State root computation dominates (78%) blockchain block processing time. Ethereum's canonical authenticated data structure, i.e., Merkle Patricia Trie (MPT), suffers from severe tree-height growth and is vulnerable to \textit{Nurgle attacks} (SP'24), where adversaries inflate path depth via hash collisions and degrade system performance at negligible cost. Existing defenses increase node fanout (span) to bound tree height, but higher span inflates proof size exponentially. Prior work mitigates this trade-off using vector commitments, at the cost of trusted setup or expensive verification. We present \textsc{Mhot}, a height-optimal authenticated data structure for blockchain state commitment that preserves standard hash-based verification without trusted setup. Unlike MPT's fixed-prefix indexing, which couples span and fanout exponentially, \textsc{Mhot} indexes by discriminative bits that actually distinguish keys, achieving adaptive span with linear fanout coupling and provably minimal height. To prevent high fanout from inflating proofs, we introduce hierarchical proofs, a two-layer Merkle construction that reduces per-node proof overhead from O(k) to O(log k). On Ethereum mainnet workloads, \textsc{Mhot} achieves up to 9X higher write throughput, 4X lower write amplification, and 2X smaller proofs than MPT. Under Nurgle attacks, even when the adversary consumes an entire block's gas budget, \textsc{Mhot} maintains a 0% attack success rate (v.s., 99.97% for MPT). Our results, somewhat surprisingly, show that height optimality (not new crypto primitives!) is the key abstraction for scalable and attack-resilient blockchain state commitment.

翻译：状态根计算占据区块链区块处理时间的78%。以太坊的规范认证数据结构，即Merkle Patricia Trie (MPT)，存在严重树高度增长问题，且易受\textit{枯竭攻击}（SP'24）影响——攻击者通过哈希碰撞膨胀路径深度，以极低成本降低系统性能。现有防御方案通过增大节点扇出（跨度）来限制树高度，但更高的扇出会指数级膨胀证明尺寸。此前工作利用向量承诺缓解这一权衡，却以可信设置或昂贵验证为代价。我们提出\textsc{Mhot}，一种面向区块链状态承诺的高度最优认证数据结构，无需可信设置即可保留标准哈希验证。与MPT固定前缀索引不同——其将跨度与扇出指数级耦合——\textsc{Mhot}通过实际区分键的判别位进行索引，实现具有线性扇出耦合的自适应跨度及可证明的最小高度。为防止高扇出膨胀证明，我们引入分层证明，一种双层Merkle构造，将单节点证明开销从O(k)降至O(log k)。在以太坊主网负载下，\textsc{Mhot}相比MPT实现最高9倍写入吞吐量、4倍写入放大降低及2倍证明缩小。在枯竭攻击下，即使攻击者耗尽整个区块的气体预算，\textsc{Mhot}仍保持0%攻击成功率（对比MPT的99.97%）。令人惊讶的是，我们的结果表明：高度最优性（而非新型密码学原语！）才是实现可扩展且抗攻击的区块链状态承诺的关键抽象。