Binary Merkle Trees vs Merkle-Patricia Trees: How Blockchain Keeps Track of Transactions and State

Written By Ryan Fulton Tagged As Merkle tree Merkle-Patricia tree Bitcoin blockchain Ethereum state blockchain data structures

Merkle Tree Calculator

Transaction Calculator

Number of Transactions (2-20)

Merkle Tree Visualization

SPV Verification

Select Transaction to Verify

SPV Proof for Transaction #1:

The proof path requires 5 hashes to verify the transaction against the Merkle root.

Verification time: 1.2ms

Imagine you’re trying to prove that one specific transaction happened in a pile of 10,000 others-without showing all of them. That’s the problem Binary Merkle Trees solved for Bitcoin. Now imagine doing that same thing, but also keeping track of who owns what, what smart contracts are running, and how balances change every second-that’s what Merkle-Patricia Trees do for Ethereum. These aren’t just technical details. They’re the reason one blockchain can handle simple payments, and the other runs entire decentralized apps.

How Binary Merkle Trees Work in Bitcoin

Binary Merkle Trees are built for one thing: proving a transaction exists in a block. They don’t care about what else is stored. Every transaction gets hashed with SHA-256. Those hashes are paired up, hashed again, and this keeps happening until you end up with one single hash-the Merkle root. That root gets stored in the Bitcoin block header. If even one transaction changes, the whole root changes. That’s how nodes know if something’s been tampered with.

Here’s the catch: Bitcoin’s system needs an even number of transactions. If you have 7, the last one gets duplicated. It’s not elegant, but it works. The tree is static. Once a block is mined, nothing inside it changes. That’s perfect for Bitcoin’s design-transactions are final, irreversible, and meant to be archived.

This structure makes SPV (Simplified Payment Verification) possible. Your phone wallet doesn’t need to download the whole blockchain. It just asks a full node: “Is this transaction in block #800,000?” The node sends back a small proof-a few hashes along the path from your transaction up to the Merkle root. Your wallet checks those hashes. If they add up correctly, the transaction is verified. No need for massive storage. No need for full validation. Just a few kilobytes of data.

Merkle-Patricia Trees: Ethereum’s State Machine

Ethereum doesn’t just track transactions. It tracks state. Who has how much ETH? What’s the code of this smart contract? What’s stored in its memory? All of this changes with every block. Binary Merkle Trees can’t handle that. Enter the Merkle-Patricia Tree (MPT).

MPTs combine two ideas: a Patricia trie (a type of radix trie) and Merkle hashing. Instead of pairing data like a binary tree, MPTs use keys to navigate. Each account address-like 0x742d…a1b9-is a key. The value is the account’s data: balance, nonce, contract code, storage root. The trie structure lets you find any account by its key without scanning everything. It’s like looking up a name in a phone book, not flipping through every page.

Every change to the state-sending ETH, deploying a contract, calling a function-creates a new version of the tree. The old version stays, and a new Merkle root is calculated. That root becomes the “state root” in the block header. Now, any node can verify the state of the entire network just by checking that root. No need to replay every transaction. Just compare the root you calculated with the one in the block.

This is why Ethereum can run DeFi, NFTs, and DAOs. You can prove you own a specific NFT without downloading the whole chain. You can prove a contract has $2 million in it. You can prove a user’s balance changed from 10 ETH to 8 ETH-all with compact cryptographic proofs. Binary Merkle Trees can’t do any of this. They only prove a transaction happened. MPTs prove what the system looks like right now.

Key Differences: Structure, Speed, and Purpose

Comparison of Binary Merkle Trees and Merkle-Patricia Trees
Feature	Binary Merkle Tree	Merkle-Patricia Tree
Primary Use	Verify transactions in a block	Track and verify global state (accounts, balances, contracts)
Data Structure	Binary tree (two children per node)	Radix trie (key-based navigation)
Hash Function	SHA-256	Keccak-256 (Ethereum’s hash)
Dynamic Updates	No-immutable after block creation	Yes-accounts can be added, modified, deleted
Proof Type	Inclusion proof (transaction exists)	Inclusion and exclusion proofs (account exists OR doesn’t exist)
Storage Overhead	Low-only stores transaction hashes	High-stores full account state and trie paths
Verification Speed	Faster for simple checks	Slower due to trie traversal, but more powerful

Binary Merkle Trees are like a receipt for a purchase. You can prove you bought something. Merkle-Patricia Trees are like your bank statement that shows your balance, your recent transfers, and even your loan status-all in one cryptographically signed document. One tells you what happened. The other tells you what’s true right now.

Ethereum's Merkle-Patricia Tree as a glowing city with account doors and fading ghost accounts representing exclusions.

Why Ethereum Couldn’t Use Bitcoin’s System

If Ethereum tried to use Binary Merkle Trees, it would be stuck. Imagine trying to check your ETH balance every time you send a transaction. You’d need to recompute the entire tree from scratch. And what if two people try to send ETH at the same time? The tree would break. There’s no way to efficiently update a binary tree without rebuilding it entirely.

