Search

US-12619982-B2 - Single-use tokens

US12619982B2US 12619982 B2US12619982 B2US 12619982B2US-12619982-B2

Abstract

A computer-implemented method of using blockchain transactions to issue one or more single-uses tokens for use by one or more respective token redeemers, wherein the method is performed by a token issuer and comprises: generating a token transaction, wherein the token transaction comprises: one or more token outputs, wherein each token output comprises token data representing a respective single-use token, wherein each single-use token is associated with a respective spendable output of the token transaction, and wherein a respective validity of each single-use token is conditional on the respective spendable output being present in an unspent transaction output set of a blockchain; and one or more inputs, wherein at least a first one of the inputs comprises a signature linked to a first public key of the token issuer; and transmitting the token transaction to one or more nodes of a blockchain network to be recorded in the blockchain.

Inventors

  • Bassem AMMAR
  • Wei Zhang
  • Craig Steven Wright

Assignees

  • NCHAIN LICENSING AG

Dates

Publication Date
20260505
Application Date
20201207
Priority Date
20200108

Claims (14)

  1. 1 . A computer-implemented method of using blockchain transactions to issue a single-use token for use by a token redeemer, wherein the method is performed by a token issuer and comprises: receiving a blockchain address from the token redeemer, wherein the blockchain address comprises a public key linked to the redeemer or a hash of the public key linked to the redeemer; generating token data representing the single-use token; generating a cryptographic hash of the token data by inputting the token data to a cryptographic hash function and executing the cryptographic hash function using the token data; generating a set of cryptographically-linked public keys, wherein the set comprises a first public key, a second public key and a third public key, and wherein the second public key is certified by a certificate authority as being linked to the token issuer; receiving, from the certificate authority, a reference to a certificate transaction recorded on the blockchain, wherein the certificate transaction comprises a certificate certifying the second public key of the token issuer; generating a token transaction, wherein generating the token transaction comprises: generating a token output of the token transaction, including the cryptographic hash of the token data in the token output; including, in the token output, the reference to a certificate transaction to enable the token redeemer to identify the certificate transaction and verify that the first and third public keys are cryptographically linked to the second public key that has been certified by the certificate authority; locking the token output or a different output of the token transaction to the blockchain address of the token redeemer, said locking comprising constructing a locking script that requires, when executed during validation of the token transaction by one or more nodes of a blockchain network, an input of a redemption transaction to comprise a signature generated using a private key corresponding to the public key linked to the token redeemer; and generating one or more inputs of the token transaction, generating a first digital signature linked to the first public key of the token issuer, and including the first digital signature into one of the one or more inputs, generating a second digital signature linked to the third public key of the token issuer, and including the second digital signature into one of the one or more inputs; and transmitting the token transaction to one or more nodes of a blockchain network to be recorded in the blockchain.
  2. 2 . The method of claim 1 , wherein the token output is a spendable transaction output.
  3. 3 . The method of claim 2 , wherein the token output is an m-of-n multi-signature output, and wherein the m-of-n multi-signature output is configured such that, in order to be unlocked by the input of the token redemption transaction, the input of the token redemption transaction must comprise at least m signatures that are linked to respective ones of n public keys.
  4. 4 . The method of claim 3 , wherein the m-of-n multi-signature output requires the input of the token redemption transaction to comprise a signature that is linked to a second public key of a token redeemer and/or a signature that is linked to a public key of the token issuer.
  5. 5 . The method of claim 2 , wherein token output comprises a if-else statement that defines two or more alternative conditions, and wherein each alternative condition is configured such that, in order to be unlocked by the input of the token redemption transaction, the input of the redemption transaction must meet one of the two or more defined conditions.
  6. 6 . The method of claim 1 , wherein the token output is an unspendable output.
  7. 7 . The method of claim 6 , wherein the different output of the token transaction is a spendable output associated with the single-use token and is an m-of-n multi-signature output configured such that, in order to be unlocked by the input of the token redemption transaction, the input of the token redemption transaction must comprise a signature that is linked to a public key of a token redeemer and/or a signature that is linked to the second public key of the token issuer.
  8. 8 . The method of claim 1 , wherein the token transaction comprises a plurality of inputs.
  9. 9 . The method of claim 1 , comprising: generating a token update transaction, wherein the token update transaction comprises an input that references the token output of the token transaction, wherein the token update transaction comprises a token update output, wherein the token update output comprises token data representing an updated version of the single-use token; and transmitting the token update transaction to one or more nodes of a blockchain network to be recorded in the blockchain.
  10. 10 . The method of claim 1 , comprising: generating a token cancel transaction, wherein the token cancel transaction comprises an input that references of the token output of the token transaction, wherein the token cancel transaction comprises a token cancel output, wherein the token cancel output comprises token data representing a cancelled version of the single-use token; and transmitting the token cancel transaction to one or more nodes of a blockchain network to be recorded in the blockchain.
  11. 11 . The method of claim 1 , comprising: transmitting, to the token redeemer, a transaction identifier of the token transaction.
  12. 12 . The method of claim 1 , wherein the single-use token is associated with a tangible asset.
  13. 13 . Computer equipment, comprising: memory comprising one or more memory units; and processing apparatus comprising one or more processing units, wherein the memory stores code arranged to run on the processing apparatus, the code being configured so as when run on the processing apparatus, the processing apparatus performs a method of using blockchain transactions to issue a single-uses tokens for use by a token redeemers, wherein the method is performed by a token issuer, the method including: receiving a blockchain address from the token redeemer, wherein the blockchain address comprises a public key linked to the redeemer or a hash of the public key linked to the redeemer; generating token data representing the single-use token; generating an encrypted version of the token data by: a) inputting the token data to a cryptographic hash function and executing the cryptographic hash function using the token data; generating a set of cryptographically-linked public keys, wherein the set comprises a first public key, a second public key and a third public key, and wherein the second public key is certified by a certificate authority as being linked to the token issuer; receiving, from the certificate authority, a reference to a certificate transaction recorded on the blockchain, wherein the certificate transaction comprises a certificate certifying the first public key of the token issuer or the second public key of the token issuer; generating a token transaction, wherein generating the token transaction comprises: generating a token output of the token transaction, including the hash of the token data in the token output, including, in the token output, the reference to a certificate transaction to enable the token redeemer to identify the certificate transaction and verify that the first and third public keys are cryptographically linked to the second public key that has been certified by the certificate authority; locking the token output or a different output of the token transaction to the blockchain address of the token redeemer, said locking comprising constructing a locking script that requires, when executed during validation of the token transaction by one or more nodes of a blockchain network, an input of a redemption transaction to comprise a signature generated using a private key corresponding to the public key linked to the token redeemer; and generating one or more inputs of the token transaction, generating a first digital signature linked to the first public key of the token issuer, and including the first digital signature into one of the one or more inputs, generating a second digital signature linked to the third public key of the token issuer, and including the second digital signature into one of the one or more inputs; and transmitting the token transaction to one or more nodes of a blockchain network to be recorded in the blockchain.
  14. 14 . A computer program product, comprising computer program code embodied on a non-transitory computer-readable storage medium, the computer program code being configured so as, when run on computer equipment, the computer equipment performs a method of using blockchain transactions to issue a single-use token for use by a token redeemers, wherein the method is performed by a token issuer and includes: receiving a blockchain address from the token redeemer, wherein the blockchain address comprises a public key linked to the redeemer or a hash of the public key linked to the redeemer; generating token data representing the single-use token; generating an encrypted version of the token data by: a) inputting the token data to a cryptographic hash function and executing the cryptographic hash function using the token data; generating a set of cryptographically-linked public keys, wherein the set comprises a first public key, a second public key and a third public key, and wherein the second public key is certified by a certificate authority as being linked to the token issuer; receiving, from the certificate authority, a reference to a certificate transaction recorded on the blockchain, wherein the certificate transaction comprises a certificate certifying the first public key of the token issuer or the second public key of the token issuer; generating a token transaction, wherein generating the token transaction comprises: generating a token output of the token transaction, including the hash of the token data in the token output, including, in the token output, the reference to a certificate transaction to enable the token redeemer to identify the certificate transaction and verify that the first and third public keys are cryptographically linked to the second public key that has been certified by the certificate authority; locking the token output or a different output of the token transaction to the blockchain address of the token redeemer, said locking comprising constructing a locking script that requires, when executed during validation of the token transaction by one or more nodes of a blockchain network, an input of a redemption transaction to comprise a signature generated using a private key corresponding to the public key linked to the token redeemer; and generating one or more inputs of the token transaction, generating a first digital signature linked to the first public key of the token issuer, and including the first digital signature into one of the one or more inputs, generating a second digital signature linked to the third public key of the token issuer, and including the second digital signature into one of the one or more inputs; and transmitting the token transaction to one or more nodes of a blockchain network to be recorded in the blockchain.

Description

CROSS REFERENCE TO RELATED APPLICATIONS This application is the U.S. National Stage of International Application No. PCT/162020/061591 filed on Dec. 7, 2020, which claims the benefit of United Kingdom Patent Application No. 2000204.4, filed on Jan. 8, 2020, the contents of which are incorporated herein by reference in their entireties. TECHNICAL FIELD The present disclosure relates to a method of using a blockchain to issue single-use tokens. BACKGROUND A blockchain refers to a form of distributed data structure, wherein a duplicate copy of the blockchain is maintained at each of a plurality of nodes in a peer-to-peer (P2P) network. The blockchain comprises a chain of blocks of data, wherein each block comprises one or more transactions. Each transaction may point back to a preceding transaction in a sequence which may span one or more blocks. Transactions can be submitted to the network to be included in new blocks by a process known as “mining”, which involves each of a plurality of mining nodes competing to perform “proof-of-work”, i.e. solving a cryptographic puzzle based on a pool of the pending transactions waiting to be included in blocks. Conventionally the transactions in the blockchain are used to convey a digital asset, i.e. data acting as a store of value. However, a blockchain can also be exploited in order to lay additional functionality on top of the blockchain. For instance, blockchain protocols may allow for storage of additional user data in an output of a transaction. Modern blockchains are increasing the maximum data capacity that can be stored within a single transaction, enabling more complex data to be incorporated. For instance, this may be used to store an electronic document in the blockchain, or even audio or video data. Each node in the network can have any one, two or all of three roles: forwarding, mining and storage. Forwarding nodes propagate transactions throughout the nodes of the network. Mining nodes perform the mining of transactions into blocks. Storage nodes each store their own copy of the mined blocks of the blockchain. In order to have a transaction recorded in the blockchain, a party sends the transaction to one of the nodes of the network to be propagated. Mining nodes which receive the transaction may race to mine the transaction into a new block. Each node is configured to respect the same node protocol, which will include one or more conditions for a transaction to be valid. Invalid transactions will not be propagated nor mined into blocks. Assuming the transaction is validated and thereby accepted onto the blockchain, the additional user data will thus remain stored at each of the nodes in the P2P network as an immutable public record. SUMMARY One of the fundamental features of some blockchain protocols is the double-spending protection. This security feature has been enduring real life testing for the last decade and is still unchallenged. One implication of the inability of double spending is the single use of any unspent output of a blockchain transaction. The present invention utilizes the single-use property of blockchain transaction outputs to enable the issuance of single-use tokens on the blockchain. The single-use tokens may be, for example, cinema tickets, gift cards, afternoon tea vouchers, flight tickets, and so on. Embodiments not only ensure that the tokens are single-use, but also provide for immutability, transparency, and auditability of records. According to one aspect disclosed herein, there is provided a computer-implemented method of using blockchain transactions to issue one or more single-uses tokens for use by one or more respective token redeemers, wherein the method is performed by a token issuer and comprises: generating a token transaction, wherein the token transaction comprises: one or more token outputs, wherein each token output comprises token data representing a respective single-use token, wherein each single-use token is associated with a respective spendable output of the token transaction, and wherein a respective validity of each single-use token is conditional on the respective spendable output being present in an unspent transaction output set of a blockchain; and one or more inputs, wherein at least a first one of the inputs comprises a signature linked to a first public key of the token issuer; and transmitting the token transaction to one or more nodes of a blockchain network to be recorded in the blockchain. A token output is an output of a blockchain transaction (the “token transaction”) which comprises data representing a single-use token. A single-use token is a token which is valid for a single use only, e.g. the single-use token can be exchanged or redeemed for a given product (or set of products) or service only once. A single-use token cannot be re-used. Each single-use token is associated with (or linked with) a respective spendable output of the token transaction. A spendable output will remain in an unspen