Bitcoin Smart Contract 2.0: Part 2

In the previous article, we generalize Bitcoin smart contracts to include optional off-chain validation part, besides the conventional on-chain part consisting of Bitcoin Script. We applied the concept on a fully on-chain coin toss, by disincentivizing parties from aborting using deposit.

In this article, we implement an alternative contract for achieving fair coin toin as developed in reference¹. It acts as another example of how to design such hybrid smart contracts with on-chain and off-chain parts. Smart contract is defined as a protocol where distrusting parties can transact per their mutual agreement securely, without a trusted third party. Security depends on the specific contract and can usually include properties such as: 1) honest parties who follow the contract/protocol should never lose their money; 2) dishonest parties who deviate must be detected and can optionally be penalized financially.

Fair coin toss without deposit

Tx graph

The new contract consists of the following lock steps:

  1. Alice and Bob exchanges public keys, locktime t and hash of secret numbers/nonces with each other.
  2. Bob creates Tx0. With txid of Tx0, he also creates Tx1. He gives it to Alice. He does not sign it yet, otherwise Alice would know his secret.
  3. Alice signs Tx1 and returns it to Bob.
  4. Bob signs and adds his secret. Now Tx1 is complete, he creates Tx3 and hands it to Alice.
  5. Alice signs it and returns to Bob, who broadcasts Tx0 and Tx1. Alice now knows Bob’s secret in Tx1.
  6. Alice sends her secret to Bob and whoever wins take the bet as in the original coin toss contract. If she does not share her secret before t, Bob can sign and broadcast Tx3 to take the bet.

In each step after 2, each party validates transactions off-chain locally and aborts if validation fails. These validations include: signature, t, secret hash and txid match. The contract is secure because Bob must reveal his secret to create Tx1. Alice must also do so, otherwise Bob will win by broadcasting Tx3.

The HashLock contract in Tx0 is shown below:

Contract HashLock

The CoinToss contract in Tx1 is the same as before, except that a function forfeit() is added.

New Contract CoinToss

[1] Secure Multiparty Computations on Bitcoin · Marcin Andrychowicz, Stefan Dziembowski, L. Mazurek. 2014 IEEE Symposium on Security and Privacy




sCrypt Inc ( is a company with a mission to provide integrated on-chain smart contracting solutions using the original BitCoin Protocol on BSV

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

ZeroSwap’s Playbook in 2022 — Community First

Tokenomics — the shortfall of the protocol investment thesis

EOS analysis

Introducing: Research Factsheet V2

Why Green Whales?

Why is Bitcoin rising? Essential factors

I Joined Pi Network a Year Ago

Pi Network

NFTs — Utility beyond PFPs

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


sCrypt Inc ( is a company with a mission to provide integrated on-chain smart contracting solutions using the original BitCoin Protocol on BSV

More from Medium

KYC, a Mass Surveillance Instrument

Blockchain 102: Cryptocurrencies, Wallets and DApps

Bitcoin Trilemma is a fallacy

An Introduction to “White Paper 42” — Secret Value Distribution