Improving upon our previous primitive token solution, we devise an innovative way to store tokens in Unspent Transaction Outputs (UTXOs), same as storing native bitcoins.
Inside each UTXO, there are two parts associated with tokens as state of the token contract:
- A public key: to control access of the tokens
- An amount: consisting of multiple numbers, whose sum is the number of tokens in this UTXO.
Tokens in a UTXO are transferred by signing using the private key corresponding to the public key, just like normal bitcoin transfers.
One token UTXO can be split into multiple UTXOs. This is mostly used to send tokens to others while returning the change. Below is an example of splitting it into two. The total numbers of tokens are conserved after the split, i.e., x0 + x1 + y0 + y1 = x + y.
The relevant code is listed below with self-explanatory comments inline.
Multiple token UTXOs can be combined into a single one. This can be used to combine small-sum tokens to suffice for a large-sum transfer. Below is an example of combining two token UTXOs. Again, the total numbers of tokens are conserved after the merge. Besides, we ensure x = x0 + x1 and y = y0 + y1.
The relevant code is listed below.
Once we can split and merge token UTXOs, we can do arbitrary token transfers by combining them, same as multiple inputs and outputs in a normal bitcoin transfer transaction.
100 tokens are issued: 10 (0x0a in hex) + 90 (0x5a in hex).
The UTXO of 100 tokens are split into two UTXOs: one containing 70 (0x46) tokens, the other 30 (0x1e).
The two UTXOs above are combined into a single UTXO.
There are many advantages of the UTXO-based tokenization approach.
- It is easy to integrate with existing wallets, since they are already managing bitcoin UTXOs. Token standard can be devised for interoperability between wallets, similar to ERC-20.
- Token UTXOs cannot be mistakenly/accidentally spent as bitcoin UTXOs, which is an issue for some Layer-2 tokens.
- Token transfers can be instant using 0 confirmation.
- Processing of token transactions can easily be parallelized and is thus scalable, since token UTXOs are independent of each other, same as bitcoin UTXOs.
- It is non-custodial and users own their tokens by owning the private key.
We have only shown the basics of UTXO-based tokenization, which can be extended for a practical token solution. Some extensions are listed below:
- Split one UTXO into more than two UTXOs
- Merge more than two UTXOs into one UTXO
- Mint new tokens after issuance
- Issue non-fungible tokens
- Use arbitrary access control of tokens other than a single ECDSA signature
- Pay for transaction fee using additional UTXOs using ANYONECANPAY
- Uniquely identify and thus prevent different tokens issued with the same contract from mixing, e.g., by the txid of the issuing transaction.