A Verkle Tree is a vector commitment-based data structure that merges the hierarchical branching of a Merkle tree with a polynomial commitment scheme to generate compact, constant-size membership proofs. Unlike a standard Merkle tree, which requires providing sibling hashes along a path, a Verkle tree uses a single aggregated proof to verify the inclusion of multiple key-value pairs simultaneously.
Glossary
Verkle Tree

What is a Verkle Tree?
A Verkle Tree is a cryptographic data structure that combines a Merkle tree with a polynomial commitment scheme to produce significantly smaller proofs than traditional Merkle trees.
The structure achieves proof compression by committing to child nodes using a KZG commitment or similar scheme, allowing a prover to generate a single witness that attests to an entire branch. This dramatically reduces the bandwidth required for stateless clients in blockchain protocols, as a validator can verify state transitions without storing the entire state, relying instead on these succinct Verkle proofs.
Key Features of Verkle Trees
Verkle trees represent a fundamental upgrade to cryptographic data structures by replacing traditional hash-based commitments with polynomial commitments, enabling stateless clients and drastically smaller witness sizes.
Polynomial Commitment Foundation
Unlike Merkle trees that commit to data using iterative hashing, Verkle trees use polynomial commitment schemes (typically IPA or KZG) to create a single, constant-size commitment to a vector of values. This allows a prover to open a specific position in the vector with a proof size logarithmic in the width of the tree rather than the depth, collapsing the witness bandwidth bottleneck.
- Mechanism: Commits to a polynomial that interpolates the child nodes
- Key Advantage: Proof size scales with O(log n) instead of O(log² n)
- Common Instantiation: Bandersnatch curve with Inner Product Arguments (IPA)
Stateless Client Enablement
Verkle trees are the cryptographic primitive that makes stateless clients viable in production blockchains. A validator can verify a block without storing the entire state locally; it only needs the block and a compact witness proof proving the pre-state values being accessed.
- Stateless Validation: Verify blocks with only block header and witness
- Witness Size: Drastically smaller than equivalent Merkle proofs
- Network Impact: Reduces bandwidth requirements for full validation by orders of magnitude
- Ethereum Roadmap: Core component of the Verge upgrade for statelessness
Vector Commitment Structure
A Verkle tree is a vector commitment organized as a k-ary tree where each internal node commits to its children using a polynomial commitment. The branching factor k (typically 256) is much wider than a binary Merkle tree, reducing the depth and the number of intermediate nodes required in a proof.
- Branching Factor: k = 256 (common), creating shallow trees
- Node Structure: Each node contains a commitment and optional extension data
- Proof Composition: A single proof aggregates openings at each level
- Comparison: A 256-ary Verkle tree of depth 3 covers ~16.7 million entries
Proof Aggregation and Batching
Verkle trees natively support proof aggregation—multiple opening proofs for different positions can be combined into a single, constant-size proof. This is critical for block validation where a single transaction may touch many state elements (accounts, storage slots).
- Multi-Proof Efficiency: One proof verifies N state accesses simultaneously
- IPA Advantage: Inner Product Arguments enable efficient batch verification
- Gas Implications: Amortized cost per state access decreases with batching
- Verification Complexity: Single multi-scalar multiplication checks all openings
Pedersen vs. KZG Commitment Tradeoffs
Verkle tree implementations must choose between Pedersen commitments (used with IPA proofs) and KZG commitments (used with bilinear pairings). Each offers distinct tradeoffs affecting security assumptions, proof size, and verification cost.
- IPA + Pedersen: Transparent setup (no trusted ceremony), post-quantum friendly, slightly larger proofs, linear verification time
- KZG: Requires trusted setup, constant-size proofs, constant-time verification, relies on pairing-friendly curves
- Ethereum's Choice: Bandersnatch-based IPA for transparency and quantum resistance
- Tradeoff: Setup trust vs. verification efficiency
Witness Update Efficiency
When state changes, Verkle tree witnesses can be incrementally updated without recomputing the entire proof. A client holding a witness for a specific key can efficiently update it when neighboring keys are modified, enabling practical stateless light clients.
