The yellowpaper describes MPT keys as being fixed-depth, i.e. "256-bit binary fragments". If that's accurate, then it seems a branch node can never contain a value, as its key would necessarily be shorter than those of values descending from a child.
If that's correct, then to be consistent and avoid confusion, I think the YP should either
Describe MPTs as they're actually used: each key is 256 bits, and branches do not contain values, but for historical reasons there's an unused value field in a branch node's RLP.
Describe the more general MPT construction with variable-length keys. In this case I think 256-bit keys should not be mentioned, or it could be framed like "in practice, currently all MPTs have 256-bit keys".
Edit: after poking around some implementations, it seems keys are not fixed-length, so branch nodes may have values. My understanding now is that keys are 256 bits for the state and storage tries, but variable-length for the receipt and transactions tries. If that's correct, it seems the description of MPT keys as "256-bit binary fragments" is misleading and should be changed.
The yellowpaper describes MPT keys as being fixed-depth, i.e. "256-bit binary fragments". If that's accurate, then it seems a branch node can never contain a value, as its key would necessarily be shorter than those of values descending from a child.
If that's correct, then to be consistent and avoid confusion, I think the YP should eitherDescribe MPTs as they're actually used: each key is 256 bits, and branches do not contain values, but for historical reasons there's an unused value field in a branch node's RLP.Describe the more general MPT construction with variable-length keys. In this case I think 256-bit keys should not be mentioned, or it could be framed like "in practice, currently all MPTs have 256-bit keys".See also: Do storage MPT branch nodes contain values?
Edit: after poking around some implementations, it seems keys are not fixed-length, so branch nodes may have values. My understanding now is that keys are 256 bits for the state and storage tries, but variable-length for the receipt and transactions tries. If that's correct, it seems the description of MPT keys as "256-bit binary fragments" is misleading and should be changed.