A Verkle tree is a vector commitment-based cryptographic accumulator that enables efficient and compact proofs for verifying the inclusion of data in a large dataset. It is a proposed evolution of the Merkle tree, designed to drastically reduce the size of witnesses (proofs) required for state verification. This is achieved by using polynomial commitments, like KZG commitments, instead of simple hash functions at each node, allowing a single proof to attest to multiple sibling nodes along a path. The primary goal is to enable stateless clients, which can validate blocks without storing the entire blockchain state, by receiving small, constant-sized proofs.
LABS
Glossary
Verkle Tree
A Verkle tree is a vector commitment tree structure that merges the properties of Merkle trees and Kate commitments to enable efficient, small proofs for stateless blockchain clients.
Chainscore © 2026
definition
DATA STRUCTURE
What is a Verkle Tree?
A Verkle tree is an advanced cryptographic data structure designed to optimize proof sizes for stateless clients in blockchain systems.
The key innovation lies in its structure and proof aggregation. In a traditional Merkle tree, a proof size grows logarithmically with the number of leaves (O(log n)). A Verkle tree, by contrast, can produce proofs of near-constant size (O(1)), regardless of the tree's width or depth. This is possible because a single polynomial commitment at a parent node can be used to generate a proof for all its children simultaneously, a process known as multi-proof. This makes Verkle trees exceptionally efficient for blockchains like Ethereum, where the state is massive and proof size is a critical bottleneck for scalability and client diversity.
Verkle trees are a core component of Ethereum's Verkle Trie roadmap, intended to replace the current Hexary Patricia Merkle Trie for state storage. Their adoption is pivotal for the transition to full statelessness, where validators no longer need to hold the multi-terabyte state. This reduces hardware requirements, improves network decentralization, and enables lighter syncing for new nodes. Other projects, including Polkadot and various zero-knowledge rollups, are also exploring Verkle trees for similar efficiency gains in proof systems and light client protocols.
etymology
ORIGIN
Etymology
The term 'Verkle Tree' is a portmanteau that fuses concepts from two distinct cryptographic data structures, reflecting its hybrid design and primary purpose within blockchain scaling.
The name Verkle Tree is a linguistic blend of Verkle and Merkle Tree. The 'Ver' prefix is derived from Vector Commitment, the core cryptographic primitive that replaces the simple hash functions used in a standard Merkle tree. This naming convention directly signals the tree's fundamental innovation: it is a Merkle-like structure where proofs are secured by vector commitments instead of cryptographic hashes.
The term was coined by Ethereum researcher John Kuszmaul in his 2018 paper, 'Verkle Trees'. The choice of name serves a clear technical communication purpose, immediately informing developers and researchers that the structure is a tree-based commitment scheme optimized for verification (hence 'Ver-') while maintaining the hierarchical, proof-of-inclusion properties of a Merkle tree. It distinguishes itself from other commitment-based trees, like Kate Commitment (KZG) trees, by specifying its vector-based approach.
Etymologically, it follows a pattern similar to other cryptographic structures, such as the Merkle Patricia Tree (a fusion of a Merkle Tree and a Patricia trie). The adoption of 'Verkle Tree' within the Ethereum ecosystem, particularly for the Verkle Trie planned for the Verkle Upgrade, has cemented its terminology. It is now the standard term for this specific class of proof-compressing data structures essential for stateless client protocols.
key-features
VERKLE TREE
Key Features
Verkle Trees are a cryptographic data structure designed to replace Merkle Trees in blockchain state management, enabling efficient and compact proofs for stateless clients.
01
Vector Commitment Core
A Verkle Tree is built using vector commitments (like KZG or IPA), not simple hash functions. This allows a single, small proof to verify that multiple sibling leaf nodes are correct, without revealing all the data in the path. This is the fundamental innovation that enables stateless verification.
02
Witness Size Reduction
The primary benefit is a drastic reduction in proof size. In a Merkle Tree, proving a single value requires hashes for all sibling nodes at each level (O(log n) size). A Verkle Tree proof is constant-sized (O(1)), shrinking witness data from ~1 KB to ~150 bytes, a critical improvement for block propagation and light clients.
03
Enabling Stateless Clients
With tiny proofs, stateless clients become practical. These clients don't store the entire state; they receive a proof alongside a block to verify transactions. This reduces node hardware requirements, improves decentralization, and simplifies synchronization, as nodes only need the current block header and a small witness.
04
Ethereum's Path (EIP-6800)
Ethereum plans to adopt Verkle Trees via EIP-6800 to transition its state tree. This upgrade is a prerequisite for Verkle-based statelessness, which will eventually allow validators to operate without storing the multi-terabyte state, streamlining the network's consensus layer.
05
Comparison to Merkle Patricia Trie
- Merkle Patricia Trie (MPT): Ethereum's current structure. Proofs are large, making stateless clients inefficient.
- Verkle Tree: Uses polynomial commitments. Proofs are small and constant-sized.
- Key Difference: Verkle Trees trade slightly more complex computation for massively reduced data transfer, optimizing for bandwidth.
06
Cryptographic Primitives
Common constructions use:
- KZG Commitments: Requires a trusted setup but provide efficient proofs.
- Inner Product Arguments (IPA): No trusted setup, used in protocols like Halo2. These commitments allow proving that a value at a specific key is part of a committed vector without revealing the entire dataset.
how-it-works
VERKLE TREE
How It Works
Verkle trees are a cryptographic data structure designed to enable stateless clients in blockchain networks, drastically reducing the data required for transaction verification.
A Verkle tree is a vector commitment-based cryptographic accumulator that organizes data—typically account states and storage slots—into a tree structure for efficient proof generation and verification. Unlike a traditional Merkle tree, which uses simple cryptographic hashes, a Verkle tree employs polynomial commitments (like KZG commitments) or other advanced schemes. This fundamental shift allows a witness (or proof) to verify any piece of data within the tree without needing all the sibling nodes along the path to the root, a property known as statelessness. The root hash of the tree serves as a succinct, verifiable commitment to the entire dataset.
The core innovation lies in its proof size efficiency. In a Merkle tree, proving membership for a single leaf requires providing all the sibling hashes along the path (an authentication path), leading to proof sizes that grow logarithmically with the tree size. A Verkle tree's use of polynomial commitments collapses this path. A verifier only needs the proof for the specific leaf and a constant-sized commitment from each node along the path, resulting in proof sizes that are orders of magnitude smaller—typically just a few hundred bytes regardless of tree size. This is achieved through properties like batch evaluation, where multiple points can be proven with a single, small proof.
For blockchain execution clients, this efficiency is transformative. A stateless client can validate blocks without storing the entire world state by simply checking compact Verkle proofs against a known root hash. This drastically lowers the hardware requirements for node operators and paves the way for more decentralized networks. Furthermore, Verkle trees enable more efficient state expiry schemes and simplify the protocol for light clients. The Ethereum protocol has adopted Verkle trees as a cornerstone of its statelessness roadmap, with the upgrade (part of the Verkle Trie transition) representing one of the most significant changes to its core data structures since its inception.
visual-explainer
VISUAL EXPLAINER
Verkle Tree
A technical deep dive into the cryptographic data structure designed to optimize Ethereum's state storage and proof generation.
A Verkle Tree is a cryptographic commitment scheme that combines a Vector Commitment (like a KZG polynomial commitment) with a Merkle Tree structure to create compact, constant-sized proofs for large datasets. Unlike a traditional Merkle tree, where proof size grows logarithmically with the number of elements, a Verkle tree proof remains a fixed size regardless of the tree's width or depth. This is achieved by having each parent node cryptographically commit to all its children at once, rather than just their hashes.
The core innovation lies in its use of polynomial commitments. A node with 256 child nodes doesn't store 256 hashes; instead, it stores a single, small cryptographic proof (a KZG commitment) that represents a polynomial evaluated at those 256 points. To prove a specific leaf's value, a witness only needs this single commitment from the parent and a small proof that the leaf's value is consistent with it, eliminating the need for all the "sibling hashes" required in a Merkle proof.
For Ethereum, the primary application is replacing the current Hexary Patricia Merkle Tree used for state storage. A Verkle tree drastically reduces the size of witnesses (proofs a client needs to verify state), from roughly 300 KB to under 150 bytes. This is the key enabler for stateless clients and Verkle-proof execution, where validators can verify transactions without storing the entire multi-terabyte state, significantly lowering hardware requirements and improving network decentralization.
