TYPE 0x0806 · GOVERNANCE FAMILY

ACCUMULATOR

v2 structured-leaf set-membership proof. The conditions commit to a Merkle root over a set of element ids; the witness provides the element id (NUMERIC) plus a Merkle inclusion proof (depth ≤ 4). The leaf hash is TaggedHash("LadderAccumulatorLeaf/v1", element_id_LE) — not free attacker bytes. Closes the v0.5 E-001.

Governance Invertible

Ladder Diagram

Fields

Field	Data Type	Size	Side	Description
set_root	HASH256	32 B	Conditions	Root of the inner Merkle tree committing the set; tagged-hash domain `LadderAccumulatorInterior/v1`.
element_id	NUMERIC	1-3 B	Witness	Position of the proven element (0 ≤ id ≤ 65535). The leaf hash is `H_tag("LadderAccumulatorLeaf/v1", element_id_LE)`.
proof	MERKLE_PROOF	0-128 B	Witness	Sibling hashes from leaf to root, packed as `depth × 32` raw bytes (depth ≤ 4).

Per-rung cap: 1 ACCUMULATOR. Per-tx cap (across all inputs): 2 ACCUMULATORs. Conditions side fixed at ~38 B regardless of set size; witness is `~5 + 5 + (depth × 32)` ≤ 138 B.

Wire Format Breakdown

Example: depth-2 tree (4 leaves), proving membership of element_id=2:

0x0806 0 1 HASH256 · set_root Conditions = 38 bytes

0x0806 0 2 NUMERIC · eid MERKLE_PROOF · 64B Witness = ~72 bytes

Total (depth 2) ~110 bytes

MERKLE_PROOF grows by 32 B per tree level. Conditions side stays at 38 B regardless of set size.

Evaluation Logic

1.Block must have exactly 3 fields: HASH256(set_root), NUMERIC(element_id), MERKLE_PROOF → otherwise ERROR

2.Read element_id; reject if > MAX_ACCUMULATOR_ELEMENT_ID (65535) → ERROR

3.Compute leaf = TaggedHash("LadderAccumulatorLeaf/v1", element_id_LE)

4.For each 32-byte sibling in MERKLE_PROOF: current = TaggedHash("LadderAccumulatorInterior/v1", min(current, sibling) || max(current, sibling))

5.If computed root == committed set_root → SATISFIED

6.Otherwise → UNSATISFIED

Sorted pair convention: Children are sorted lexicographically before hashing — no direction bits needed. Domain separation: the inner Merkle tree uses dedicated tagged-hash domains so cross-tree collisions with the outer MLSC tree, the MULTISIG inner tree, or BIP-340 internal nodes are impossible.

JSON Wire Format

Conditions (commit to set root)

{
  "type": "ACCUMULATOR",
  "fields": [
    { "type": "HASH256", "hex": "a1b2c3d4... set_root, 32 bytes" }
  ]
}

Spend (signrungtx signer spec)

{
  "type": "ACCUMULATOR",
  "element_id": 5,
  "proof": [
    "...sibling at level 0 (32-byte hex)...",
    "...sibling at level 1..."
  ]
}

Use Cases

Whitelist Authorization

Commit to a Merkle root of allowed transaction hashes, pubkey hashes, or output scripts. Only transactions that can prove membership in the committed set are valid spends. The set can contain millions of entries with only 32 bytes on-chain.

Inverted: Blacklist Enforcement

With the inverted flag, spending is blocked if the leaf IS in the set. Creates exclusion lists — e.g., block specific output patterns or addresses from being created.

Merkle Airdrops

Covenant output commits to a Merkle root of eligible claimants. Each claimant proves their pubkey hash is in the tree to claim their share. Scales to millions of recipients with O(log N) proof size.

Oracle Data Attestation

Oracle publishes a Merkle root of attested facts. Contract verifies a specific fact by checking its Merkle proof against the committed root, enabling trustless off-chain data verification.

← RELATIVE_VALUE OUTPUT_CHECK →