Skip to main content

3.4. Merkle Tree

3.4. Merkle Tree

The hashing algorithm for the Merkle Tree Hash is SHA-256.

Structure of the Merkle Tree input:

    enum { timestamped_entry(0), (255) }
      MerkleLeafType;

    struct {
        uint64 timestamp;
        LogEntryType entry_type;
        select(entry_type) {
            case x509_entry: ASN.1Cert;
            case precert_entry: PreCert;
        } signed_entry;
        CtExtensions extensions;
    } TimestampedEntry;

    struct {
        Version version;
        MerkleLeafType leaf_type;
        select (leaf_type) {
            case timestamped_entry: TimestampedEntry;
        }
    } MerkleTreeLeaf;

Here, "version" is the version of the protocol to which the MerkleTreeLeaf corresponds. This version is v1.

"leaf_type" is the type of the leaf input. Currently, only "timestamped_entry" (corresponding to an SCT) is defined. Future revisions of this protocol version may add new MerkleLeafType types. Section 4 explains how clients should handle unknown leaf types.

"timestamp" is the timestamp of the corresponding SCT issued for this certificate.

"signed_entry" is the "signed_entry" of the corresponding SCT.

"extensions" are "extensions" of the corresponding SCT.

The leaves of the Merkle Tree are the leaf hashes of the corresponding "MerkleTreeLeaf" structures.

Last updated on