The structure also enables efficient state expiry schemes. Because proofs are small and cheap to verify, old state can be pruned from active storage with the confidence that it can be cryptographically reinstated if needed. Furthermore, its design allows for single-proof multi-access, where one compact proof can verify updates to multiple, non-adjacent storage slots within the tree, optimizing complex transaction execution.
DATA STRUCTURE COMPARISON
Verkle Tree vs. Merkle Tree Comparison
A technical comparison of the cryptographic accumulator structures used for state and transaction verification in blockchain systems.
| Feature / Metric | Merkle Tree | Verkle Tree |
|---|---|---|
Cryptographic Primitive | Cryptographic hash (e.g., SHA-256) | Vector commitments (e.g., KZG polynomial commitments) |
Proof Size (for N items) | O(log N) hashes | O(1) constant size (plus a few group elements) |
Proof Verification Complexity | O(log N) hash operations | O(1) pairing operations |
Key Innovation | Hierarchical hashing for data integrity | Single proof for multiple sibling nodes at any depth |
Primary Use Case in Blockchain | Transaction inclusion proofs, block headers | Ethereum's post-EIP-6800 stateless verification |
Witness Size for State Proofs | Large (hundreds of KB) | Small (< 1 KB target) |
Node Structure | Binary or multi-ary branch nodes | Multi-ary branch nodes with polynomial evaluations |
ecosystem-usage
VERKLE TREE
Ecosystem Usage
Verkle Trees are a critical cryptographic data structure designed to enable stateless clients and significantly reduce proof sizes in blockchains, primarily for Ethereum's post-Merkle upgrade path.
01
Stateless Client Enabler
A Verkle Tree allows stateless clients to validate blocks without storing the entire state. Clients only need a small witness (proof) for the specific data they are checking, drastically reducing hardware requirements. This is achieved through vector commitments and polynomial commitments that create compact proofs linking any leaf to the root.
- Key Benefit: Enables lightweight nodes to participate in consensus securely.
- Mechanism: Uses a KZG commitment (Kate-Zaverucha-Goldberg) for efficient proof generation and verification.
02
Witness Size Reduction
The primary technical advantage over a Merkle Patricia Trie is the exponential reduction in witness size. In a Merkle tree, proving membership for a single value requires hashes for every node along the path (O(log n)). A Verkle Tree proof is constant-sized (O(1)) relative to the tree depth.
- Example: A proof in a Merkle tree might be ~1 KB; a Verkle proof can be under 150 bytes.
- Impact: Enables much more efficient block propagation and validation in networks.
04
Polynomial Commitments (KZG)
The cryptographic engine of a Verkle Tree is a polynomial commitment scheme, specifically KZG commitments. A prover commits to a polynomial, and can later generate a short proof that the polynomial evaluates to a specific value at a given point.
- Core Function: Allows a single, small proof to attest to multiple sibling values simultaneously.
- Requirement: Relies on a trusted setup ceremony to generate public parameters, as used for Ethereum's EIP-4844.
05
Comparison to Merkle Trees
While both are cryptographic accumulators, Verkle Trees differ fundamentally from Merkle Trees.
- Proof Structure: Merkle proofs are path-based; Verkle proofs are evaluation-based.
- Branching Factor: Merkle trees often use binary or 16-ary branches. Verkle trees can have a very high branching factor (e.g., 256) without increasing proof size.
- Efficiency: Verkle Trees optimize for proof size, while Merkle Trees optimize for simplicity and update speed.
06
Applications Beyond Ethereum
While pivotal for Ethereum, Verkle Trees are a general-purpose construct for any system requiring compact membership proofs.
- ZK-Rollups: Can use Verkle Trees for more efficient state proofs.
- Decentralized Storage: Useful for proving data availability and integrity in networks like Filecoin.
- Light Client Protocols: Any blockchain aiming for efficient light client verification can adopt this structure.
security-considerations
VERKLE TREE
Security Considerations
While Verkle trees significantly improve scalability, their cryptographic design introduces distinct security properties and considerations for blockchain state management.
