CodeChain Partial Signing

A blockchain’s asset management model is largely divided into the UTXO model and the account model. The UTXO model is used in Bitcoin, while the account model is used in Ethereum. CodeChain has adopted the UTXO model and supports partial signing. Through partial signing, it is possible to implement more complex forms of asynchronous transactions without the need of escrows. In order to understand partial signing, one must first understand the UTXO transaction model. In a transaction, the input is the output of the previous transaction(pointing to the asset owned), and the newly created output takes over the previous output and becomes a new type of asset. By new type of asset, it can mean that the owner has changed or the amount of the asset has been divided, etc. The ownership of the created asset can be verified by solving the lock script(requires a signature) contained in the output.

A signature can be made of a user’s private key and a message, or in this case, the transaction is the message. The lock script first checks the public key to verify ownership of the asset. This public key is pre-stored in the lock script by the previous owner of the asset, in order to pass ownership to another person. At the moment of transaction, only the public key, the signature, and the message, are needed in order to verify that the user who provided the signature holds the private key. Since the data of the transaction corresponding to the message is stored somewhere on the chain, the user who wishes to unlock the lock script must first provide the public key and the signature.

When the first transaction enters the block, the unlock scripts contained in the input are executed in order. At this time, if the contents of the transaction are changed after the signature has been provided through the unlock script, the signature provided is no longer valid, and the previously provided unlock script cannot unlock the lock script, and the transaction ultimately fails. Since the transaction is successful only when the asset and its owners are determined, an asset without ownership or an ownership without an asset, cannot exist.

This is a very restrictive model. Partial signing in CodeChain makes this model much more flexible. When the signature is created, if one can sign only a part of a transaction, even if the contents of the transaction is changed later, if the specific part that has been changed is not signed, the signature can still be valid.

Let’s look at a situation where an ownership without assets can exist.

Suppose you have the following transaction. Input1’s unlock script provides the signature and owner’s public key in the form of a message, which were created by using Input1, Output1, and Output2. Therefore, even if Input2 of amount 10 is added, the unlock script of Input1 is still valid, making the entire transaction valid. This shows that it is possible to add Inputs even after signing. At this time, Output1 and Output2’s assets do not exist yet, but only the information that an asset will have an owner. Conversely, assets without ownership also become a possibility.

How does CodeChain implement partial signing? CodeChain’s unlock script also provides a Tag when validating the signature. This Tag has a 1byte prefix followed by an output filter.

When signature verification starts, you must first check the input scheme bits of the filter. If the input scheme bit is 1, all the inputs of the transaction are signed. Therefore, no further changes to the input can occur. If the input scheme bit is 0, signing is done only to the input that contains the unlock script which is currently being executed. Therefore, an input can be added to the transaction even after the signing process has been completed. Then, check the output scheme bit, and if it is 1, continue to sign all of the outputs of the transaction. If it is 0, apply the output filter by referring to the filter length. The output filter is in the form of a bit array. If the bit corresponding to the output index is 1, the signature is processed. It is worth noting that the output itself is included in the signature. This process allows partial signing of an output.

With partial signing, CodeChain can support more complex forms of transactions. For instance, let’s consider crowdfunding. In crowdfunding, when a certain amount is raised, a project will commence. In the previous transaction model, the investor had to give the planner ownership of the funds. If the funds do not reach a certain amount, the planner must return the money back to the investor. However, through partial signing, the planner partially signs the transaction with only the output corresponding to the fund amount, and sends it to the investors. Then the investors can simply add the input. Adding an input does not mean that the ownership of the asset will be overturned right away. The transaction will be completed only when multiple inputs add up to the minimum amount of money required for the project to start. Once the transaction is complete, the ownership will be transferred as well.

With partial signing, it is possible to implement ownership without assets, and assets without ownership. Through partial signing, it would be possible to apply CodeChain transactions in a variety of situations where asynchronous transactions are required, such as game item trading or even sponsorship recruitment.