- Partial Updates: Only recompute affected path commitments
- Insertion Cost: O(k log_k n) to update a single leaf
- Deletion Handling: Tombstone markers or compaction strategies
- Client Benefit: Light clients maintain fresh witnesses with minimal bandwidth
Verkle Tree vs. Merkle Tree vs. Merkle Patricia Tree
A technical comparison of cryptographic data structures used for state commitment and proof generation in blockchain and verifiable compute systems.
| Feature | Verkle Tree | Merkle Tree | Merkle Patricia Tree |
|---|---|---|---|
Cryptographic Primitive | Vector commitment (polynomial) | Cryptographic hash function | Cryptographic hash function |
Proof Size | O(1) constant size (typically < 150 bytes) | O(log n) logarithmic | O(log n) logarithmic |
Proof Verification Time | O(1) constant time | O(log n) logarithmic | O(log n) logarithmic |
Witness Update Complexity | O(1) constant time | O(log n) logarithmic | O(log n) logarithmic |
Supports Stateless Clients | |||
Key Structure | Flat key-value with polynomial commitments | Binary tree of hashed data blocks | Radix-16 trie with key nibble pathing |
Proof Aggregation | Single proof for multiple values | Separate proof per leaf | Separate proof per leaf |
Ethereum Adoption | Post-Verkle transition (planned) | Pre-2017 state commitment | Current state commitment (pre-Verkle) |
Applications of Verkle Trees
Verkle trees are transforming how distributed systems prove state. By combining vector commitments with polynomial schemes, they enable constant-size witnesses that are critical for stateless clients and scalable consensus.
Stateless Ethereum Clients
The primary driver for Verkle tree adoption is enabling statelessness on Ethereum. Validators and nodes will no longer need to store the entire global state to verify blocks.
- Mechanism: Block proposers include a Verkle proof alongside each state access.
- Result: Validators can verify transactions using only the block header and the witness, dramatically reducing hardware requirements.
- Impact: This lowers the barrier to entry for solo stakers and improves network decentralization.
Decentralized Identity (DID) Systems
Verkle trees enable efficient non-inclusion proofs, which are essential for privacy-preserving identity systems.
- Selective Disclosure: A user can prove they possess a valid credential without revealing the issuer's entire public key registry.
- Revocation Lists: Verkle proofs can compactly demonstrate that a specific credential ID is not in a revocation registry.
- Scalability: Identity registries with billions of entries can be verified on resource-constrained mobile devices.
Verifiable Databases & Key-Value Stores
Beyond blockchains, Verkle trees serve as a cryptographic accumulator for any key-value store requiring integrity guarantees.
- Proof of Inclusion: A server can prove a specific (key, value) pair exists in the database with a constant-size proof.
- Proof of Non-Inclusion: Equally important, the server can prove a key does not exist, preventing data withholding attacks.
- Batch Updates: Multiple insertions or modifications can be aggregated into a single, compact proof update.
Witness Compression in zkVMs
Zero-Knowledge Virtual Machines (zkVMs) like RISC Zero can use Verkle trees to compress the execution witness.
- Memory Consistency: A Verkle tree commitment to the entire memory space allows the prover to open specific memory cells during execution.
- Recursive Proofs: The constant-size nature of Verkle proofs makes them ideal for recursive proof composition, where one proof verifies another.
- Efficiency: Reduces the size of the witness data that must be encoded into the arithmetic circuit, lowering prover overhead.
Distributed File Systems
Protocols like IPFS can replace Merkle DAGs with Verkle DAGs to optimize data integrity verification.
- Directory Proofs: A single Verkle proof can verify the entire contents of a directory, not just a single file.
- Chunking Efficiency: Large files split into chunks can be committed to with a single tree root, simplifying verification.
- Dynamic Content: Supports efficient updates to mutable file systems without rebuilding the entire tree structure.
Frequently Asked Questions
Clear, technically precise answers to the most common questions about Verkle Trees, their cryptographic foundations, and their role in next-generation blockchain scalability.
A Verkle Tree is a cryptographic data structure that combines a Merkle tree with a Vector Commitment Scheme—specifically a polynomial commitment—to produce membership proofs that are significantly smaller than those of a traditional Merkle Patricia tree. It works by arranging data into a wide, shallow tree where each internal node commits to its children using a single, constant-size KZG commitment. To prove that a specific key-value pair exists, the prover generates a single multiproof that bundles the path to the leaf with a polynomial evaluation proof. Instead of requiring all sibling hashes along a path (as in a Merkle tree), a Verkle proof only needs the commitment, the leaf data, and a constant-size witness, making proofs typically under 200 bytes regardless of tree depth. This efficiency is critical for stateless blockchain clients that must validate blocks without storing the entire state.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Verkle trees exist within a broader landscape of cryptographic data structures and proof systems. These related concepts define the foundational primitives and scaling architectures that Verkle trees enable.
Merkle Tree
The predecessor to the Verkle tree. A binary hash tree where each leaf node is labeled with a cryptographic hash of a data block, and every non-leaf node is labeled with the hash of its children. Used to efficiently verify the integrity and membership of data within a large dataset.
- Proof Size: O(log n) hashes
- Verkle Advantage: Verkle trees replace sibling hashes with a single polynomial commitment, reducing proof size from kilobytes to under 200 bytes.
- Use Case: Bitcoin's transaction merkle root, Ethereum's state trie (pre-Verkle migration).
KZG Commitment
A polynomial commitment scheme based on bilinear pairings over elliptic curves. It allows a prover to commit to a polynomial and later open the commitment at any point, providing a constant-size proof of the evaluation.
- Constant Size: Both the commitment and the evaluation proof are a single group element (48 bytes for BLS12-381).
- Homomorphic: Commitments can be combined linearly, enabling efficient proof aggregation.
- Trusted Setup: Requires a secure multi-party computation ceremony to generate the structured reference string.
Vector Commitment
A cryptographic primitive that allows a committer to commit to an ordered sequence of values (a vector) and later open the commitment at specific positions. Verkle trees are built directly on this abstraction.
- Position Binding: The prover cannot open a committed position to two different values.
- Stateless Validation: Enables validators to verify state transitions without storing the entire state, only the vector commitment root.
- Aggregation: Multiple openings can be batched into a single constant-size proof.
Stateless Ethereum
A long-term vision for the Ethereum network where validators are not required to store the full state to validate blocks. Instead, block proposers attach witness data proving the pre-state values accessed during execution.
- Verkle Tries: The core data structure enabling statelessness by making witnesses small enough to fit in a single block.
- Witness Size: With Merkle Patricia tries, witnesses are multi-megabyte. Verkle witnesses target under 1 MB.
- Goal: Reduce validator hardware requirements, increasing network decentralization.
Polynomial Commitment Scheme
The mathematical foundation of Verkle trees. A scheme where a prover commits to a polynomial f(x) and can later prove that f(u) = v for any point u, without revealing the entire polynomial.
- Bandwidth Efficiency: The proof that f(u) = v is constant-size, regardless of the polynomial's degree.
- Verkle Construction: Each internal node commits to a polynomial whose evaluations at specific points yield the node's children.
- Schemes: KZG (pairing-based), FRI (hash-based), IPA (inner product arguments).
Proof-Carrying Data
A paradigm where computation results carry their own verifiability. Each step of a distributed computation produces an output and a proof that the step was executed correctly, which can be recursively composed.
- Recursive Composition: A single proof can attest to the validity of an entire chain of prior computations.
- Verkle Synergy: Verkle tree state proofs can be embedded within PCDs to create succinct proofs of complex state transitions.
- Application: Verifiable blockchain light clients and cross-chain bridges.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us