Search

EP-4584710-B1 - BLOCKCHAIN-BASED TOKEN PROTOCOL

EP4584710B1EP 4584710 B1EP4584710 B1EP 4584710B1EP-4584710-B1

Inventors

  • PAUNOIU, Alexandru
  • PAGANI, Alessio

Dates

Publication Date
20260506
Application Date
20230811

Claims (15)

  1. A computer-implemented method of performing a token protocol using a blockchain, wherein a token transfer transaction requires an input signed by a respective party and one or more respective outputs, each respective output locking a respective amount of a digital asset and comprising a respective locking script locked to a respective public key of a respective party and comprising a respective token amount, and wherein the method is performed by a delegated entity and comprises: obtaining a token melt transaction, wherein the token melt transaction comprises i) a first input signed by a first party, wherein the first input references a respective output of a first token transfer transaction, wherein the respective output is locked to a first public key of the first party and comprises a first token amount, and ii) a first output locked to a melting public key of the delegated entity and comprising the first token amount; creating a token mint transaction, wherein the token mint transaction comprises i) a respective input signed by the delegated entity using a signature corresponding to a minting public key, and ii) a respective output locking a respective amount of the digital asset sufficient to fund one or more respective token transfer transactions, wherein the respective output is locked to a second public key of the first party and comprises the first token amount; and causing the token mint transaction to be submitted to one or more nodes of a blockchain network.
  2. The method of claim 1, comprising: receiving a request from the first party to initiate a melt and mint protocol; and in response, sending a delegated entity digital certificate to the first party, wherein the delegated entity digital certificate comprises the melting public key of the delegated entity.
  3. The method of claim 1 or claim 2, wherein said creating of the token mint transaction is conditional on verifying an identity of the first party.
  4. The method of claim 3, wherein said verifying of the identity of the first party comprises: obtaining a first party digital certificate comprising an identity public key of the first party; receiving, from the first party, a signature based on the first party digital certificate; validating the signature using an ephemeral public key obtained from the first party; and verifying that the identify public key is based on the first public key of the party and the ephemeral public key.
  5. The method of any preceding claim, wherein said creating of the token mint transaction is conditional on determining that the token melt transaction is part of a chain of token transactions that traces back to one or more token mint transactions.
  6. The method of any preceding claim, wherein said creating of the token mint transaction is conditional on validating the token melt transaction, wherein said validating of the token melt transaction comprises: obtaining, from the first party, a list of transactions tracing back to one or more respective token mint transactions linking the token melt transaction to the respective token mint transaction; verifying that the first input of the token melt transaction can be traced back, using the list of transactions, to a respective token mint transaction; and verifying that the first token amount comprised by the first output of the token melt transaction is equal to the first token amount comprised by the respective output of the first transfer transaction.
  7. The method of claim 6, wherein said validating of the token melt transaction comprises: for each respective token mint transaction included in the list of transactions: obtaining a respective delegated entity digital certificate, wherein the delegated entity digital certificate comprises a respective minting public key of the respective delegated entity used to sign the respective input of the respective token mint transaction; and verifying that the respective signature used to sign the respective input of the respective token mint transaction corresponds to a respective minting public key comprised by a respective delegated entity digital certificate.
  8. The method of claim 6 or 7, wherein said validating of the token melt transaction comprises: verifying that the respective amount of the digital asset locked by the first output of the token melt transaction is equal to a sum of the respective amount of the digital asset locked by the respective output of the first token transfer transaction referenced by the first input of the token melt transaction and a transaction fee to be collected by a blockchain node in order for the token mint transaction to be recorded on the blockchain.
  9. A computer-implemented method of performing a token protocol using a blockchain, wherein each token transfer transaction requires an input signed by a respective party and one or more respective outputs, each respective output locking a respective amount of a digital asset and comprising a respective locking script locked to a respective public key of a respective party and comprising a respective token amount, and wherein the method is performed by a first party and comprises: initiating a melt and mint protocol, wherein the melt and mint protocol comprises: creating a token melt transaction, wherein the token melt transaction comprises i) a first input signed by the first party, wherein the first input references a respective output of a first token transfer transaction locked to a first public key of the first party and comprises a first token amount, and ii) a first output locked to a melting public key of a delegated entity and comprising the first token amount; causing the token melt transaction to be submitted to one or more nodes of a blockchain network; obtaining a token mint transaction, wherein the token mint transaction comprises i) a respective input signed by the delegated entity using a signature corresponding to a minting public key, and ii) a respective output locking a respective amount of the digital asset sufficient to fund one or more respective token transfer transactions, wherein the respective output is locked to a second public key of the first party and comprises the first token amount.
  10. The method of claim 9, comprising: creating a second token transfer transaction, wherein the second token transfer transaction comprises i) a second input signed by the first party, wherein the second input references the respective output of the token mint transaction, and ii) one or more respective second outputs, each second output locking a respective amount of the digital asset, wherein each respective second output comprising a respective locking script locked to a respective public key of a respective party, and a respective token amount, wherein a sum of the respective token amounts is equal to the first token amount; and causing the token second token transaction to be submitted to one or more nodes of a blockchain network.
  11. The method of claim 9 or claim 10, wherein initiating the melt and mint protocol comprises: requesting a token melt transaction from the delegated entity; receiving a delegated entity digital certificate from the delegated entity, wherein the delegated entity digital certificate comprises the melting public key of the delegated entity.
  12. The method of any of claims 9 to 11, wherein the delegated entity has access to a first party digital certificate comprising an identity public key of the first party, and wherein the method comprises: generating a signature based on the first party digital certificate using a private key corresponding to an ephemeral public key, wherein the ephemeral public key is based on the first public key of the first party and the identity public key of the first party; and sending the signature to the delegated entity.
  13. The method of any of claims 9 to 12, wherein said initiating is in response to determining that the first party cannot create a next token transfer transaction due to an insufficient amount of the digital asset.
  14. Computer equipment comprising: memory comprising one or more memory units; and processing apparatus comprising one or more processing units, wherein the memory stores code arranged to run on the processing apparatus, the code being configured so as when on the processing apparatus to perform the method of any of claims 1 to 13.
  15. A computer program embodied on computer-readable storage and configured so as, when run on one or more processors, to perform the method of any of claims 1 to 13.

Description

TECHNICAL FIELD The present disclosure relates to a methods of implementing a token protocol, and in particular to a methods relating to melting and minting tokens as part of the token protocol. BACKGROUND A blockchain refers to a form of distributed data structure, wherein a duplicate copy of the blockchain is maintained at each of a plurality of nodes in a distributed peer-to-peer (P2P) network (referred to below as a "blockchain network") and widely publicised. The blockchain comprises a chain of blocks of data, wherein each block comprises one or more transactions. Each transaction, other than so-called "coinbase transactions", points back to a preceding transaction in a sequence which may span one or more blocks going back to one or more coinbase transactions. Coinbase transactions are discussed further below. Transactions that are submitted to the blockchain network are included in new blocks. New blocks are created by a process often referred to as "mining", which involves each of a plurality of the nodes competing to perform "proof-of-work", i.e. solving a cryptographic puzzle based on a representation of a defined set of ordered and validated pending transactions waiting to be included in a new block of the blockchain. It should be noted that the blockchain may be pruned at some nodes, and the publication of blocks can be achieved through the publication of mere block headers. The transactions in the blockchain may be used for one or more of the following purposes: to convey a digital asset (i.e. a number of digital tokens), to order a set of entries in a virtualised ledger or registry, to receive and process timestamp entries, and/or to time-order index pointers. A blockchain can also be exploited in order to layer additional functionality on top of the blockchain. For example blockchain protocols may allow for storage of additional user data or indexes to data in a transaction. There is no pre-specified limit to the maximum data capacity that can be stored within a single transaction, and therefore increasingly more complex data can be incorporated. For instance this may be used to store an electronic document in the blockchain, or audio or video data. Nodes of the blockchain network (which are often referred to as "miners") perform a distributed transaction registration and verification process, which will be described in more detail later. In summary, during this process a node validates transactions and inserts them into a block template for which they attempt to identify a valid proof-of-work solution. Once a valid solution is found, a new block is propagated to other nodes of the network, thus enabling each node to record the new block on the blockchain. In order to have a transaction recorded in the blockchain, a user (e.g. a blockchain client application) sends the transaction to one of the nodes of the network to be propagated. Nodes which receive the transaction may race to find a proof-of-work solution incorporating the validated transaction into a new block. Each node is configured to enforce the same node protocol, which will include one or more conditions for a transaction to be valid. Invalid transactions will not be propagated nor incorporated into blocks. Assuming the transaction is validated and thereby accepted onto the blockchain, then the transaction (including any user data) will thus remain registered and indexed at each of the nodes in the blockchain network as an immutable public record. The node who successfully solved the proof-of-work puzzle to create the latest block is typically rewarded with a new transaction called the "coinbase transaction" which distributes an amount of the digital asset, i.e. a number of tokens. The detection and rejection of invalid transactions is enforced by the actions of competing nodes who act as agents of the network and are incentivised to report and block malfeasance. The widespread publication of information allows users to continuously audit the performance of nodes. The publication of the mere block headers allows participants to ensure the ongoing integrity of the blockchain. In an "output-based" model (sometimes referred to as a UTXO-based model), the data structure of a given transaction comprises one or more inputs and one or more outputs. Any spendable output comprises an element specifying an amount of the digital asset that is derivable from the proceeding sequence of transactions. The spendable output is sometimes referred to as a UTXO ("unspent transaction output"). The output may further comprise a locking script specifying a condition for the future redemption of the output. A locking script is a predicate defining the conditions necessary to validate and transfer digital tokens or assets. Each input of a transaction (other than a coinbase transaction) comprises a pointer (i.e. a reference) to such an output in a preceding transaction, and may further comprise an unlocking script for unlocking the locking script of the poin