Batch Revocation (Merkle Root Update) excels at minimizing on-chain footprint and cost for large-scale systems. By updating a single Merkle root hash on-chain to invalidate thousands of credentials simultaneously, it dramatically reduces gas consumption. For example, a single root update on Ethereum can cost ~$50 in gas, while revoking 10,000 credentials individually could cost over $5,000. This model is foundational for protocols like Semaphore and is optimal for applications with high-frequency, bulk revocation needs, such as expiring event tickets or corporate access badges.
LABS
Comparisons
Batch Revocation (Merkle Root Update) vs Individual Revocation
A technical analysis of two primary credential revocation strategies, comparing on-chain cost, scalability, and operational complexity for identity systems.
Chainscore © 2026
introduction
THE ANALYSIS
Introduction: The Scalability Challenge in On-Chain Identity
A technical breakdown of how revocation mechanisms impact scalability and cost for decentralized identity systems.
Individual Revocation takes a different approach by allowing granular, real-time status checks for each credential, often via a smart contract registry or a verifiable credential status list. This results in a critical trade-off: superior revocation latency and control at the expense of higher on-chain storage and gas fees per transaction. Systems like Ethereum Attestation Service (EAS) or verifiable credential statusList2021 entries enable this, making it suitable for high-value, low-volume credentials where immediate invalidation is paramount, such as KYC attestations or professional licenses.
The key trade-off: If your priority is operational cost-efficiency and scalability for mass-market applications, choose Batch Revocation. If you prioritize immediate, granular control over high-stakes credentials, choose Individual Revocation. The decision fundamentally hinges on your application's revocation frequency, credential value, and tolerance for on-chain latency.
tldr-summary
Batch vs Individual Revocation
TL;DR: Key Differentiators at a Glance
A high-level comparison of two fundamental approaches to credential revocation in decentralized identity systems.
01
Batch Revocation (Merkle Root Update)
Gas Efficiency: A single on-chain transaction revokes thousands of credentials. This matters for protocols like Worldcoin or Gitcoin Passport managing millions of users, where per-user gas costs are prohibitive.
Scalability: Ideal for high-frequency, large-scale credential issuance where the revocation list is expected to grow predictably (e.g., weekly batch updates).
02
Batch Revocation (Merkle Root Update)
Verifier Complexity & Latency: Verifiers must fetch the latest root and check inclusion proofs. This adds off-chain dependency and latency, unsuitable for real-time, high-stakes checks like DeFi KYC.
Revocation Granularity: Cannot revoke a single credential without affecting all others in the batch, forcing a full state update for any change.
03
Individual Revocation (On-Chain Status)
Real-Time Precision: Each credential's status (e.g., isRevoked) is stored and updated individually on-chain (Ethereum Attestation Service, Verax). This matters for high-value NFTs, legal attestations, or soulbound tokens where revocation must be instant and atomic.
Simplified Verification: Verifier checks a single, on-chain state variable, eliminating the need for proof aggregation and external root feeds.
04
Individual Revocation (On-Chain Status)
Prohibitive Cost at Scale: Revoking 10,000 credentials requires 10,000 transactions. This is financially impossible for mass-market applications, making it a non-starter for consumer-grade identity systems.
State Bloat: Each credential permanently consumes on-chain storage (e.g., contract storage slot), increasing long-term costs and blockchain bloat compared to a single, updatable Merkle root.
BATCH REVOCATION (MERKLE ROOT) VS. INDIVIDUAL REVOCATION
Head-to-Head Feature Comparison
Direct comparison of revocation strategies for on-chain credentials and attestations.
| Metric / Feature | Batch Revocation (Merkle Root Update) | Individual Revocation (On-Chain Status) |
|---|---|---|
On-Chain Transaction Cost (per revocation) | < $0.01 (amortized) | $0.50 - $5.00+ |
Revocation Latency | ~12 hours (batch window) | < 1 block (~12 sec on Ethereum) |
Gas Efficiency for Large Sets | 1 tx for 10,000+ revocations | 1 tx per credential |
Real-Time Status Checking | ||
Smart Contract Complexity | High (Merkle proofs) | Low (mapping lookup) |
Protocols Using This Method | Ethereum Attestation Service (EAS), Gitcoin Passport | Verite, Soulbound Tokens (SBTs) |
Ideal Use Case | High-volume, cost-sensitive, periodic updates | Compliance-critical, real-time status |
pros-cons-a
COMPARISON
Batch Revocation (Merkle Root Update): Pros and Cons
Key architectural trade-offs for managing credential or token revocation at scale. Choose based on your protocol's gas sensitivity, user base size, and required revocation speed.
01
Batch Revocation: Key Strength
Radical gas efficiency for mass updates: A single on-chain transaction updates the root for thousands of credentials. This reduces per-user revocation cost to near-zero, critical for protocols like ERC-4337 paymasters or airdrops managing large, volatile permission sets.
02
Batch Revocation: Key Weakness
Inherent latency for individual actions: A user's revocation isn't effective until the next root is published. This creates a time-lag vulnerability window, unsuitable for high-stakes, real-time systems like decentralized exchanges freezing compromised accounts.
03
Individual Revocation: Key Strength
Immediate, granular control: Each credential (e.g., an ERC-20 permit or ERC-721 approval) is revoked in a dedicated transaction. This provides instant finality, essential for DeFi security modules or NFT marketplace operators responding to hacks.
04
Individual Revocation: Key Weakness
Prohibitive cost at scale: Revoking 10,000 credentials requires 10,000 transactions. At 50 gwei gas, this can cost over $10,000+ on Ethereum Mainnet, making it impractical for consumer apps with large, dynamic user lists.
pros-cons-b
BATCH UPDATE VS. SINGLE REVOCATION
Individual Revocation: Pros and Cons
Key architectural trade-offs for managing credential status in decentralized identity systems like Verifiable Credentials (VCs) and Soulbound Tokens (SBTs).
01
Batch Revocation: Pros
Low On-Chain Cost & Gas Efficiency: Updating a single Merkle root (e.g., on Ethereum or Polygon) can revoke thousands of credentials in one transaction. This is critical for high-volume issuers like educational institutions or DAOs managing 10k+ SBTs, where per-revocation fees are prohibitive.
02
Batch Revocation: Cons
Latency & Inflexibility: Revocations are batched and periodic, not real-time. A compromised key may remain valid until the next root update. This is a poor fit for high-security, real-time systems like access control or financial credentials where immediate revocation is non-negotiable.
03
Individual Revocation: Pros
Immediate & Granular Control: Each credential (e.g., an Ethereum Attestation Service attestation or a Solana compressed NFT) can be revoked instantly via a direct on-chain transaction. Essential for dynamic, high-stakes environments like asset tokenization or enterprise access tokens where status must reflect real-time state.
04
Individual Revocation: Cons
High & Unpredictable Cost: Each revocation is a separate on-chain transaction. On networks like Ethereum Mainnet, this can cost $10+ per credential, making it economically unfeasible for mass-scale consumer applications (e.g., event tickets, loyalty points) where revocation events are frequent.
BATCH REVOCATION VS. INDIVIDUAL REVOCATION
Cost Analysis: Gas Efficiency and Scalability
Direct comparison of gas costs and scalability for credential revocation methods on EVM-compatible chains.
| Metric | Batch Revocation (Merkle Root Update) | Individual Revocation (On-Chain Status) |
|---|---|---|
Gas Cost per Revocation (1 user) | ~45,000 gas (amortized) | ~25,000 gas |
Gas Cost per Revocation (1,000 users) | ~45 gas (amortized) | ~25,000,000 gas |
On-Chain Storage Cost | Fixed (1 root) | Linear (1 slot per credential) |
Revocation Latency | ~1 block (batch interval) | Immediate (next block) |
Ideal Use Case | Mass, scheduled updates | Time-critical, one-off revocations |
Protocol Examples | Semaphore, Tornado Cash | ERC-20, ERC-721 transfers |
CHOOSE YOUR PRIORITY
Decision Framework: When to Use Which
Batch Revocation (Merkle Root Update) for High-Volume Apps
Verdict: The clear choice for scalability.
Strengths: A single on-chain transaction (e.g., updating a root in a smart contract like OpenZeppelin's MerkleProof) can revoke thousands of permissions, NFTs, or airdrop claims. This provides immense gas efficiency and predictable, low costs per user. Ideal for mass airdrop expirations, migrating large staking pools, or sunsetting entire NFT collections.
Trade-offs: Introduces a time delay between a user's action and the global update. Users acting between root updates operate on stale state. Requires off-chain infrastructure to generate and sign new Merkle roots.
Individual Revocation for High-Volume Apps
Verdict: Prohibitively expensive and slow. Strengths: None for this use case. The linear gas cost (O(n)) makes it financially unviable. Example: Revoking 10,000 NFT mint allowances individually on Ethereum could cost over 1 ETH in gas, whereas a batch update costs a fixed ~50k gas.
verdict
THE ANALYSIS
Final Verdict and Strategic Recommendation
A data-driven breakdown of the operational and economic trade-offs between batch and individual credential revocation strategies.
Batch Revocation (Merkle Root Update) excels at scalability and cost-efficiency for large, stable user bases. By updating a single on-chain Merkle root, it can invalidate thousands of credentials in a single, low-cost transaction. For example, on Ethereum, this can cost ~$5 in gas versus thousands of dollars for individual revocations. This model is ideal for protocols like Semaphore or Unirep, where privacy and periodic, large-scale list updates are the norm.
Individual Revocation takes a different approach by enabling real-time, granular control. This strategy, often implemented via revocation registries or on-chain status flags, allows for the immediate invalidation of a single credential without affecting others. This results in a critical trade-off: superior responsiveness and auditability at the cost of significantly higher operational overhead and gas fees, especially during mass compromise events.
The key architectural trade-off is between operational cost and control latency. Batch updates optimize for the former, while individual revocations prioritize the latter. Your system's risk profile dictates the choice: a high-value DeFi protocol with strict compliance needs cannot tolerate the latency of a weekly batch update.
Consider Batch Revocation if your priority is building a scalable, cost-effective system for a large, permissionless community where near-instant revocation is not critical. This is the standard for decentralized identity aggregators and privacy-preserving airdrops.
Choose Individual Revocation when you require real-time security enforcement, such as for high-value access credentials, enterprise SSO integrations, or regulated DeFi KYC/AML checks. The higher per-revocation cost is justified by the immediate mitigation of risk.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall