[EN/CN] Misc: Single-Use-Seals - 杂谈:一次性密封


Single-Use-Seals(SUS) is the basestone of RGB/RGB++ protocols, extending Bitcoin’s ability. But what exactly is SUS? How can we have such things on blockchains? Do you know that the concept of SUS actually existed in CKB far before the RGB++ protocol? We will briefly discuss these here and showcase some simple scripts on CKB with the idea of SUS.

What is SUS?

To implement Single-Use Seals we propose that miners attest to the contents of a series of key:value sets of true expressions, with the keys being the expressions, and the values being commitments, which along with (discardable) witnesses make up the argument to the expression. Once an expression is added to the closed seal set, the value associated with it can’t be changed.

Peter Todd - Closed Seal Sets and Truth Lists for Better Privacy and Censorship Resistance

The picture at the beginning of this article is from Peter Todd’s concrete example of SUS, which vividly and accurately describes the SUS: Like real-life seals, we can not open them again after closing, and each has a unique identifier.

Imagine that, in the digital world, you can also have unique, indestructible seals to seal arbitrary data while nobody (including you!) can fake these seals. That’s what SUS describe.

SUS Made Simple

When we spend an output our goal is to direct the funds spent to a set of outputs by irrevocably committing single-use seals to that distribution of outputs.

Peter Todd - Closed Seal Sets and Truth Lists for Better Privacy and Censorship Resistance

In the blockchain world, UTXOs(Unspent Transaction Outputs) are places where users store their assets. When users transfer their assets, they basically destroy their UTXOs and create new UTXOs for others.

Because of the natural consistency of SUS and the UTXO model, the design of seals on the UTXO model is straightforward. Let’s define the TXOs(Transaction Outputs) as our seals and each transaction commitment on the blockchain as sealing the transaction data to all its input TXOs. Then we are done! The TXO meets all the requirements we want for SUS:

  • Closed seals are indestructible because we spend TXOs to close seals and can not spend the same money twice.
  • Seals are unique and can not be faked because all TXOs are unique.
  • We can have seals before sealing data because we create and spend TXOs separately.

Seal Chain and Type ID

Type ID describes a way of using a special type script which can create a singleton type - there’s only one live cell of this type.

CKB RFC 0022 - CKB Transaction Structure

We can create a seal chain by linking a new seal to an existing one when closing a seal. This approach simplifies the verification process, as verifiers only need to reach a consensus on the genesis seal to track data updates. However, it also means that verifiers must have the entire chain to verify the latest data.

Thanks to CKB’s Turing-complete VM and its extended-UTXO model - the Cell Model, we can have more information in a seal. The difference between a cell on CKB and a UTXO on BTC is that a cell can store arbitrary data whose transformations are restricted by a “type” script.

In the Type ID method on CKB, we enforce that every seal on a seal chain must contain the first seal’s ID as genesis information. Type ID means the type script gives cells unique IDs and restricts them from being changed from the beginning to the end of the seal chain. The ID allows verifiers to retrieve the latest seal simply from a universal indexer on CKB.

More SUS on CKB

  • Single Use Lock: This lock requires a specified live cell consumption to unlock. As we talked about before, a seal can only be closed once. Thus, the lock can also only be unlocked once.
  • Type Proxy Lock: This lock requires cells with a specified type script involved to unlock. If the type script is Type ID, only people with permission to update the seal chain can unlock this lock.

Assets issuing permission controlling is a practical application scenario for these two scripts. In CKB’s xUDT protocol, issuers can mint new tokens when they prove they can unlock the owner lock. With only simple signature-based locks, we can not tell if issuers still have their private key, which means they can always mint new tokens, making every asset supply unlimited.

Here, the Single Use Lock provides us with a solution. After spending the specified cell, since no one can unlock the owner lock to mint new tokens, we can now trust that the token supply is indeed limited.

As a more flexible solution, token issuers can use the Type Proxy Lock to bind the minting permission to a Type ID cell. It is like a lock with an unforgeable key you can give to others or destroy.

You can find implementations for these scripts on GitHub.