MPTs solve this by using a trie structure that only changes the branches affected by a state update. If Alice sends 1 ETH to Bob, only the path from the root to Alice’s account and Bob’s account gets updated. Everything else stays the same. The rest of the tree remains intact. That’s called state diffing. It’s what makes Ethereum’s state transitions efficient enough to run on consumer hardware.

Plus, MPTs support exclusion proofs. In Bitcoin, you can prove a transaction is in a block. But you can’t prove it’s not there. In Ethereum, you can prove that an account doesn’t exist-or that a contract doesn’t have a certain storage value. That’s critical for smart contracts that check if a user is authorized or if funds are locked.

Implementation Difficulty: From Days to Months

Building a Binary Merkle Tree? A developer with basic crypto knowledge can code it in a weekend. Bitcoin’s open-source code gives clear examples. You hash transactions, pair them, keep going up. You handle odd counts by duplicating. Done.

MPTs? That’s a different level. You need to understand how radix tries work-how keys are split into nibbles (4-bit chunks), how nodes are compressed (short vs. extension nodes), how to handle empty accounts, how to serialize trie nodes for storage, and how to generate inclusion/exclusion proofs correctly. One mistake in the trie traversal, and your state root won’t match. Nodes will reject your block. Your chain will fork.

Ethereum’s MPT implementation took years to stabilize. Even today, tools like go-ethereum and Eth2 specs are still refining how MPTs handle pruning, caching, and syncing. The complexity isn’t just in code-it’s in the math, the data layout, and the consensus rules that depend on it.

Binary Merkle Tree and Merkle-Patricia Tree as opposing forces in a cosmic data battle, symbolizing Bitcoin vs Ethereum.

Real-World Impact: Bitcoin vs. Ethereum

Bitcoin’s Merkle Trees keep its network secure and lightweight. Over 10 million wallets use SPV to verify payments without syncing the full chain. The system handles over 300,000 transactions per day with near-zero failure rates. It’s reliable, simple, and battle-tested.

Ethereum’s MPTs enable over 1.5 million daily active accounts and tens of thousands of smart contracts. DeFi protocols like Uniswap and Aave rely on MPTs to prove balances and approvals in real time. NFT marketplaces use them to verify ownership without central servers. Without MPTs, Ethereum wouldn’t be a platform-it would just be a slower Bitcoin.

The difference isn’t just technical. It’s philosophical. Bitcoin chose to be a digital cash system. Ethereum chose to be a world computer. Their data structures reflect that.

What’s Next? The Evolution Continues

Binary Merkle Trees aren’t going anywhere. They’re too perfect for their job. But improvements are happening. New SPV techniques are making mobile wallets faster. Proof compression is reducing bandwidth needs.

MPTs are under heavy pressure. Ethereum’s state is growing fast. Every new user adds data. Storage costs rise. That’s why Ethereum is moving toward stateless clients and Verkle trees-a newer structure that uses polynomial commitments to make proofs smaller and faster. Verkle trees could replace MPTs in the next few years, but they’re built on the same idea: combine efficient lookup with cryptographic proof.

So while MPTs are still the backbone today, the future is about making state verification cheaper, not more complex. The goal isn’t to replace the concept-it’s to make it scalable.

Which One Should You Care About?

If you’re using Bitcoin or any simple cryptocurrency: you’re benefiting from Binary Merkle Trees. You don’t need to understand them-but you’re relying on them every time you send a transaction.

If you’re using DeFi, NFTs, or any Ethereum-based app: you’re relying on Merkle-Patricia Trees. They’re the invisible engine making your balance updates, contract calls, and token transfers secure and verifiable.

Neither is “better.” They’re optimized for different goals. One is for recording history. The other is for running a live, changing system. Choose the right tool for the job-and that’s exactly what Bitcoin and Ethereum did.

Can Merkle-Patricia Trees be used in Bitcoin?

Technically, yes-but it would be overkill. Bitcoin doesn’t need to track account balances or smart contracts. Its only goal is to verify transactions. Binary Merkle Trees are simpler, faster, and use less storage. Adding MPTs would make Bitcoin slower and more complex without adding any real benefit.

Why does Ethereum use Keccak-256 instead of SHA-256?

Ethereum chose Keccak-256 (a SHA-3 finalist) because it’s faster in software implementations and has different security properties than SHA-256. It’s also more resistant to certain types of attacks that could be exploited in complex state systems. While Bitcoin sticks with SHA-256 for consistency and mining compatibility, Ethereum prioritized performance for state-heavy operations.

Do Merkle-Patricia Trees make Ethereum slower than Bitcoin?

For transaction verification alone, yes-MPTs are slower than Binary Merkle Trees. But Ethereum isn’t just verifying transactions. It’s executing code, updating balances, and managing contracts. The extra overhead is worth it because MPTs enable functionality Bitcoin can’t provide. Speed isn’t the only metric-capability matters more.

What’s the difference between a Patricia trie and a regular trie?

A regular trie stores every character of a key as a separate node, which wastes space. A Patricia trie (or radix trie) compresses paths. If multiple keys share the same prefix-like 0x742d…a1b9 and 0x742d…b2c3-they share nodes until the point they differ. This reduces storage and speeds up lookups dramatically, which is critical for handling millions of Ethereum accounts.

Can I verify my NFT ownership without downloading the whole Ethereum chain?

Yes. Wallets and marketplaces use Merkle-Patricia Tree proofs to verify your NFT ownership. They request a proof from a node showing that your address is linked to the NFT’s token ID in the current state. The proof is small-just a few hashes-and can be verified instantly without syncing the full blockchain.

There are 20 Comments

Lawrence rajini

This is fire 🔥 I never thought about how Bitcoin is like a receipt and Ethereum is your bank statement. That analogy just clicked for me. MPTs are wild when you think about it-every time someone mints an NFT, the whole world updates in real time. Mind blown.
Frech Patz

The structural distinction between binary Merkle trees and Merkle-Patricia trees is fundamental to understanding blockchain scalability. The former optimizes for immutability and proof efficiency; the latter enables dynamic state transitions through key-based trie navigation. This is not merely an implementation detail-it is a design philosophy.
Will Barnwell

Ugh another ‘Ethereum is better’ post. Bitcoin’s system works fine. Why do we need all this extra complexity just to run dumb contracts? Overengineered nonsense.
Matt Zara

Honestly this is one of the clearest explanations I’ve read. I used to think Merkle trees were just for transactions, but now I get why Ethereum needed something more. The state diffing part? Genius. We’re literally running a global computer on top of cryptography. Wild.
Jean Manel

You people act like MPTs are some breakthrough. It’s just a glorified hash map with extra steps. The real problem is Ethereum’s state bloat. This isn’t innovation-it’s technical debt with a whitepaper.
William P. Barrett

There’s something poetic about it. Bitcoin preserves history like a temple. Ethereum changes reality like a living organism. One remembers. The other becomes. The trees aren’t just data structures-they’re metaphors for what we value: permanence or evolution.
Cory Munoz

I’ve been trying to wrap my head around this for months. This post finally made it click. Thank you for breaking it down without jargon overload. The phone book analogy? Perfect. I’ll be sharing this with my cousin who’s new to crypto.
Jasmine Neo

Keccak-256? Really? You’re telling me we ditched SHA-256 for something that’s not even standardized everywhere? This is why Ethereum is a joke. It’s a playground for devs who don’t care about security, just hype.
Ron Murphy

Interesting breakdown. The compression in Patricia tries is clever-nibble-based branching reduces storage significantly. But the trade-off is computational overhead during state updates. Still, for a world computer, it’s a fair cost.
Prateek Kumar Mondal

Bitcoin simple Ethereum complex but complex not always better. Many people forget that simple systems last longer
Nick Cooney

So… you’re saying Ethereum’s entire existence hinges on a data structure that even some devs can’t implement right? 😏 Typo in the ‘storage root’ section btw. But yeah, the point stands. MPTs are a masterpiece of overcomplication.
Saurav Deshpande

They don’t want you to know this but MPTs are just a front for centralized control. The state root? It’s not decentralized-it’s a single point of failure disguised as math. The Verkle tree push? That’s the elite preparing to replace it with something even more centralized. Wake up.
Paul Lyman

Y’all are overthinking this. MPTs are hard? Good. That’s why most people can’t fake it. If you can’t build a state trie, you shouldn’t be deploying smart contracts. This isn’t a bug-it’s a filter. The real winners are the ones who get it.
Derajanique Mckinney

I just wanna know if my ape NFT is safe 😭 also why does everything have to be so complicated? Can’t we just have a blockchain that works?
Rosanna Gulisano

Ethereum is a scam. It’s just Bitcoin with extra steps and higher fees. You’re paying for complexity that doesn’t add value.
Sheetal Tolambe

I love how this explains why Ethereum can do things Bitcoin can’t. I’m still learning but this made me excited to dig deeper. Thanks for writing this so clearly!
gurmukh bhambra

Wait so if MPTs are so great why do they keep having hacks? Maybe the whole system is just a house of cards built on math no one really understands? I’m just saying…
Sunny Kashyap

India blockchain is better. No need for all this. We use simple ledger. Faster. Cheaper. You guys just like to make things hard.
james mason

Honestly, if you’re not using Verkle trees yet, you’re already behind. MPTs are so 2020. I’ve been running stateless clients since last year. You’re all still playing with training wheels.
Anna Mitchell

This made me feel like I actually understand something about blockchain for the first time. Thank you. I’m not a dev but I’m so glad I read this.