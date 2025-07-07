Building Trust on Bitcoin: A Look at How Pre-Signed Transaction Trees Secure Contracts

by EScholar: Electronic Academic Papers for ScholarsJuly 7th, 2025
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

On-chain Bitcoin contracts are executed as pre-signed transaction trees, where implicit signatures from all parties guarantee fair play and prevent stalling.
featured image - Building Trust on Bitcoin: A Look at How Pre-Signed Transaction Trees Secure Contracts
EScholar: Electronic Academic Papers for Scholars HackerNoon profile picture
0-item

Abstract and 1. Introduction

  1. On-chain contracts
  2. Off-chain contracts
  3. Conclusions and References

2. On-chain contracts

We represent contracts C as trees of transactions, as in Figure 1. Transactions highlighted in yellow are those already on the blockchain. We will assume that every participant of the contract (denoted with A, B, · · · ) spends at least one of their transaction output into the first transaction of the contract. Edges in the tree represent requirements that need to be satisfied in order for a transaction to be redeemed. Such restrictions are either set by the script of the “parent” transaction (for instance asking to sign the redeeming transaction with a specific key, or to reveal the preimage of a given hash), or they can be set within the redeeming transaction itself, like in the case of timelocks, that force the transaction to wait for a certain amount of blocks before it can be appended.


We assume that all the edges represented with solid lines implicitly ask for a signature of every contract participant in addition to the signatures specified along the edges. These extra signatures are crucial to the contract stipulation protocol: we will refer to them as implicit signatures. In fact, this requirement ensures that if at least one participant is honest (i.e. wants to abide by the original semantics of the contract), then the others can not deviate from the intended behaviour of the contract, since doing so would require a signature from every participant (including the honest ones).


To stipulate a contract, participants first exchange messages containing every transaction in the tree. Then, they exchange all the implicit signatures on each transaction. Finally, they exchange the signatures for the root transaction T0 and put it on the blockchain, ending the stipulation phase. We stress that the whole tree must be signed before T0 is. Not doing so would allow an adversary to put a part of the tree on chain and then prevent the rest of the contract to be executed by refusing to sign the continuation.


Once T0 is on the blockchain, participants can execute the contract by following a branch of the tree. At each step they have to satisfy the requirements shown on the edges of the tree, and then put the corresponding transaction on chain. Note that, during the execution of the contract, the implicit requirements are already satisfied, since those signatures have already been exchanged during the stipulation phase.


Example: Best-of-3 Bet We illustrate the on-chain execution of a contract through an example. The tree of transactions presented in Figure 2 implements a best-of-three bet between Alice and Bob, on some kind of recurring match between two teams. Before the competition starts, an oracle commits the hashes of six secret messages: three of them denote that the first team won a match, while the other three denote that it lost [1]. After each match the oracle certifies the victory or loss of the team by revealing the suitable secret message. These secrets can then be used by Alice and Bob to update the state of the contract, appending a new transaction to the blockchain. Transactions in the contract are


Figure 1: Example of a contract. 𝑠𝑖𝑔P labels require an authorization by P (signature on the redeeming transaction). rev: S labels require revealing the secret 𝑆 whose hash was previously committed. wait: t labels require waiting for at least 𝑡 blocks


Figure 2: Best-of-3 Bet


named to represent the win-loss record associated to the corresponding state, from the point of view of the first team, meaning that W?? represents the state in which the first team has won once, and two matches still have to be played, while LWL represents the state in which the first team has lost, then won, then lost again. The contract ends when either team has won two out of three matches, or when both Alice and Bob agree to an early payout, terminating the bet before the three matches have been played. The contract has 10 possible terminations, shown in the tree as 10 leaves.



Figure 3: A possible execution path. Every time the oracle de-commits one of the hashes, a participant can exhibit its preimage in the contract, moving to the next state.


Authors:

(1) Dario Maddaloni, Università degli studi di Trento ([email protected]);

(2) Riccardo Marchesin, Università degli studi di Trento ([email protected]);

(3) Roberto Zunino, Università degli studi di Trento ([email protected]).

This paper is available on arxiv under CC BY 4.0 DEED license.

[1] The 6 messages contain the strings 𝑊1, 𝑊2, 𝑊3, 𝐿1, 𝐿2, 𝐿3 and are padded with a nonce for security. Note that the oracle is not a contract participant, and does not need to be aware of the bet between Alice and Bob. Indeed its role could be performed by three distinct oracles, one for each match.

Spacecoin
L O A D I N G
. . . comments & more!

About Author

EScholar: Electronic Academic Papers for Scholars HackerNoon profile picture
EScholar: Electronic Academic Papers for Scholars@escholar
We publish the best academic work (that's too often lost to peer reviews & the TA's desk) to the global tech community
Read my storiesAbout @escholar

TOPICS

purcat-imgtech-stories#bitcoin-smart-contracts#off-chain-protocols#transaction-fees#utxo-model#timelocks#blockchain-scalability#optimistic-execution#failsafe-mechanisms

THIS ARTICLE WAS FEATURED IN...

Arweave
Arweave
Read on Terminal Reader Terminal
Read this story w/o Javascript Lite
Hackernoon
Bsky

RELATED STORIES

Article Thumbnail
Zero-Knowledge Proofs: Questionnaire Result Verification in Smart Contracts
by escholar
Feb 02, 2024
#zero-knowledge-proofs
Article Thumbnail
A New Blueprint for Bitcoin Contracts: Off-Chain Efficiency, On-Chain Guarantees
by escholar
Jul 07, 2025
#bitcoin-smart-contracts
Article Thumbnail
Secure Off-Chain Execution for Bitcoin Smart Contracts: A Failsafe Protocol
by escholar
Jul 07, 2025
#bitcoin-smart-contracts
Article Thumbnail
A Comprehensive Review of the 11 Most Promising Scalability Solutions in 2023
by inesstavares
Dec 14, 2023
#blockchain-scalability
Article Thumbnail
A Proposal to Solve Blockchain Scalability
by abarisser
Dec 17, 2017
#bitcoin
Join HackerNoonloading
Latest technology trends. Customized Experience. Curated Stories. Publish Your Ideas

Trending Topics

blockchaincryptocurrencyhackernoon-top-storyprogrammingsoftware-developmenttechnologystartuphackernoon-booksBitcoinbooks