一次性密封是 RGB/RGB++ 协议的基石,它拓展了比特币的能力。但究竟什么是一次性密封(Single-Use-Seals, SUS)?我们如何在区块链上实现它?你知道一次性密封在 RGB++ 协议提出之前就已经存在于 CKB 的技术架构之中了吗?我们将简要讨论以上问题,并展示一些基于一次性密封理念的 CKB 脚本设计。

什么是 SUS?

为了实现一次性密封,我们建议矿工证明一系列关于键值对集的真值表达式的内容。键是表达式,值是声明,它们与(可丢弃的)witness 一起组成了表达式的参数。一旦一个表达式被加入了封条集,与它相关联的值就不能被改变。
Peter Todd - Closed Seal Sets and Truth Lists for Better Privacy and Censorship Resistance

本文开头的图片来自 Peter Tod 的 SUS 实用例子,它生动而准确地描述了 SUS:就像现实生活中的封条一样,它们封上就不能再打开,且每个都有唯一标识。

想象一下,在数字世界,你可以拥有独一无二且不可摧毁的封条来封印任何数据,而任何人(包括你自己)都无法伪造这些印章,这就是 SUS。

简单易懂 SUS

Peter Todd - Closed Seal Sets and Truth Lists for Better Privacy and Censorship Resistance

在区块链世界中,UTXO(Unspent Transaction Outputs) 是用户储存资产的地方。用户通过交易转移他们的资产的过程,基本上就是消耗 UTXO,并为其他人创建新的 UTXO。

SUS 和 UTXO 的天然一致性,使得一次性密封在 UTXO 模型上的设计上直接而又简单。我们可以将 TXO(Transaction Outputs) 视为我们的封条,而在区块链上提交的的每笔交易都可以被视为将其数据封入所有的输入 TXO。这么一来,我们就完成了 UTXO 模型上的一次性密封设计:交易的输出满足我们对一次性密封的所有要求:

  • 被封上的封条不能被毁坏,因为我们需要花费 TXO 来封上封条,而一笔钱不能被花费两次。
  • 封条是独特的,而且不能被伪造,因为所有的 TXO 都是独特的。
  • 我在将数据封入前我们就可以拥有封条,因为创造和花费 TXO 是分开的过程。

封条链和 Type ID

Type ID 描述了一种通过使用特殊的 type script 来创造单例类型的方式——即在这个 Type 下只有一个 Live Cell。
CKB RFC 0022 - CKB Transaction Structure


得益于CKB的图灵完备虚拟机和它的扩展 UTXO 模型—— Cell 模型,我们可以在封条中包含更多信息。CKB 上的 Cell 与 BTC 上的 UTXO 的不同之处在于,Cell 可以存储任意数据,这些数据的转换受到 “Type” Script 的限制。

在 CKB 的 Type ID 方案中,我们要求封条链上的每个封条都必须包含第一个封条的 ID 作为起始信息。Type ID 意味着 Type Script 赋予了 Cell 唯一的 ID,并限制其在封条链的开始到结束的过程中 ID 都不能被更改。这个 ID 允许验证者仅通过 CKB 上的通用索引器就可以检索最新的封条。

更多 CKB 上的 SUS

  • Single Use Lock:这种 Lock 需要消耗指定的 Live Cell 才能解锁。正如我们先前所言,一个封条只能被封上一次。因此,Single Use Lock 只能被解锁一次。
  • Type Proxy Lock:这种 Lock 需要使用带有特定 Type Script 的 Cell 进行解锁。在这种 Type Script 是 Type ID 的情况下,只有拥有更新封条链全限的人才能进行解锁。

资产发行权限控制是这两种 Script 的一个实际应用场景。在 CKB 的 xUDT 协议中,发行者可以在证明他们能够解锁 Owner lock 时铸造新代币。仅使用简单的基于签名的 Lock,我们无法确定发行者是否仍然拥有他们的私钥,这意味着他们总是可以铸造新代币,使得每种资产都可以无限增发。

在这里,Single Use Lock 为我们提供了解决方案。消耗指定 Cell 后,由于没有人能够解锁 Owner lock 来铸造新代币,我们可以相信代币供应量确实有上限。

作为一种更灵活的解决方案,代币发行者可以使用 Type Proxy Lock 将铸造权限绑定到 Type ID Cell。它就像一把无法被伪造的钥匙,可以交给其他人,或是被销毁。