Definition
The Taproot merkle path is the sequence of sibling node hashes a spender supplies to prove that a particular script belongs to the tree committed in a Taproot output. When spending via the script path, the witness includes a control block whose trailing bytes are this path: zero or more 32-byte hashes, one per level of the tree, up to a maximum of 128 levels (so the control block is 33 + 32m bytes for m path elements).
How verification uses it
Validators start from the revealed leaf, computing its hashTapLeaf value. They then fold in each path element using hashTapBranch, which sorts its two inputs lexicographically so no left/right position flags are needed. After consuming the whole path, the result is a candidate merkle root. Combined with the internal key from the control block, this root re-derives the tweak t; the spend is valid only if P + t·G reproduces the committed output key.
Privacy property
Crucially, the merkle path reveals only the hashes of sibling branches, never the scripts inside them. An observer learns the one script that was executed and the tree's shape along that branch, but the alternative spending conditions stay hidden forever. This is what lets a complex multi-condition contract present, on-chain, as a single ordinary-looking output until one specific path is used.
The path is built from TapBranch nodes and ultimately authenticates against the Taproot Output Key.
In Simple Terms
The Taproot merkle path is the sequence of sibling node hashes a spender supplies to prove that a particular script belongs to the tree committed…