01
Vector Commitment Security
The security of a Verkle tree relies on the underlying vector commitment scheme, typically using KZG polynomial commitments or IPA (Inner Product Argument). The soundness of the system depends on the cryptographic hardness of the discrete logarithm problem in the chosen elliptic curve group. A break in this underlying cryptography would compromise the integrity of all state proofs.
02
Trusted Setup Requirement (KZG)
The common KZG commitment scheme requires a trusted setup ceremony to generate public parameters. This creates a cryptographic toxic waste problem: if the secret used in the setup is not properly destroyed, an attacker could forge arbitrary proofs. While multi-party ceremonies mitigate this risk, it remains a foundational trust assumption distinct from Merkle-Patricia trees.
03
Proof Forgery & Adversarial Nodes
A malicious node could attempt to provide a fraudulent proof to a light client. Verkle trees use stateless verification, where clients only hold the root. Security relies on the client's ability to correctly verify the cryptographic proof against the known root. Witness data must be transmitted reliably, as missing data can look like fraud.
04
Witness Size vs. Security Assumptions
Verkle proofs are constant-sized (~150 bytes), unlike Merkle proofs which grow logarithmically. This efficiency shifts security considerations: data availability for the witness becomes less of a bandwidth bottleneck, but the entire security weight rests on the constant-sized proof's cryptographic soundness, with no fallback to larger, more verifiable data.
05
Upgrade & Fork Coordination Risk
Migrating a live blockchain (e.g., Ethereum) from a Merkle-Patricia Trie to a Verkle tree is a complex consensus upgrade. It requires flawless coordination across all clients. A bug in the new Verkle logic or state transition could lead to a chain split. The new tree structure must perfectly preserve the integrity of all existing account states.
06
Long-Term Cryptographic Agility
Cryptographic standards evolve. A Verkle tree implementation must be quantum-resistant or allow for future migration to post-quantum secure commitment schemes. The design should not lock the protocol into a single algebraic structure, ensuring cryptographic agility can be maintained over decades to respond to new attacks.
VERKLE TREES
Technical Details
Verkle trees are a cryptographic data structure designed to enable stateless clients in Ethereum, drastically reducing the data required for block validation. They represent a fundamental evolution from the current Merkle Patricia Trie.
A Verkle tree is a vector commitment tree that uses polynomial commitments (like KZG commitments) to create extremely compact proofs, enabling stateless clients. It works by organizing state data into a tree where each node commits to its children using a cryptographic proof. Unlike a Merkle tree, where proof size grows logarithmically with the tree size, a Verkle tree proof size remains constant, requiring only a single proof per witness regardless of the tree's depth or width. This is achieved by having each parent node contain a commitment to all its children's values, allowing a prover to demonstrate knowledge of a specific leaf's value and its path through the tree with a single, small proof that can be verified efficiently.
VERKLE TREES
Common Misconceptions
Verkle trees are a proposed cryptographic data structure for Ethereum's state, often misunderstood in comparison to Merkle trees. This section clarifies key technical distinctions and implementation goals.
No, a Verkle tree is a fundamentally different cryptographic data structure that uses vector commitments instead of simple hash concatenation. While both organize data for efficient verification, a Merkle tree (like Ethereum's current Merkle Patricia Trie) requires proof sizes logarithmic to the number of leaves, meaning a proof for one piece of data includes all sibling hashes up to the root. A Verkle tree, using KZG commitments or similar polynomial schemes, generates constant-sized proofs regardless of tree size. This structural shift is what enables the dramatic reduction in proof size—from ~1 kB in a Merkle tree to ~150 bytes in a Verkle tree—which is critical for stateless clients and witness size reduction.
VERKLE TREES
Frequently Asked Questions
Verkle trees are a fundamental cryptographic data structure designed to scale Ethereum's state proofs. This FAQ addresses common technical questions about their purpose, mechanics, and impact.
A Verkle tree is a cryptographic data structure, similar to a Merkle tree, that allows for efficient and compact proofs of membership for large datasets, such as a blockchain's state. It uses vector commitments and polynomial commitments (like KZG commitments) to create proofs whose size remains constant, regardless of the amount of data being proven. This is a key upgrade from Merkle Patricia Tries, where proof size grows logarithmically with the dataset. Verkle trees are a core component of Ethereum's Verkle Trie roadmap, designed to enable stateless clients and significantly reduce the data required for block validation.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall