Bitcoin Single-use Seals

This section briefly describes the possible Single-use Seal structures that can be implemented using bitcoin as a publication medium and outlines the set of choices taken by the RGB protocol in particular.

There are 2 main ways in which a Single-use Seal can be defined in Bitcoin transactions:

  • Public keys or addresses - the seal is defined by selecting an address or public key that has not yet been used (i.e. it has not been used by any locking script, so it is not locking any bitcoin).

  • Bitcoin transaction outputs – the seal is defined by the selection of a specific UTxO available to some wallet.

The defined methods can be used in a combination of closing methods that differ according to how a spending transaction:

  1. uses the seal definition: use of the address in the locking script or spending of the UTXO;

  2. hosts the message on which the seal is closed according to a commitment scheme (i.e. in which part of the transaction the message is committed and stored).

The following table shows the 4 possible combinations of defining and closing a seal:

Seal type
Seal Definition
Seal Closing
Additional Requirements
Main application
Commitment schemes

PkO

Public key value

Transaction output

P2(W)PKH

none yet

keytweak, tapret, opret

TxO2

Transaction output

Transaction output

Requires Deterministic Bitcoin Commitments

RGB

keytweak, tapret, opret

PkI

Public key value

Transaction input

Taproot-only - Not working with legacy wallets

Bitcoin-based identities

sigtweak, witweak

TxOI

Transaction output

Transaction input

Taproot-only - Not working with legacy wallets

none yet

sigtweak, witweak

RGB protocol uses the TxO2 scheme in which both the Seal Definition and the Seal Closing use transaction outputs.

As shown in the table above, several commitment schemes can be used for each seal type. Each method differs in the location used by related transactions to host the commitment and, in particular, whether the message is committed to a location belonging to the input or output of the transaction:

  • Transaction Input:

    • Sigtweak - the commitment is placed within the 32-byte random rr component that forms the ECDSA signature pair <r,s><r,s> of an input. It makes use of Sign-to-contract (S2C).

    • Witweak - commitment is placed within the segregated witness data of the transaction.

  • Transaction Output (scriptPubKey):

    • Keytweak - It uses the Pay-to-contract construction by which the public key of the output of the output is "tweaked" (i.e. modified) to contain a deterministic reference to the message.

    • Opret - used in RGB, the committed message is placed in an unspendable output after the opcode OP_RETURN.

    • Tapret (Taptweak) - This scheme, used in RGB, represents a form of tweak in which the commitment is an OP_RETURN leaf in the Script path of a taproot output which then modifies the value of the PubKey.

The different seal closing methods in Bitcoin transaction.

After reading this overview, it should now be easier to dive into details of RGB Single-use Seals construction.

PreviousRGB Library Map

Last updated