The Merkle Root is a field in the block header.
How do you get a merkle root?
By repeatedly hashing together pairs of Transaction IDs until you end up with a single hash as a result.
- Take each pair of Transaction IDs from the block, and hash them together through SHA256 twice.
- Keep doing this for each pair Transaction IDs, until you end up with a new list of hashes.
- Note: If you have an odd number of transactions, hash the remaining transaction with itself.
- Repeat steps 1-2 for every new list of hashes you create until you finally end up with one hash.
Why does bitcoin use the merkle root method?
Or in other words...
Question: Why the hell wouldn't you just hash all of the transaction IDs in one go? Why use this more complicated method of hashing pairs together? What's the matter with you?
Answer: Because if you want to check that a transaction is part of the final hash, a merkle root is a more efficient way of doing it, sir.
You see, if you hash all of the transactions in one go, when it comes to checking if a transaction ID was used to make that hash, you're going to need all of the transaction IDs to get the same result. And if there are 1000 or so transactions in that block, that's a hefty amount of data you need for a simple check.
But with a merkle tree, you can do the same check, but you'll only need a specific set of hashes across the branches of the tree to form the final hash.
So whilst merkle trees take a little more effort in the beginning, they save energy when it comes to verification later on.
Why is it called a "merkle" root?
Because the crytography guy who patented the concept happens to be called Ralph Merkle.