Skip to main content

The Extended UTXO Model

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2020)

Abstract

Bitcoin and Ethereum, hosting the two currently most valuable and popular cryptocurrencies, use two rather different ledger models, known as the UTXO model and the account model, respectively. At the same time, these two public blockchains differ strongly in the expressiveness of the smart contracts that they support. This is no coincidence. Ethereum chose the account model explicitly to facilitate more expressive smart contracts. On the other hand, Bitcoin chose UTXO also for good reasons, including that its semantic model stays simple in a complex concurrent and distributed computing environment. This raises the question of whether it is possible to have expressive smart contracts, while keeping the semantic simplicity of the UTXO model.

In this paper, we answer this question affirmatively. We present Extended UTXO (EUTXO), an extension to Bitcoin’s UTXO model that supports a substantially more expressive form of validation scripts, including scripts that implement general state machines and enforce invariants across entire transaction chains.

To demonstrate the power of this model, we also introduce a form of state machines suitable for execution on a ledger, based on Mealy machines and called Constraint Emitting Machines (CEM). We formalise CEMs, show how to compile them to EUTXO, and show a weak bisimulation between the two systems. All of our work is formalised using the Agda proof assistant.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://github.com/omelkonian/formal-utxo/tree/a1574e6.

  2. 2.

    https://github.com/input-output-hk/plutus.

  3. 3.

    https://prod.playground.plutus.iohkdev.io/.

  4. 4.

    That these match up is enforced by Rules 7 and 8 in Fig. 6.

  5. 5.

    Cardano will provide a mechanism in this vein.

  6. 6.

    Adding such fields might require amending Rule 4 to ensure value preservation.

  7. 7.

    https://github.com/omelkonian/formal-utxo/tree/a1574e6/Bisimulation.agda.

  8. 8.

    The result may be Nothing, in case no valid transitions exist from a given state/input.

  9. 9.

    A user can run the step function locally to determine the correct next state off-chain.

  10. 10.

    In our formal development, we enforce validity statically at compile time.

  11. 11.

    We cannot provide a correspondence proof in case the target state is final, as explained in the previous note.

References

  1. Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł.: Modeling bitcoin contracts by timed automata. In: Legay, A., Bozga, M. (eds.) FORMATS 2014. LNCS, vol. 8711, pp. 7–22. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10512-3_2

    Chapter  MATH  Google Scholar 

  2. Atzei, N., Bartoletti, M., Lande, S., Zunino, R.: A formal model of Bitcoin transactions. In: Meiklejohn and Sako [10], pp. 541–560. https://doi.org/10.1007/978-3-662-58387-6_29

  3. Bartoletti, M., Zunino, R.: BitML: a calculus for bitcoin smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 83–100. ACM (2018)

    Google Scholar 

  4. Ethereum Foundation: Solidity documentation (2016–2019). https://solidity.readthedocs.io/

  5. Falkon, S.: The story of the DAO – its history and consequences (2017). medium.com. https://medium.com/swlh/the-story-of-the-dao-its-history-and-consequences-71e6a8a551ee

  6. IETF: RFC 7049 - Concise Binary Object Representation (CBOR), October 2013. https://tools.ietf.org/html/rfc7049 . Accessed 01 Jan 2020

  7. Larsen, K.G., Pettersson, P., Yi, W.: UPPAAL in a nutshell. Int. J. Softw. Tools Technol. Transfer 1(1–2), 134–152 (1997). https://doi.org/10.1007/s100090050010

    Article  MATH  Google Scholar 

  8. Mavridou, A., Laszka, A.: Designing secure Ethereum smart contracts: a finite state machine based approach. In: Meiklejohn and Sako [10], pp. 523–540. https://doi.org/10.1007/978-3-662-58387-6_28

  9. Mealy, G.H.: A method for synthesizing sequential circuits. The Bell Syst. Tech. J. 34(5), 1045–1079 (1955)

    Article  MathSciNet  Google Scholar 

  10. Meiklejohn, S., Sako, K. (eds.): FC 2018. LNCS, vol. 10957. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-58387-6

    Book  MATH  Google Scholar 

  11. Melkonian, O., Swierstra, W., Chakravarty, M.M.: Formal investigation of the Extended UTxO model (Extended Abstract) (2019). https://omelkonian.github.io/data/publications/formal-utxo.pdf

  12. Möser, M., Eyal, I., Gün Sirer, E.: Bitcoin covenants. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 126–141. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_9

    Chapter  Google Scholar 

  13. Nanevski, A., Ley-Wild, R., Sergey, I., Delbianco, G.A.: Communicating state transition systems for fine-grained concurrent resources. In: Shao, Z. (ed.) ESOP 2014. LNCS, vol. 8410, pp. 290–310. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54833-8_16

    Chapter  MATH  Google Scholar 

  14. Sangiorgi, D.: Introduction to Bisimulation and Coinduction. Cambridge University Press, Cambridge (2012)

    MATH  Google Scholar 

  15. Lamela Seijas, P., Thompson, S.: Marlowe: financial contracts on blockchain. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11247, pp. 356–375. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03427-6_27

    Chapter  Google Scholar 

  16. Sergey, I., Nagaraj, V., Johannsen, J., Kumar, A., Trunov, A., Hao, K.C.G.: Safer smart contract programming with Scilla. In: Proceedings of the ACM on Programming Languages 3(OOPSLA) (2019). Article No: 185

    Google Scholar 

  17. Zahnentferner, J.: An abstract model of UTxO-based cryptocurrencies with scripts. IACR Cryptology ePrint Archive 2018, p. 469 (2018). https://eprint.iacr.org/2018/469

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Manuel M. T. Chakravarty .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chakravarty, M.M.T., Chapman, J., MacKenzie, K., Melkonian, O., Peyton Jones, M., Wadler, P. (2020). The Extended UTXO Model. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12063. Springer, Cham. https://doi.org/10.1007/978-3-030-54455-3_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-54455-3_37

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-54454-6

  • Online ISBN: 978-3-030-54455-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics