Search

EP-4584709-B1 - BLOCKCHAIN-BASED TOKEN PROTOCOL

EP4584709B1EP 4584709 B1EP4584709 B1EP 4584709B1EP-4584709-B1

Inventors

  • PAUNOIU, Alexandru
  • PAGANI, Alessio

Dates

Publication Date
20260506
Application Date
20230811

Claims (15)

  1. A computer-implemented method of validating a token transfer transaction as part of a token protocol using a blockchain, wherein each token transfer transaction requires an input signed by a respective party and one or more respective outputs, each respective output locking a respective amount of a digital asset and comprising a respective locking script locked to a respective public key of a respective party and comprising a respective token amount, and wherein the method is performed by a second party and comprises: obtaining, from a first party, a candidate token transfer transaction, wherein the candidate token transfer transaction comprises i) one or more respective inputs, each respective input being signed by the first party and referencing a respective output of a respective token transfer transaction or a respective token mint transaction, wherein the respective token mint transaction comprises a respective input signed by a respective delegated entity, and wherein each referenced respective output comprises a respective token amount, and ii) one or more respective outputs, each respective output locking a respective amount of the digital asset, wherein each respective output comprises a respective locking script locked to a respective public key of a respective party, and a respective token amount, wherein a sum of the respective token amounts comprised by the respective outputs is equal to a sum of the respective token amounts comprised by the one or more referenced respective outputs; obtaining, from the first party, for each respective input that references a respective token transfer transaction, a respective list of transactions tracing back to a respective token mint transaction linking the candidate token transfer transaction to the respective token mint transaction; and validating the candidate token transfer transaction, said validating of the candidate token transfer transaction comprising: verifying that each respective input of the candidate token transfer transaction references a respective token mint transaction or can be traced back, using the respective list of transactions, to a respective token mint transaction; and verifying that a sum of the respective token amounts comprised by the respective outputs of the candidate transfer transaction is equal to a sum of the respective token amounts comprised by the one or more respective outputs referenced by the candidate transfer transaction.
  2. The method of claim 1, comprising: if the candidate token transfer transaction is determining to be valid, causing the candidate token transaction to be submitted to one or more nodes of a blockchain network.
  3. The method of claim 1 or claim 2, wherein said validating of the candidate token transfer transaction comprises: for each respective token mint transaction that is either referenced by a respective input of the candidate token transfer transaction or included in the respective list of transactions: obtaining a respective delegated entity digital certificate, wherein the delegated entity digital certificate comprises a respective minting public key of the respective delegated entity used to sign the respective input of the respective token mint transaction; and verifying that the respective signature used to sign the respective input of the respective token mint transaction corresponds to a respective minting public key comprised by a respective delegated entity digital certificate.
  4. The method of claim 3, wherein said validating of the candidate token transfer transaction comprises verifying that each respective delegated entity digital certificate is a valid certificate.
  5. The method of any preceding claim, wherein said validating of the candidate token transfer transaction comprises: verifying that a sum of the respective amounts of the digital asset locked by the one or more respective outputs of the candidate transfer transaction is equal to a sum of respective amounts of the digital asset locked by one or more respective outputs referenced by the one or more respective inputs of the candidate token transfer transaction and a transaction fee to be collected by a blockchain node in order for the candidate token transfer transaction to be recorded on the blockchain.
  6. The method of any preceding claim, wherein said validating of the candidate token transfer transaction comprises validating each transaction tracing back to a respective token mint transaction linking the candidate token transfer transaction to the respective token mint transaction.
  7. The method of claim 2 or any claim dependent thereon, wherein said causing of the candidate token transaction to be submitted to one or more nodes of a blockchain network comprises sending the candidate token transfer transaction to a third party over a first connection, wherein the third party is configured to submit the candidate token transaction to the one or more nodes of the blockchain network over a second connection, wherein the first and second connections are different.
  8. The method of claim 7, wherein the first connection comprises a radio connection.
  9. The method of claim 8, wherein the radio connection comprises a cellular connection, a Bluetooth connection or a Near-field communication, NFC, connection.
  10. The method of any of claims 7 to 9, wherein the second connection comprises an Internet connection.
  11. A computer-implemented method of performing a token protocol using a blockchain, wherein each token transfer transaction requires an input signed by a respective party and one or more respective outputs, each respective output locking a respective amount of a digital asset and comprising a respective locking script locked to a respective public key of a respective party and comprising a respective token amount, and wherein the method is performed by a first party and comprises: sending a candidate token transfer transaction to a second party, wherein the candidate token transfer transaction comprises i) one or more respective inputs, each respective input being signed by the first party and referencing a respective output of a respective token transfer transaction or a respective token mint transaction, wherein the respective token mint transaction comprises a respective input signed by a respective delegated entity, and wherein each referenced respective output comprises a respective token amount, and ii) one or more respective outputs, each respective output locking a respective amount of the digital asset, wherein each respective output comprises a respective locking script locked to a respective public key of a respective party, and a respective token amount, wherein a sum of the respective token amounts is equal to a sum of the respective token amounts comprised by the one or more referenced respective outputs; and sending, to the second party, for each respective input that references a respective token transfer transaction, a respective list of transactions tracing back to a respective token mint transaction linking the candidate token transfer transaction to the respective token mint transaction.
  12. The method of claim 11, wherein said sending of the respective list of transactions comprises sending each transaction in the respective list.
  13. The method of claim 11 or claim 12, comprising: for each respective token mint transaction that is either referenced by a respective input of the candidate token transfer transaction or included in the respective list of transactions, sending, to the second party, a respective delegated entity digital certificate, wherein the delegated entity digital certificate comprises a respective minting public key of the respective delegated entity used to sign the respective input of the respective token mint transaction.
  14. Computer equipment comprising: memory comprising one or more memory units; and processing apparatus comprising one or more processing units, wherein the memory stores code arranged to run on the processing apparatus, the code being configured so as when on the processing apparatus to perform the method of any of claims 1 to 13.
  15. A computer program embodied on computer-readable storage and configured so as, when run on one or more processors, to perform the method of any of claims 1 to 13.

Description

TECHNICAL FIELD The present disclosure relates to a methods of implementing a token protocol, and in particular to a methods relating to transferring and validating tokens as part of the token protocol. BACKGROUND A blockchain refers to a form of distributed data structure, wherein a duplicate copy of the blockchain is maintained at each of a plurality of nodes in a distributed peer-to-peer (P2P) network (referred to below as a "blockchain network") and widely publicised. The blockchain comprises a chain of blocks of data, wherein each block comprises one or more transactions. Each transaction, other than so-called "coinbase transactions", points back to a preceding transaction in a sequence which may span one or more blocks going back to one or more coinbase transactions. Coinbase transactions are discussed further below. Transactions that are submitted to the blockchain network are included in new blocks. New blocks are created by a process often referred to as "mining", which involves each of a plurality of the nodes competing to perform "proof-of-work", i.e. solving a cryptographic puzzle based on a representation of a defined set of ordered and validated pending transactions waiting to be included in a new block of the blockchain. It should be noted that the blockchain may be pruned at some nodes, and the publication of blocks can be achieved through the publication of mere block headers. The transactions in the blockchain may be used for one or more of the following purposes: to convey a digital asset (i.e. a number of digital tokens), to order a set of entries in a virtualised ledger or registry, to receive and process timestamp entries, and/or to time-order index pointers. A blockchain can also be exploited in order to layer additional functionality on top of the blockchain. For example blockchain protocols may allow for storage of additional user data or indexes to data in a transaction. There is no pre-specified limit to the maximum data capacity that can be stored within a single transaction, and therefore increasingly more complex data can be incorporated. For instance this may be used to store an electronic document in the blockchain, or audio or video data. Nodes of the blockchain network (which are often referred to as "miners") perform a distributed transaction registration and verification process, which will be described in more detail later. In summary, during this process a node validates transactions and inserts them into a block template for which they attempt to identify a valid proof-of-work solution. Once a valid solution is found, a new block is propagated to other nodes of the network, thus enabling each node to record the new block on the blockchain. In order to have a transaction recorded in the blockchain, a user (e.g. a blockchain client application) sends the transaction to one of the nodes of the network to be propagated. Nodes which receive the transaction may race to find a proof-of-work solution incorporating the validated transaction into a new block. Each node is configured to enforce the same node protocol, which will include one or more conditions for a transaction to be valid. Invalid transactions will not be propagated nor incorporated into blocks. Assuming the transaction is validated and thereby accepted onto the blockchain, then the transaction (including any user data) will thus remain registered and indexed at each of the nodes in the blockchain network as an immutable public record. The node who successfully solved the proof-of-work puzzle to create the latest block is typically rewarded with a new transaction called the "coinbase transaction" which distributes an amount of the digital asset, i.e. a number of tokens. The detection and rejection of invalid transactions is enforced by the actions of competing nodes who act as agents of the network and are incentivised to report and block malfeasance. The widespread publication of information allows users to continuously audit the performance of nodes. The publication of the mere block headers allows participants to ensure the ongoing integrity of the blockchain. In an "output-based" model (sometimes referred to as a UTXO-based model), the data structure of a given transaction comprises one or more inputs and one or more outputs. Any spendable output comprises an element specifying an amount of the digital asset that is derivable from the proceeding sequence of transactions. The spendable output is sometimes referred to as a UTXO ("unspent transaction output"). The output may further comprise a locking script specifying a condition for the future redemption of the output. A locking script is a predicate defining the conditions necessary to validate and transfer digital tokens or assets. Each input of a transaction (other than a coinbase transaction) comprises a pointer (i.e. a reference) to such an output in a preceding transaction, and may further comprise an unlocking script for unlocking the locking script of