From f9a702c08d640938e7735438cb5d9eabf8a84b6e Mon Sep 17 00:00:00 2001
From: Kostis Karantias <kkarantias@gmail.com>
Date: Thu, 2 Aug 2018 10:53:22 +0000
Subject: [PATCH 1/7] add skeleton for ECIP 1046

---
 ECIPs/ECIP-1046.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 ECIPs/ECIP-1046.md

diff --git a/ECIPs/ECIP-1046.md b/ECIPs/ECIP-1046.md
new file mode 100644
index 0000000..d7d786c
--- /dev/null
+++ b/ECIPs/ECIP-1046.md
@@ -0,0 +1,29 @@
+### Title
+
+    ECIP: 1046
+    Title: Merkle Inclusion Proofs
+    Authors: Kostis Karantias <kkarantias@gmail.com>, Dionysis Zindros <dionyziz@gmail.com>
+    Status: Draft
+    Type: Standard
+    Created: 2018-08-02
+    
+# ECIP 1046 - Merkle Inclusion Proofs
+
+## Abstract 
+
+Verification of Merkle Inclusion Proofs is obviously possible in EVM bytecode.
+However, the gas cost for such an operation is very high.
+
+The addition of a native compiled function, in a precompiled contract, to the
+EVM solves the cost problem.
+
+<!-- TODO: maybe refer to performance too? -->
+
+## Motivation
+
+
+## Specification
+
+## Implementation
+
+## References

From 36cdf0d4c2d293c9603be8504f11a9694d0dddf5 Mon Sep 17 00:00:00 2001
From: Kostis Karantias <kkarantias@gmail.com>
Date: Fri, 3 Aug 2018 15:35:43 +0000
Subject: [PATCH 2/7] more details for ECIP 1046

---
 ECIPs/ECIP-1046.md | 46 ++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 40 insertions(+), 6 deletions(-)

diff --git a/ECIPs/ECIP-1046.md b/ECIPs/ECIP-1046.md
index d7d786c..ef933b6 100644
--- a/ECIPs/ECIP-1046.md
+++ b/ECIPs/ECIP-1046.md
@@ -1,29 +1,63 @@
 ### Title
 
     ECIP: 1046
-    Title: Merkle Inclusion Proofs
+    Title: Precompiled contract for verification of Merkle Inclusion Proofs
     Authors: Kostis Karantias <kkarantias@gmail.com>, Dionysis Zindros <dionyziz@gmail.com>
     Status: Draft
     Type: Standard
     Created: 2018-08-02
     
-# ECIP 1046 - Merkle Inclusion Proofs
+# ECIP 1046 - Precompiled contract for Merkle Inclusion Proofs
 
 ## Abstract 
 
 Verification of Merkle Inclusion Proofs is obviously possible in EVM bytecode.
 However, the gas cost for such an operation is very high.
 
-The addition of a native compiled function, in a precompiled contract, to the
-EVM solves the cost problem.
-
-<!-- TODO: maybe refer to performance too? -->
+We propose adding this functionality to Ethereum Classic as a precompiled
+contract in order to combat this cost.
 
 ## Motivation
 
+Interoperability is a very important goal for Ethereum Classic. We believe that
+having a way to efficiently tell whether a transaction is included in a
+Bitcoin/Bitcoin Cash block by utilizing only the block's Merkle Tree Root and a
+short proof is a great first step in that direction.
+
+Moreover, new efficient constructions which enable cross-chain asset transfers
+like [NiPoPoWs](https://nipopows.com/) heavily rely on Merkle Inclusion Proofs.
 
 ## Specification
 
+If `block.number >= MERKLE_FORK_BLKNUM`, add a precompiled contract for Merkle
+Inclusion Proofs (`MERKLEVERIFY`).
+
+The proposal adds a new precompiled function `MERKLEVERIFY` with the following input and output.
+
+`MERKLEVERIFY` takes as **input at least 65 bytes**:
+
+1. **root hash**: the 32-byte merkle tree root hash
+2. **leaf**: the 32-byte leaf we want to prove is included in the merkle tree
+3. **leaf index**: the 1-byte (?) index of the leaf
+4. **siblings**: an array of 32-byte values, arranged from the leaves to the root
+
+`MERKLEVERIFY` returns as **output 4 bytes**:
+
+* `0x00000000` if the proof is valid
+* any non-zero value indicates an invalid proof
+
+### Address
+
+The address of `MERKLEVERIFY` is **`0x5`.**
+
+### Gas costs
+
+Gas cost for `MERKLEVERIFY` is **????**.
+
 ## Implementation
 
+Implementation pending.
+
 ## References
+
+ - [NiPoPoWs](https://nipopows.com/)

From 8d818dd51a1478d0ad04ce0ab5b14b4f36e4a804 Mon Sep 17 00:00:00 2001
From: Kostis Karantias <kkarantias@gmail.com>
Date: Fri, 3 Aug 2018 15:45:33 +0000
Subject: [PATCH 3/7] capitalize nipopows correctly

---
 ECIPs/ECIP-1046.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ECIPs/ECIP-1046.md b/ECIPs/ECIP-1046.md
index ef933b6..f425b40 100644
--- a/ECIPs/ECIP-1046.md
+++ b/ECIPs/ECIP-1046.md
@@ -25,7 +25,7 @@ Bitcoin/Bitcoin Cash block by utilizing only the block's Merkle Tree Root and a
 short proof is a great first step in that direction.
 
 Moreover, new efficient constructions which enable cross-chain asset transfers
-like [NiPoPoWs](https://nipopows.com/) heavily rely on Merkle Inclusion Proofs.
+like [NIPoPoWs](https://nipopows.com/) heavily rely on Merkle Inclusion Proofs.
 
 ## Specification
 
@@ -60,4 +60,4 @@ Implementation pending.
 
 ## References
 
- - [NiPoPoWs](https://nipopows.com/)
+ - [NIPoPoWs](https://nipopows.com/)

From 1add7e747c563fb304b5ea48c03d804e25ed5647 Mon Sep 17 00:00:00 2001
From: Kostis Karantias <kkarantias@gmail.com>
Date: Fri, 3 Aug 2018 16:28:44 +0000
Subject: [PATCH 4/7] resort to using bytes8 = 64 bits for leaf index

* assuming that the leafs should at least be memory addressable
* no assumptions wrt blocksize to stay compatible with any future BTC/BCH
changes
---
 ECIPs/ECIP-1046.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ECIPs/ECIP-1046.md b/ECIPs/ECIP-1046.md
index f425b40..9e56f2b 100644
--- a/ECIPs/ECIP-1046.md
+++ b/ECIPs/ECIP-1046.md
@@ -34,11 +34,11 @@ Inclusion Proofs (`MERKLEVERIFY`).
 
 The proposal adds a new precompiled function `MERKLEVERIFY` with the following input and output.
 
-`MERKLEVERIFY` takes as **input at least 65 bytes**:
+`MERKLEVERIFY` takes as **input at least 72 bytes**:
 
 1. **root hash**: the 32-byte merkle tree root hash
 2. **leaf**: the 32-byte leaf we want to prove is included in the merkle tree
-3. **leaf index**: the 1-byte (?) index of the leaf
+3. **leaf index**: the 8-byte index of the leaf
 4. **siblings**: an array of 32-byte values, arranged from the leaves to the root
 
 `MERKLEVERIFY` returns as **output 4 bytes**:

From b785a4eb2e08e519386ffe00383e7fbaa5c4e9e4 Mon Sep 17 00:00:00 2001
From: Kostis Karantias <kkarantias@gmail.com>
Date: Fri, 3 Aug 2018 16:38:00 +0000
Subject: [PATCH 5/7] detail implementation

---
 ECIPs/ECIP-1046.md | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/ECIPs/ECIP-1046.md b/ECIPs/ECIP-1046.md
index 9e56f2b..5fed091 100644
--- a/ECIPs/ECIP-1046.md
+++ b/ECIPs/ECIP-1046.md
@@ -56,8 +56,34 @@ Gas cost for `MERKLEVERIFY` is **????**.
 
 ## Implementation
 
-Implementation pending.
+The hash function used is `SHA256(SHA256(_))`, to be compatible with Bitcoin/Bitcoin Cash.
+
+The merkle tree construction assumed is described in detail in the [Bitcoin
+Developer Reference](https://bitcoin.org/en/developer-reference#merkle-trees).
+
+Here follows an example implementation of the verification in Solidity:
+
+```solidity
+function merkleVerify(bytes32 root, bytes32 leaf, bytes8 leafIndex, bytes32[] siblings)
+  pure
+  public
+  returns (bool verificationSucceeded)
+{
+  bytes32 h = leaf;
+  for (uint i = 0; i < siblings.length; ++i) {
+    bool siblingOnTheLeft = leafIndex & 0x1 == 1;
+    if (siblingOnTheLeft)
+      h = sha256(abi.encodePacked(sha256(abi.encodePacked(siblings[i], h))));
+    else
+      h = sha256(abi.encodePacked(sha256(abi.encodePacked(h, siblings[i]))));
+    leafIndex >>= 1;
+  }
+  return h == root;
+}
+```
 
 ## References
 
  - [NIPoPoWs](https://nipopows.com/)
+ - [Original Solidity implementation](https://github.com/dionyziz/popow/blob/c82349f870eece524fc027ec787a8b3f3295d566/experiment/contractNipopow.sol#L242-L255)
+ - [Bitcoin Developer Reference](https://bitcoin.org/en/developer-reference#merkle-trees)

From 98e81246ae356cd67026a199e116db813ae53273 Mon Sep 17 00:00:00 2001
From: Kostis Karantias <kkarantias@gmail.com>
Date: Fri, 3 Aug 2018 16:45:31 +0000
Subject: [PATCH 6/7] use address 0x9 to be compatible with Ethereum too

---
 ECIPs/ECIP-1046.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ECIPs/ECIP-1046.md b/ECIPs/ECIP-1046.md
index 5fed091..7421e9e 100644
--- a/ECIPs/ECIP-1046.md
+++ b/ECIPs/ECIP-1046.md
@@ -48,7 +48,7 @@ The proposal adds a new precompiled function `MERKLEVERIFY` with the following i
 
 ### Address
 
-The address of `MERKLEVERIFY` is **`0x5`.**
+The address of `MERKLEVERIFY` is **`0x9`.**
 
 ### Gas costs
 

From ebc9d17a83f5d30c85ebb33c2b80879daa0f77fb Mon Sep 17 00:00:00 2001
From: Kostis Karantias <kkarantias@gmail.com>
Date: Tue, 14 Aug 2018 21:04:07 +0000
Subject: [PATCH 7/7] use bits instead of bytes for readability

as per the recommendation of @splix
---
 ECIPs/ECIP-1046.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ECIPs/ECIP-1046.md b/ECIPs/ECIP-1046.md
index 7421e9e..1e6bb90 100644
--- a/ECIPs/ECIP-1046.md
+++ b/ECIPs/ECIP-1046.md
@@ -36,10 +36,10 @@ The proposal adds a new precompiled function `MERKLEVERIFY` with the following i
 
 `MERKLEVERIFY` takes as **input at least 72 bytes**:
 
-1. **root hash**: the 32-byte merkle tree root hash
-2. **leaf**: the 32-byte leaf we want to prove is included in the merkle tree
-3. **leaf index**: the 8-byte index of the leaf
-4. **siblings**: an array of 32-byte values, arranged from the leaves to the root
+1. **root hash**: the 256-bit merkle tree root hash
+2. **leaf**: the 256-bit leaf we want to prove is included in the merkle tree
+3. **leaf index**: the 64-bit index of the leaf
+4. **siblings**: an array of 256-bit values, arranged from the leaves to the root
 
 `MERKLEVERIFY` returns as **output 4 bytes**: