Safeguard
Cryptography

Merkle tree in transparency logs

A Merkle tree is a hash-based data structure that lets transparency logs prove data integrity efficiently, using Merkle proofs and certificate transparency.

Daniel Chen
Security Engineer
7 min read

A Merkle tree is a binary tree of cryptographic hashes in which every leaf node holds the hash of a piece of data, and every non-leaf node holds the hash of its two children combined. The result is a single "root hash" at the top that mathematically summarizes every piece of data in the tree. Change even one byte in one leaf, and the root hash changes too — instantly detectable. This property is what makes Merkle trees the backbone of transparency logs, the append-only, publicly auditable ledgers used in systems like Certificate Transparency and software supply chain attestation registries. Instead of trusting a central authority's word that data hasn't been tampered with, anyone can verify inclusion or consistency using nothing more than a handful of hashes and basic arithmetic. In software supply chain security, that shift — from "trust us" to "verify yourself" — is the entire point.

What is a Merkle tree?

A Merkle tree, also called a hash tree, is a data structure invented by Ralph Merkle in 1979 to make it computationally cheap to prove that a specific piece of data belongs to a larger, tamper-evident set. Structurally, it's a binary tree built bottom-up: you hash each individual record (a file, a certificate, a software artifact) to create the leaves, then repeatedly hash pairs of nodes together until only one hash remains — the Merkle root. If a dataset has an odd number of leaves, implementations typically duplicate the last leaf or carry it up unpaired, depending on the specification.

The power of this hash tree data structure is that the root hash acts as a compact, fixed-size fingerprint of an arbitrarily large dataset. Git uses a variant of this idea to fingerprint entire repository histories with a single commit hash. Blockchains use it to summarize thousands of transactions in one block header. Transparency logs use it to prove, cryptographically, that a record was added to the log and that the log hasn't been secretly rewritten. In every case, the underlying guarantee is the same: because hashing is one-way and collision-resistant, you cannot alter any leaf data without changing the root, and you cannot forge a fake root without also forging every hash along the path to it.

How does a Merkle tree transparency log work?

A Merkle tree transparency log works by appending new entries as leaves and publishing a new signed root hash every time the tree grows. Rather than storing entries in a way that lets an operator quietly edit or delete history, the log server maintains the tree as an append-only structure and periodically publishes "signed tree heads" — timestamped, signed snapshots of the current root hash. Anyone monitoring the log can fetch two signed tree heads and request a "consistency proof," a small set of intermediate hashes that mathematically demonstrates the newer tree is a strict extension of the older one, with nothing altered or removed.

This is the design behind Certificate Transparency, RFC 6962, and later formalized further in projects like Trillian and Sigstore's Rekor. In practice, a log operator can run millions of entries — TLS certificates, container image signatures, SBOM attestations — through the tree, and auditors don't need to download the whole dataset to catch dishonesty. They just need the signed roots and the proofs. If a log operator ever tries to present two different, inconsistent histories to different parties (a "split-view" attack), the mismatched root hashes expose it immediately, because the two roots simply won't reconcile under a valid consistency proof.

What is a Merkle proof, explained simply?

A Merkle proof is the short list of sibling hashes needed to recompute the root from a single leaf, proving that leaf is genuinely part of the tree without revealing or requiring the rest of the dataset. Concretely: if your data sits at leaf position 5 in a tree of 1,000 entries, you don't need all 999 other entries to prove inclusion — you only need roughly log₂(1,000), or about 10, hashes: the sibling at each level of the path from your leaf up to the root. You hash your leaf with its sibling, hash that result with the next sibling up, and repeat until you arrive at a value. If that value matches the publicly known, signed root hash, your data is proven to be in the tree.

This is the Merkle proof explained at its most practical: it turns an expensive, linear-time verification problem ("scan the whole log to check my entry is there") into a cheap, logarithmic-time one. A CI/CD pipeline verifying that a software artifact's signature was properly logged, for example, can request an inclusion proof from a transparency log like Rekor and confirm it locally in microseconds, without downloading gigabytes of log data or trusting the log operator's claim at face value.

How is a Merkle tree used in certificate transparency?

Merkle tree certificate transparency works by logging every publicly trusted TLS certificate into an append-only Merkle tree so that fraudulent or mis-issued certificates become publicly visible rather than silently trusted. When a certificate authority issues a certificate, it (or the certificate itself) is submitted to one or more independent CT logs. Each log adds the certificate as a new leaf, recomputes the affected branch of hashes up to the root, and returns a "Signed Certificate Timestamp" (SCT) as a promise of inclusion. Browsers like Chrome require valid SCTs before trusting a certificate for many sites, effectively making CT logs a mandatory checkpoint in the web's trust chain.

This system, born out of incidents like the 2011 DigiNotar breach where a CA was compromised and issued fraudulent certificates for domains including google.com without anyone noticing for weeks, exists specifically to prevent silent mis-issuance. Domain owners and monitors continuously scan CT logs for certificates issued for their domains that they never requested. Because the underlying structure is a Merkle tree, this monitoring doesn't require trusting the log operator — auditors can independently verify inclusion proofs and cross-check consistency proofs between log snapshots, catching any attempt to quietly omit or alter a record.

Why do transparency logs need hash trees instead of simple hash lists?

Transparency logs need hash trees instead of flat hash lists because trees make both inclusion and consistency checks efficient at scale, while flat lists force verifiers to process the entire dataset for every check. A simple approach — hash every record and publish a giant list — technically detects tampering too, but proving that record #47,000 belongs to a list of a million entries means scanning a meaningful chunk of that list. A Merkle tree collapses that into a logarithmic-sized proof: doubling the number of entries in the log adds only one more hash to any given proof, not twice the work.

This efficiency matters enormously in software supply chain contexts, where transparency logs might record millions of package publications, container builds, or code-signing events per year. Systems like Sigstore's Rekor, the in-toto attestation framework, and SLSA-aligned build provenance tooling all lean on Merkle-tree-backed transparency logs precisely because verifiers — CI pipelines, admission controllers, security scanners — need to check "was this artifact properly logged and unaltered?" in near real time, thousands of times a day, without becoming a bottleneck.

How Safeguard Helps

Safeguard builds software supply chain security around exactly this kind of verifiable, tamper-evident trust. Rather than asking teams to take a build system's or a vendor's word for it, Safeguard integrates with Merkle-tree-backed transparency logs to independently verify that artifact signatures, SBOM attestations, and provenance records were genuinely logged, unaltered, and consistent over time — the same inclusion-proof and consistency-proof mechanics described above, applied continuously across your pipelines.

In practice, that means Safeguard can flag a build artifact whose expected transparency-log entry is missing, catch inconsistencies that would indicate a compromised or misbehaving log, and give security teams a cryptographically grounded answer to "did this code actually go through the process we think it did?" — rather than a policy document's promise. For organizations adopting SLSA, in-toto, or Sigstore-based signing workflows, Safeguard turns the theoretical guarantees of Merkle trees and transparency logs into practical, automated verification embedded directly in the software delivery lifecycle, closing the gap between "we log everything" and "we can prove nothing was tampered with."

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.