, efficient updates, and cryptographic verification at the same time.
  • The solution is the Merkle Patricia Trie (MPT) – a hybrid where every account address becomes a path through the trie, and every node is hashed up to a single root.
  • Ethereum maintains four tries: the State Trie (mutable, network-wide), the Storage Trie (one per contract), the Transaction Trie, and the Receipt Trie (both per-block and immutable).

An Ethereum Merkle Tree is the cryptographic data structure that holds all of Ethereum's data – accounts, balances, smart contracts, transactions – and condenses it into a single 32-byte hash called the root.

Ethereum actually uses a specialized version called the Merkle Patricia Trie, designed to handle a state that changes every block. Understanding how it works starts with the simpler structure it builds on.

What Is a Merkle Tree?

Merkle tree is a tree-shaped data structure where every leaf node contains a hash of some data, and every non-leaf node contains a hash derived from its child nodes. The single hash at the top – the Merkle root – represents the entire dataset in 32 bytes. 

The clever part is verification:

  • You don't need the whole dataset to prove a piece of data exists in the tree.
  • You only need a small list of sibling hashes along the path from your leaf to the root – a Merkle proof.
  • Anyone who knows the root hash can re-compute the path and confirm the data is authentic.

This is why Merkle trees became foundational in blockchains. Bitcoin uses them to commit to transactions inside each block, so that lightweight clients can verify a payment without storing the full chain. The structure was originally described by Ralph Merkle in 1979.

Merkle trees give blockchain networks three useful properties at once:

  • Tamper detection: any change reshapes the root.
  • Efficient proofs: proof size grows logarithmically with the dataset.
  • Constant-size commitment: one hash describes any amount of data.
what is a merkle tree
A 4-leaf Merkle tree: data blocks are hashed pairwise upward until a single root remains. The structure scales logarithmically, verifying one item in a billion-item tree requires checking only ~30 hashes.

Why Ethereum Needs a Special Merkle Tree

Ethereum can't use a plain Merkle tree because its state changes every single block, and a plain Merkle tree is built for static datasets, not for fast updates and lookups by key. 

Ethereum's state is more like a giant key-value database than a transaction log:

  • Keys = account addresses
  • Values = balances, transaction counts, contract code, contract storage

Every transaction can modify this map – a token transfer, a DeFi swap, or a contract deployment all change account values.

According to Vitalik Buterin, "the state in Ethereum is a key-value map" where the keys are addresses and the values are nonces, balances, code, and storage.

A plain Merkle tree would create three problems for this workload:

  • No efficient lookup by key. Leaves are organized by position, not by key, so finding "the account at address 0x742d..." would require scanning every leaf.
  • Expensive updates. Each state change would force re-hashing of a large portion of the tree, even when only one value changed.
  • No clean way to insert or delete. Ethereum accounts are created and destroyed constantly, and the structure must absorb this without recalculating everything.

Ethereum's design needed something that combined a Merkle tree's cryptographic guarantees with a data structure built for fast key-based access.

Ethereum’s Solution: The Merkle Patricia Trie (MPT)

Ethereum's answer to the limitations of a plain Merkle tree is the Merkle Patricia Trie (MPT) – a data structure that combines a prefix tree's fast key-based access with a Merkle tree's cryptographic verification.

It lets Ethereum look up any account by address in just a few steps, update only the affected nodes when state changes, and still commit the entire state to a single 32-byte root hash.

The Merkle Patricia Trie is a hybrid data structure that merges two ideas:

  • Patricia trie: a prefix tree that stores key-value pairs efficiently.
  • Merkle tree: which provides cryptographic verification.

The result is a key-value store where every node is hashed, every path is the key itself, and the root hash commits to the entire state.

Ethereum's version is technically called a Modified Merkle Patricia Trie. It adds optimizations on top of standard Patricia tries to fit blockchain requirements.

Three things make it work:

1. Path-as-key encoding: Every key (for example, a hashed account address) is broken into nibbles – single hexadecimal characters (4 bits each). The trie has up to 16 children per branch node, one for each possible nibble (0–F).

2. Three node types keep the structure compact:

  • Leaf nodes – store the final key-value pair at the end of a path.
  • Extension nodes – compress long stretches of shared path that have no branches, so the trie doesn't waste storage on linear chains.
  • Branch nodes – have 17 slots: 16 for the next possible nibble (0–F) and one for a value stored at that exact path.

3. Hashing at every level: Each node's content is hashed with Keccak-256, and that hash becomes the reference used by its parent. Change any value at the bottom, and every hash on the path up to the root changes.

The combination gives Ethereum everything it needs in one structure:

  • Fast lookups
  • Efficient updates (only nodes along one path need re-hashing)
  • Clean insertion and deletion
  • Cryptographic verification

Merkle Tree vs Merkle Patricia Trie: what's the difference?

 

Merkle Tree

Merkle Patricia Trie

Primary purposeVerify a static set of dataStore and verify a dynamic key-value map
Lookup by keyNot supported – leaves are positionalSupported – key is the path
Update costHigh when the dataset changesLow – only nodes on one path re-hash
Node typesOne (hash node)Three (leaf, extension, branch)
Used in Ethereum forConceptual building blockState, storage, transactions, receipts
Used in Bitcoin forTransaction commitment in blocksNot used

The MPT is essentially what you get when you treat a Merkle tree as a key-value database instead of a list.

ethereum’s solution the merkle patricia trie
To find an account, Ethereum follows the hashed address one nibble at a time – extension nodes skip shared prefixes, branch nodes fork into 16 paths, and leaf nodes hold the final account record.

4 Types of Tries in Ethereum

Ethereum uses four Merkle Patricia Tries: Three of them have their root hashes stored directly in every block header, and the fourth lives nested inside the State Trie.

Trie

Where the root lives

Update pattern

Stores

State TrieBlock header (stateRoot)Mutable — updates every blockAll accounts (EOAs + contracts)
Storage TrieInside each contract accountMutable — per contractSmart contract variables
Transaction TrieBlock header (transactionsRoot)Immutable once block is minedTransactions in that block
Receipt TrieBlock header (receiptsRoot)Immutable once block is minedTransaction results, logs, gas used

State Trie

The State Trie is Ethereum's global account database. It maps every account address to its account data, and there is exactly one State Trie shared across the entire network.

Key facts:

  • The root of this trie, the stateRoot, is stored in every block header.
  • It represents the complete state of Ethereum at that block.
  • Unlike the other three tries, the State Trie is continuously mutable. Every transaction that changes a balance, deploys a contract, or modifies storage causes the State Trie to update, producing a new stateRoot in the next block.

Storage Trie

The Storage Trie holds the data inside an Ethereum smart contract – its variables, mappings, and any value the contract has written to storage. Each contract account has its own separate Storage Trie.

How it nests:

  • The root of each contract's Storage Trie (storageRoot) is stored as a field inside the account's record in the State Trie.
  • When the State Trie commits to an account, it commits to the hash of that account's storage.
  • Change one variable inside a contract → Storage Trie root changes → account record changes → State Trie root changes.

Transaction Trie

The Transaction Trie organizes all transactions inside a single block into a Merkle Patricia Trie. Every block has its own Transaction Trie.

Key facts:

  • Path: the transaction's index in the block (rlp(transactionIndex)).
  • Value: the RLP-encoded transaction itself.
  • Once the block is mined, the Transaction Trie is never updated — transactions are permanent records.
  • Its root, the transactionsRoot, is stored in the block header.

Receipt Trie

The Receipt Trie stores transaction receipts – the results of executing each transaction in a block. Each receipt contains:

  • Execution status (success or failure)
  • Gas used
  • Logs emitted by smart contracts
  • A bloom filter for log indexing

Receipts are what make event-based applications possible. Wallets, indexers, and protocols like The Graph all rely on filtering through Receipt Trie data to find logs.

How Ethereum’s Merkle Patricia Trie Works

how ethereum merkle patricia trie works
Ethereum’s Merkle Patricia Trie maps every account address to its current state – including balances, nonces, smart contract storage, and code – then compresses the entire network state into a single cryptographic root hash for each block.

Step 1: The global state

The Ethereum global state is the complete snapshot of every account at a specific moment in time. Instead of storing this information in a traditional database, Ethereum organizes it inside a single State Trie shared across the network.

This trie contains:

  • account balances
  • nonces
  • smart contract code
  • contract storage references

Whenever a new block is processed, the trie updates to reflect the latest network state.

Step 2: Account structure

Every Ethereum account, whether it's a regular wallet (Externally Owned Account) or a smart contract, is represented by a record with four fields.

According to the official ethereum.org documentation:

  • nonce – a counter showing how many transactions have been sent from the account (for EOAs) or how many contracts have been created (for contract accounts). It exists to prevent replay attacks.
  • balance – the amount of Wei owned by the account (1 ETH = 10¹⁸ Wei).
  • storageRoot – a 256-bit hash pointing to the root of this account's Storage Trie. For EOAs without code, this is an empty trie hash.
  • codeHash –  the Keccak-256 hash of the EVM code stored at this account. For EOAs, this is the hash of an empty string. For contracts, it points to the immutable bytecode.

These four fields get RLP-encoded and stored as the value at the account's leaf in the State Trie.

Step 3: Trie organization

To find an account inside the State Trie, Ethereum uses the Keccak-256 hash of the address, producing a 32-byte (64-hex-character) value.

How the trie routes that hash:

  • The hashed address becomes the path through the trie, broken into 64 nibbles.
  • Branch nodes route the path one nibble at a time.
  • Extension nodes compress shared path segments to save space.
  • Leaf nodes hold the final RLP-encoded account record.
  • Maximum depth is 64 levels, since hashed addresses are always 32 bytes long.

Step 4: State updates

When a transaction modifies an account – say, Alice sends 1 ETH to Bob – the State Trie needs to update both accounts' records.

The process works like this:

  1. Compute the path for each affected account: keccak256(address).
  2. Traverse the trie down those paths to find the leaf nodes.
  3. Write the new RLP-encoded account values (Alice's balance decreases, her nonce increments; Bob's balance increases).
  4. Re-hash every node along the path up to the root — leaf, then extension, then branch, then root.
  5. The trie now has a new root hash reflecting the updated state.

The key insight: the cost is proportional to the depth of the trie, not to the size of the state.

Step 5: State root generation

After all transactions in a block finish executing, the new State Trie's root hash becomes the stateRoot for that block. It gets written into the block header along with the transactionsRoot and receiptsRoot, and the block is then broadcast to the network.

This single 32-byte value is what other nodes use to verify they computed the same state:

  • If two nodes process the same block and end up with different stateRoot values, one of them is wrong – they've diverged.
  • The only way to generate a given state root is to compute it from each individual piece of the state.

This is what makes Ethereum deterministic and cryptographically verifiable.

Why Merkle Patricia Tries Matter for Ethereum Scaling

Ethereum’s Merkle Patricia Trie architecture directly shapes how the network scales, who can run a node, and how efficiently the state can be verified.
  • Light clients depend on it: Because the state root commits to every account, a lightweight client (like a mobile wallet) can verify an account's balance without downloading the full chain. It only needs the block header and a small Merkle proof from a trusted full node.
  • ZK-rollups commit through state proofs: Layer-2 networks like zkSync Era and Polygon zkEVM use Merkle-based commitments to anchor their compressed state back to Ethereum. The state root lets the rollup prove that thousands of off-chain transactions correctly transformed an initial state into a final state.
  • Stateless clients are on the roadmap: Today, full nodes must store the entire state to validate new blocks. The long-term plan is stateless validation: validators receive a small "witness" with each block that proves the state changes are valid, without storing the state themselves.

According to arXiv research on stateless Ethereum, the current MPT design can support stateless validation in theory, but witness sizes become too large at scale. This is one of the main reasons Ethereum is moving toward a new tree structure entirely.

  • State growth is a real cost: Every new account, contract deployment, and storage update increases Ethereum’s long-term state size. After the May 2025 Pectra upgrade, full nodes can reach up to 8,192 historical blocks of state.

>> Learn more: Blockchain Scalability Explained: Why Networks Get Congested

The Future – Verkle Trees & Beyond

Ethereum is preparing to replace the Merkle Patricia Trie with a more efficient structure. The leading candidate has long been Verkle Trees, but a newer alternative – STARKed binary hash trees – is now competing for the role because of post-quantum concerns.

1. Verkle Trees: smaller proofs, faster verification

Verkle Trees use a cryptographic primitive called vector commitments instead of plain hashes at each branch. The practical result:

  • State proofs shrink from several kilobytes to under 200 bytes.
  • According to arXiv benchmarks, Verkle witness sizes are roughly on the order of one megabyte for full blocks (compared to potentially tens of megabytes for raw Merkle proofs at the same scale).
  • Verkle Trees are slated for Hegota, Ethereum's second major upgrade scheduled for the second half of 2026, following the Glamsterdam fork in the first half of the year.

2. The post-quantum complication

Verkle Trees rely on elliptic curve cryptography, which is vulnerable to future quantum attacks. As a result, the Ethereum community is now debating whether to skip Verkle Trees entirely and move directly to STARKed binary hash trees.

This structure uses zero-knowledge STARK proofs over a binary Merkle trie, which is quantum-resistant because it relies only on hash functions.

The trade-off:

  • Verkle Trees: code is more mature, ships sooner.
  • Binary trees with STARKs: more durable long-term solution, quantum-resistant.

Either way, the end goal is the same: shrink the state-verification cost low enough that any device can verify Ethereum blocks without storing the state.

Sources and Further Reading

Disclaimer:The content published on Cryptothreads does not constitute financial, investment, legal, or tax advice. We are not financial advisors, and any opinions, analysis, or recommendations provided are purely informational. Cryptocurrency markets are highly volatile, and investing in digital assets carries substantial risk. Always conduct your own research and consult with a professional financial advisor before making any investment decisions. Cryptothreads is not liable for any financial losses or damages resulting from actions taken based on our content.
ethereum
smart contracts
eth
tree

FAQs About Ethereum Merkle Tree

The trie entry is removed, but the historical state can still be reconstructed if you have an archive node that kept every state snapshot. Full nodes prune older states after a certain window, so they can no longer reproduce ancient balances directly.

BytebyByte
WRITTEN BYBytebyByteBytebyByte is a blockchain developer and crypto market researcher contributing technical analysis and research at Cryptothreads. His work focuses on the infrastructure, economic design, and market structure of digital asset systems. With a background spanning blockchain development, quantitative analysis, and financial market dynamics, BytebyByte specializes in examining how crypto protocols operate—from consensus mechanisms and token economics to on-chain market behavior. His research often explores the intersection between blockchain technology and the broader financial system, translating complex technical concepts into structured insights accessible to a wider audience. At Cryptothreads, BytebyByte contributes in-depth articles covering blockchain architecture, protocol economics, and emerging narratives shaping the digital asset ecosystem. His work aims to help readers better understand the mechanisms behind crypto markets and the technological foundations that drive the industr
FOLLOWBytebyByte
XFacebook

More articles by

BytebyByte

Hot Topic