BLOCKCHAIN-IMPLEMENTED CONTROL METHOD AND SYSTEM FOR CONTROLLING AN EXTERNAL PROCESS OR SYSTEM

Abstract

A computer-implemented method for controlling an external process or system and allowing a modification of blockchain transaction outputs, the method comprising one or more steps to generate a blockchain transaction comprising at least one signed input which comprises a value and at least one modifiable output, extract one or more values from one or more signed inputs associated with one or more combination locks, provide one of the values to a portion of logic to obtain a result, and use the result to modify at least one modifiable output of the transaction, wherein the transaction represents the result, wherein the values are extracted external from the blockchain transaction, and wherein the transaction are submitted to the blockchain.

Claims

1. A computer-implemented control method, the method implemented by a controller, the method comprising : generating a transaction of a blockchain, wherein the transaction comprises: at least one signed input which comprises a value; and at least one modifiable output; extracting the value from the signed input and providingthe value to a portion of logic to obtain a result; and using the result to modify the output of the Transaction such that the Transaction represents the result.

2. The control method according to claim 1, wherein the portion of logic is external to one or both of the Transaction and the blockchain.

3. The control method according to claim 1,wherein a Controller which is external to one or both of the transaction and the blockchain applies the portion of logic to the extracted value to obtain the result and communicates with the transaction to modify the output of the transaction based on the result.

4. The control method according to claim 1, wherein the portion of logic represents a system which is external to one or both of the transactionTransaction and the blockchain and the method further comprises modifying a state of the external system based on the modified output of the transactionTransaction.

5. The control method according to claim 1 wherein the portion of logic is arranged to implementa functionality of a logic gate.

6. The control method according to claim 5, wherein the logic gate is an AND, NOT, OR, NOR, XOR, IMPLY, NAND, NONIMPLY or XNOR gate.

7. The control method according to claim 1, further comprising a step of submitting the transactionTransaction to a blockchain.

8. The control method according to claim 1, claim wherein the signed input is provided to the transactionTransaction using an unlocking script.

9. The control method according to claim 1, wherein at least one input is signed using a signature hash type which renders the input as non-modifiable.

10. The control method according to claim 9. wherein the signature hash type is SIGHASH_NONE.

11. The control method according to claim 1, wherein the transactionTransaction further comprises at least one unsigned input.

12. The control method according to claim 11, further comprisinga step of signing the unsigned input after the output has been modified.

13. The control method according to claim 12, wherein the unsigned input is signed using a signature hash type which prevents modification of the whole transaction.

14. The control method according to claim 13, wherein the signature hash type is SIGHASH _ALL.

15. The control method according to claim 1, wherein the value is: embedded in a public key associated with the signed input; and extracted from the public key so as to provide it to the portion of logic.

16. The control method according to claim 15, further comprisinga step of establishing and/or selecting a protocol and using the protocol to embed the value in the public key.

17. The control method according to claim 15, wherein the public key is used to create a locking script in an intermediate transaction of the blockchain.

18. The control method according to claim 17, further comprisinga step of submitting the intermediate transaction to the blockchain.

19. The control method according to claim 18, wherein the value is embedded in the public key by generating a new public key P′, wherein: ${\text{P}}^{\prime }\text{=P+HASH}\left(\text{value}\oplus \text{S}\right)\text{x}\text{G}$ where: P is a base or initial public key G is an Elliptic Curve function, such as secp256k1 x denotes elliptic curve multiplication by scalar; and ⊕ denotes elliptic curve addition.

20. The control method according to claim 19,further comprising the step of generating a new private key corresponding to the new public key P ́, wherein: new private key V′ = V + HASH(value + S).

21. The control method according to claim 15, wherein the value which is embedded in the public key is selected from a specified range of values.

22. A computer-implemented system comprising: at least one computer-based resource arranged to perform the computer-implemented control method of claim 1; and a blockchain.

Description

[0044] These and other aspects of the present invention will be apparent from and elucidated with reference to, the embodiment described herein. An embodiment of the present invention will now be described, by way of example only, and with reference to the accompany drawings, in which:

[0045] FIG. 1 shows an example transaction and the parts which are hashed with SIGHASH_ALL and SIGHASH_NONE

[0046] FIG. 2a shows how a function Controller establishes a PubKey Protocol with each Input Source.

[0047] FIG. 2b illustrates a scenario wherein an input source has a value to communicate and calculates a value-embedded public key (PubKey) according to its protocol (PubKey protocol).

[0048] FIG. 2c illustrates a scenario wherein an input source uses the value-embedded PubKey to create a locking script which is used in one of the outputs of an intermediate transaction.

[0049] FIG. 2d illustrates a scenario wherein the Transaction is created; unsigned input from the Controller and each input is added

[0050] FIG. 2e illustrates a scenario wherein every input source signs their respective input to the Transaction with signature type SIGHASH_NONE.

[0051] FIG. 2f illustrates a scenario wherein the Controller takes the value-embedded PubKey from each Input Source’s unlocking scripts in the Transaction and extracts the embedded value based on the associated PubKey protocol

[0052] FIG. 2g illustrates a scenario wherein the Controller applies the function to the extracted values, and modifies the transaction output(s) based on the result.

[0053] FIG. 2h illustrates a scenario wherein the Controller signs its input using SIGHASH_ALL and submits the transaction to the blockchain.

[0054] FIGS. 3 to 8 show blockchain transactions used in accordance with use case example 1 provided below.

[0055] FIGS. 9 to 14 show blockchain transactions used in accordance with use case example 2 provided below.

[0056] FIGS. 15 to 20 show blockchain transactions used in accordance with use case example 3 provided below.

[0057] FIG. 21a to 25 show blockchain transactions used in accordance with use case example 4 provided below.

[0058] FIG. 26a to 30 show blockchain transactions used in accordance with use case example 5 provided below.

[0059] FIGS. 31 to 35 show blockchain transactions used in accordance with use case example 6 provided below.

[0060] FIG. 36a to 40 show blockchain transactions used in accordance with use case example 7 provided below.

[0061] FIG. 41a to 45 show blockchain transactions used in accordance with use case example 7 provided below.

[0062] We now provide an illustrative embodiment of the invention. This embodiment includes techniques relating to: [0063] The establishment of a shared secret and its use in the generation of new cryptographic keys [0064] A mechanism for securely embedding values in Elliptic Curve public keys; [0065] A blockchain-related scheme or solution in which outputs are conditional upon inputs using a specific signature hash combination; and [0066] The combination of these techniques to provide a novel mechanism for constructing an externally evaluated function (i.e. external to the blockchain).

[0067] The invention provides a novel and advantageous solution for using a blockchain to implement a function. The blockchain is used to provide a record of the execution of the function and/or a result of its result. A function can be a subroutine or procedure (i.e. a process or portion of logic) which is applied to a set of inputs and returns a set of outputs. In a preferred embodiment, the function is executed ‘off-block’ ie its performance is not blockchain-dependent. The function is performed by a computer-based resource.

[0068] A blockchain (e.g. Bitcoin) transaction is a transfer of (e.g. Bitcoin) value which typically references previous transaction outputs as new transaction inputs and dedicates all input values to new outputs. Transactions are not encrypted, so it is possible to browse and view every transaction ever collected into a block. It would be highly advantageous, however, to be able to construct a blockchain transaction which acts as a function, where the transaction output(s) are conditional or dependent on the information embedded in the transaction input(s).

[0069] Important aspects of the present invention include (but are not limited to) a method for creating a blockchain transaction that represents a function where: [0070] Function Input(s) are represented by the public keys used within the unlocking script of the transaction’s input(s) [0071] Function Output(s) are represented by the addresses that the transaction’s outputs are sent [0072] Function Procedure is evaluated external to the blockchain transaction [0073] The Function Input(s) can be locked in, before applying the Function logic and updating the Function Output(s)

[0074] Thus, the present invention includes the following: [0075] A technique for the distribution of a secret value; this can be achieved using methods which employ elliptic curve arithmetic so that a message can be embedded in private/public keys; in addition, the Shared Secret can be established across an unsecure network [0076] A technique for securely embedding a value in Elliptic Curve Public/Private Keys The invention includes a technique for Secret Value Distribution allowing values to be securely embedded in elliptic curve public/private cryptographic keys. The value can be extracted by the receiving party in linear time, but remains intractable for attackers even if the parameters communicated to establish the embedding method are compromised [0077] Bitcoin Transaction Outputs which are conditional on Inputs [0078] A novel and inventive method which first signs all of a transaction’s inputs except one with SIGHASH_NONE (locks in inputs), and then signs the remaining input with SIGHASH_ALL (locks in inputs and outputs). This flow allows for outputs to be conditioned upon inputs.

[0079] The invention will be illustrated via use case examples provided below, in which blockchain (e.g. Bitcoin) transactions can be used to represent the functionality provided by a logic gate.

[0080] The invention utilizes techniques for embedding a message in cryptographic (public/private) keys, and also for establishing a shared secret. These are described as follows.

Message Embedding

[0081] Given: [0082] Private key V (an integer) [0083] Public key P (elliptic curve point) [0084] EC generator G (an elliptic curve function) [0085] Message M (a value which can be represented as an integer)

[0086] It is known in EC arithmetic that:

[00002]$\text{P}=\text{V}\times \text{G Elliptic Curve multiplication by scalar}$

If message M is embedded:

[00003]$\text{V}\text{'}=\text{V}+\text{M Integer addition}$

[00004]$\text{P'}=\text{P}+\text{M}\times \text{G Elliptic Curve Point addition}$

[00005]$\text{V' and P' are the private/public keys with message M embedded}$

Shared Secret

[0087] Given: [0088] Party A with private key V.sub.A and public key P.sub.A [0089] Party B with private key V.sub.B and public key P.sub.B [0090] EC generator G (an elliptic curve function)

[0091] It is known in EC arithmetic that: [0092] P.sub.A= V.sub.A × G [0093] P.sub.B = V.sub.B × G

[0094] If both parties publish their public key, a shared secret can be securely established:

[00006]$\text{Party A Shared Secret}={\text{V}}_{\text{A}}\times {\text{P}}_{\text{B}}{\text{V}}_{\text{A}}\times {\text{(V}}_{\text{B}}\times \text{G)}$

[00007]$\text{Party B Shared Secret}={\text{V}}_{\text{B}}\times {\text{P}}_{\text{A}}{\text{V}}_{\text{B}}\times {\text{(V}}_{\text{A}}\times \text{G)}$

[0095] As EC arithmetic is commutative, the shared secret is equivalent for both parties.

Secure Value Embedding in Elliptic Curve Public/private Keys

[0096] It is possible to embed a message(value) into EC public/private keys. In order to apply this concept as a method for securely communication between two parties, the following parameters are required:

TABLE-US-00001 Parameter Details Base public key P The public key from which all value embedded keys P′ are derived EC Generator G Elliptic Curve function such as secp256k1 which is used by Bitcoin Shared Secret S As per the technique described above. Note that only the public keys from both parties need to be shared Range or set of n values v_1, v_2, ..., v_n Limits the possible values the receiver of a value embedded key needs to check. This is necessary as embedding is a one directional operation which is computationally expensive. Value embedding formula M The underlying Elliptic Curve formula which embeds the value into a public key

Embedding Value Method

[0097] A sending party can embed a value using a secure formula M such as:

[00008]$\text{V'}=\text{V}+\text{HASH(value}+\text{S) value embedded private key}$

[00009]$\text{P'}=\text{P}+\text{HASH(value}\oplus \text{S)}\times \text{G value embedded public key}$

where: [0098] P is a base or initial public key [0099] G is an Elliptic Curve function, such as secp256k1 [0100] x denotes elliptic curve multiplication by scalar; and [0101] ⊕ denotes elliptic curve addition.

[0102] The security of this method incorporates and embodies the following points: [0103] The value embedded public key uses EC arithmetic which is one directional and intractable to reverse [0104] The hashing function is one directional and difficult to reverse [0105] Shared Secret S is used as a hash salt. This means that even if all other parameters are compromised, an attacker cannot simply iterate through the possible values to work out the embedded value. S is guaranteed to be secure unless the private keys are compromised.

Value Extracting Method

[0106] The receiver of a value embedded in a public key can extract the value in linear time. This is done by calculating a value-embedded public key for each possible value until a match is found. This can be achieved by:

TABLE-US-00002 For each v in range v_0 to v_n //In this particular script, v_0, v_1, ..., v_n is a range, rather than a set v' = M(v, P, S, G) //M is the formula using EC arithmetic to embed v If v' equals P'        Exit loop //v is the embedded value

Blockchain Transaction Outputs Conditional on Inputs

[0107] This section presents a method for constructing a blockchain transaction where the outputs are conditioned on the inputs. This is based off knowledge about using signature types SIGHASH_ALL and SIGHASH_NONE which is available in the public domain: https://bitcoin.org/en/developer-guide#signature-hash-types

Signature Types

[0108] Bitcoin signatures are a hash of select parts of a Transaction. The parts that are selected are determined by the signature hash type. The signature secures the hashed parts as any modification will yield a different signature thus showing tampering. FIG. 1 shows an example transaction and the parts which are hashed with SIGHASH_ALL and SIGHASH_NONE. It should be noted that, when signing an input, the scriptSigLen & scriptSig of all other inputs are replaced with empty scripts.

Transaction Construction Method

[0109] 1. The blockchain Transaction is created, and inputs are added by all entities [0110] 2. All entities, apart from Owner, sign their input with SIGHASH_NONE (this locks in the inputs so they cannot be modified) [0111] 3. The Owner determines the output, and updates the transaction [0112] 4. The Owner signs its input with SIGHASH_ALL, the transaction is now complete (this locks in both the inputs and the outputs)

Implementing an Externally Evaluated Function as a Blockchain Transaction

[0113] The invention can combine all of the previously described concepts/methods. Key aspects include are: [0114] Input values to the function can be embedded in public keys which are communicated as transaction inputs [0115] The Owner of the function (i.e. the resource which is responsible for executing the function) can interrogate the transaction prior to publication on the Blockchain to implement the function [0116] The Owner of the function alone can modify the output address of the transaction prior to completion to represent the output of the function

Key Terms

[0117] For clarity the following terms will be used throughout to define the implementation and use cases of the present invention.

TABLE-US-00003 Name Type Controller The owner of the transaction representing a function. This is the only entity which can update the transaction’s outputs even after inputs are signed Input Sources One of the entities which adds an input containing a Value Embedded PubKey to the transaction Value Embedded PubKey This is a cryptographic (Bitcoin) Public Key which has a value embedded in it with Elliptic Curve arithmetic PubKey Protocol A protocol where: • The sender and receiver agrees on the set of parameters and embedding + extracting method as described above in the section relating to Secure Value Embedding in Elliptic Curve Public/Private Keys • A sender communicates the Value Embedded PubKey through one of the input unlocking scripts in the receiver’s transaction (the sender must let the receiver know which key has a value embedded)

Implementation

[0118] 1. A Controller establishes a PubKey Protocol with each Input Source, as shown in FIG. 2a. [0119] 2. Input Source has a value to communicate and calculates a Value Embedded PubKey according to its PubKey Protocol, as shown in FIG. 2b [0120] 3. Input Source uses the Value Embedded PubKey to create a locking script which is used in one of the outputs of an Intermediate Transaction (created by Input Source). The Intermediate Transaction is submitted to the blockchain; it is not important whether the locking script is P2PKH or P2SH. This is shown in FIG. 2c. [0121] 4. Transaction is created and unsigned input from Controller and each Input Source are added; see FIG. 2d [0122] a. The inputs by each Input Source references their intermediate transaction, specifically the output with the Value Embedded PubKey [0123] b. It is not important whether this transaction or the intermediate transactions are created first (i.e. order of steps 2-3), as long as all inputs are added to this transaction before step 4 [0124] c. It is not important who creates the transaction as long as all parties involved can modify it [0125] 5. Every Input Source signs their input to the transaction with signature hash type SIGHASH_NONE [0126] a. This locks in the inputs, but leaves the outputs free to be modified [0127] b. It is not important how each Input Source is informed/checks when all inputs are added [0128] 6. Controller takes the Value Embedded PubKey from each Input Source’s unlocking scripts in the transaction and extracts the value embedded based on the associated PubKey Protocol; see FIG. 2f. [0129] a. The value extraction is done externally to the bitcoin transaction [0130] b. It is not important how the Controller is informed/checks when all inputs by Input Sources are signed [0131] 7. Controller applies the function to the extracted values, and modifies the transaction output(s) based on the result; see FIG. 2g. [0132] a. The function is applied external to the bitcoin transaction [0133] 8. Controller signs its input using SIGHASH_ALL, and submits the transaction to the blockchain; see FIG. 2h.

Use Case Example 1: XOR Logic Gate

[0134] We now present, for the purposes of illustration, an example use cases which implements present invention by using a (Bitcoin) transaction to represent an XOR logic gate with two input sources. Consider the following scenario.

[0135] Alice is a self-taught trader who sees an opportunity to make extra income by trading Company XYZ Stock Options. She opens an account with a particular Online Stock Exchange which accepts payments in Bitcoin. Alice develops a simple Trading Bot, Share Prices Bot, and a Market Index Value Bot. (Each “bot” is a computer-based resource arranged to perform an automated task or process).

[0136] The Share Prices Bot and Market Index Value Bot are setup such that: [0137] Both bots record opening value range of the stock market [0138] Both bots communicate with the Trading Bot if one of the bots sees a value change to another range during the day [0139] Share Prices Bot scrapes: [0140] ◯ Price of Share XYZ - {P1, P2, ..., P10 }* [0141] Market Index Value Bot scrapes: [0142] ◯ Market Index Value - {M1, M2, ..., M5 }*

[0143] .sup.∗ represent ranges of values in ascending order. P1 < P2 < ... < P10

[0144] The Trading Bot buys call and put options based on the market data it receives:

TABLE-US-00004 Input (Price of Share XYZ) Input (Market Index Value) Output p ∈ { P7, P8, P9, P10 } -True m ∈ {M1, M2 } - True False - Buy Put Option - High prices but weak market. Alice predicts price will drop p ∈ { P7, P8, P9, P10 } -True m ∈ { M1, M2 } - False True - Buy Call Option - High prices but strong market. Alice predicts price will rise p ∈ { P7, P8, P9, P10 } -False m ∈ {M1, M2 } - True True - Buy Call Option - Low prices and weak market. Alice predicts price will rise p ∈ { P7, P8, P9, P10 } -False m ∈ { M1, M2 } - False False - Buy Put Option - Low prices and strong market. Alice predicts price will drop

[0145] It is important to note that the Share Prices Bot and Market Index Bot only send market data, they do not know the strategy.

Existing Set Up

[0146] Alice has given Trading Bot private/public key pair A which has 5BTC [0147] Alice has given Share Prices Bot private/public key pair X which has 1BTC [0148] Alice has given Market Index Value Bot private/public key pair Y which has 1BTC [0149] Exchange takes payments for Put and Call Options at public key E_PUT and E CALL respectively

Steps

[0150] 1. Alice runs all three hots for the first time: [0151] a. Trading Bot establishes a PubKey Protocol with Share Prices Bot with the following parameters:

TABLE-US-00005 Parameter Details Base public key Public Key X EC Generator G secp256k1 Shared Secret S (Private Key A) x (Private Key X) x G Trading Bot and Share Prices Bot calculates this by using each other’s public key Range or set of values P1, P2, ..., P10 Value embedding formula X′ = X + SHA256(value 4 S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0152] b. Trading Bot establishes a PubKey Protocol with Market Index Value Bot with the following parameters:

TABLE-US-00006 Parameter Details Base public key Public Key Y EC Generator G secp256k1 Shared Secret S (Private Key A) x (Private Key Y) x G Trading Bot and Market Index Value Bot calculates this by using each other’s public key Range or set of values M1, M2, ..., M5 Value embedding formula Y′ = Y + SHA256(value + S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0153] 2. Share Prices Bot and Market Index Value Bot records the opening value range of the stock market as P5 and M3 respectively [0154] 3. Market Index Value Bot detects a change to M2. Both bots calculate a Value Embedded PubKey to send to Trade Bot [0155] a. Stock Price Bot: [0156] i. X′ = X + SHA256(P5 ⊕ S) x G [0157] b. Market Index Value Bot: [0158] i. Y′ = Y + SHA256(M2 ⊕ S) x G [0159] 4. Both bots create and submit to the blockchain an Intermediate Transaction with an output which requires a P2PKH unlocking script with their Value Embedded PubKey; See FIG. 3 for the Stock Price Bot′ s Intermediate Transaction. Note that output 1 requires the unlocking script with Value Embedded PubKey X′; Output 2 is change back to Stock Price Bot See FIG. 4 for the Market Index Value Bot’s Intermediate Transaction; Note that output 1 requires the unlocking script with Value Embedded PubKey Y′ ; Output 2 is change back to Stock Price Bot [0160] 5. Both bots send Trading Bot an unsigned transaction input containing their respective Value Embedded PubKey See FIG. 5a for the Stock Price Bot’s Input See FIG. 5b for the Market Index Value Bot′ s Input [0161] 6. See FIG. 6: Trading Bot creates the transaction representing an XOR gate including the transaction inputs received from Stock Price Bot and Market Index Value Bot [0162] 7. See FIG. 7: Trading Bot informs Stock Price Bot and Market Index Value Bot of the transaction’s storage/access details and requests them to sign their input. [0163] a. Both hots sign with SIGHASH NONE, locking in the inputs [0164] 8. Trading Bot takes <PubKey X′> from the unlocking script, and calculates Value Embedded PubKeys for P1, P2, ..., P10 until it finds a matching pubkey with P5 [0165] 9. Trading Bot takes <PubKey Y′> from the unlocking script, and calculates Value Embedded PubKeys for M1, M2, ..., M5 until it finds a matching pubkey with M2 [0166] 10. Trading Bot takes applies the XOR logic gate to the values, and determines that it should buy a call option [0167] a. P5 ∈ { P7, P8, P9, P10 } XOR M2 ∈ { M1, M2 } [0168] b. FALSE XOR TRUE [0169] c. TRUE - buy call option [0170] 11. See FIG. 8: Trading Bot updates the output to send 5BTC to E_PUT, signs its output with SIGHASH_ALL, and submits to the blockchain

Use Case Example 2: and Logic Gate

[0171] Implements the Bitcoin transaction to represent an AND logic gate with two input sources Imagine a bank that contains a vault with a dual control (dual custody) electronic combination lock. No single person is given both combinations, the simultaneous presence of two bank managers is required to open the door. If both combinations are correctly entered at the same time (‘1111’ and ‘2222’), the vault door will unlock, otherwise the vault alarm is activated. This is an implementation of an AND gate.

[0172] The whole system consists of 4 entities: Combination Lock A, Combination Lock B, Controller, and Vault AND Logic in Controller: Combination A == ‘1111’ AND Combination B == ‘2222’

TABLE-US-00007 Input Signal from Combination Lock A to Controller Input Signal from Combination Lock B to Controller Controller AND Logic Output Signal from Controller to Vault 1111 2222 TRUE Unlock Door 1111 All other 4 digit combinations besides 2222 FALSE Activate Alarm All other 4 digit combinations besides 1111 2222 FALSE Activate Alarm All other 4 digit combinations besides 1111 All other 4 digit combinations besides 2222 FALSE Activate Alarm

[0173] It should be noted that all logic evaluation is performed by the Controller. The Combination Locks simply sends the 4 digit code but does not evaluate whether the code is TRUE or FALSE.

Existing Setup

[0174] Combination Lock A owns private/public key pair A which has 1BTC [0175] Combination Lock B owns private/public key pair B which has 1BTC [0176] Controller owns private/public key pair C which has 1BTC [0177] Vault owns private/public key pair V_DOOR and V_ALARM

Steps

[0178] 1. When the system was first installed, Controller established a PubKey Protocol with Combination Lock A and Combination Lock B to allow secure communication of signals: [0179] a. Controller & Combination Lock A’s PubKey Protocol parameters:

TABLE-US-00008 Parameter Details Base public key Public Key A (owned by Combination Lock A) EC Generator G secp256k1 Shared Secret S (Private Key A) x (Private Key C) x G Controller & Combination Lock A calculates this by using each other’s public key Range or set of values 0000, 0001, .... , 9998, 9999 Value embedding formula PubKey A′ = PubKey A + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0180] b. Controller & Combination Lock B’s PubKey Protocol parameters:

TABLE-US-00009 Parameter Details Base public key Public Key B (owned by Combination Lock B) EC Generator G secp256k1 Shared Secret S (Private Key B) x (Private Key C) x G Controller & Combination Lock B calculates this by using each other’s public key Range or set of values 0000, 0001, ...., 9998, 9999 Value embedding formula PubKey B′ = PubKey B + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0181] 2. Bank Managers simultaneously enter their respective 4 digit code (1111 and 2222) into Combination Lock A and Combination Lock B. Each Combination Lock embeds their 4 digit code into a Value Embedded PubKey (PubKey A′ and PubKey B′) [0182] a. Combination Lock A: [0183] i. PubKey A′ = PubKey A + SHA256(‘1111’ ⊕ S) x G [0184] b. Combination Lock B: [0185] i. PubKey B′ = PubKey B + SHA256(‘2222’ ⊕ S) x G [0186] 3. Both Combination Locks create and submit to the blockchain a Bitcoin transaction (Intermediate Transaction) with an output to their respective Value Embedded PubKey [0187] a. Combination Lock A’s Intermediate Transaction: See FIG. 9 Output 1 - the input spending this output will communicate PubKey A′ to the Controller Output 2 - change back to Combination Lock A’s public key A [0188] b. Combination Lock B’s Intermediate Transaction: See FIG. 10 Output 1 - the input spending this output will communicate PubKey B′ to the Controller Output 2 - change back to Combination Lock B’s public key B [0189] 4. Both Combination Locks create an unsigned Bitcoin transaction input which spends output 1 of their respective Intermediate Transaction. They send this input to the Controller - See FIG. 11 for [0190] a. Combination Lock A’s transaction input [0191] b. Combination Lock B’s transaction input: [0192] 5. Controller uses the Bitcoin transaction inputs from the Combination Locks and creates a Bitcoin transaction representing an AND gate (AND Gate Transaction). This transaction includes an input from the Controller itself, so that it alone can modify the outputs. See FIG. 12 [0193] 6. Controller requests for Combination Lock A and Combination Lock B to sign their respective input in the AND Gate Transaction using SIGHASH_NONE. This locks in the inputs, while still allowing the outputs to be modified - See FIG. 13 [0194] 7. Controller uses its PubKey Protocol with Combination Lock A to calculate a Value Embedded PubKey for each 4 digit combination 0000, 0001, ..., 9998, 9999 until it finds one which matches PubKey A′ [0195] a. Controller finds that ‘1111′ produces the same Value Embedded PubKey as PubKey A’ [0196] 8. Controller uses its PubKey Protocol with Combination Lock B to calculate a Value Embedded PubKey for each 4 digit combination 0000, 0001, ..., 9998, 9999 until it finds one which matches PubKey B′ [0197] a. Controller finds that ‘2222′ produces the same Value Embedded PubKey as PubKey B’ [0198] 9. Controller applies the AND gate logic to the combinations: [0199] a. Combination A = ‘1111’ AND Combination B = ‘2222’ [0200] b. TRUE AND TRUE [0201] c. TRUE - send signal to V_DOOR to unlock door [0202] 10. Controller updates AND Gate Transaction’s output to send signal to V_DOOR and to give change back to itself. It then signs its input with SIGHASH_ALL to lock in all inputs and outputs, and submits to the blockchain: See FIG. 14 [0203] 11. Vault upon seeing a transaction output to V DOOR, unlocks the vault door

Use Case Example 3: Imply Logic Gate

[0204] In this example we implement the Bitcoin transaction to represent an IMPLY logic gate with two input sources. Imagine a plane with two switches, Switch A which turns on/off manual mode, and Switch B which turns on/off the landing gear extending system. If Switch A is off (auto-landing), the landing gear is always extended regardless of Switch B. Switch A is on (manual mode), the landing gear is extended based on Switch B. This is an implementation of an IMPLY gate. The whole system consists of 4 entities: Switch A, Switch B, Controller, and Landing Gear.

TABLE-US-00010 IMPLY Logic in Controller: Switch A == On IMPLY Switch B == On Input Signal from Switch A to Controller Input Signal from Switch B to Controller Controller IMPLY Logic Output Signal from Controller to Landing Gear Extending System Off Off TRUE (auto-mode, always extend) Extend Off On TRUE (auto-mode, always extend) Extend On Off FALSE (manual-mode, extend based on switch B) Retract On On TRUE (manual-mode, extend based on switch B) Extend

[0205] All logic evaluation is performed by the Controller. The Switches simply send their state.

Existing Set Up

[0206] Switch A owns private/public key pair A which has 1BTC [0207] Switch B owns private/public key pair B which has 1BTC [0208] Controller owns private/public key pair C which has 1BTC [0209] Landing Gear Extending System owns private/public key pair L_EXTEND and L_RETRACT

Steps

[0210] 1. When the system was first installed, Controller established a PubKey Protocol with Switch A and Switch B to allow secure communication of signals:a. Controller & Switch A’s PubKey Protocol parameters:

TABLE-US-00011 Parameter Details Base public key Public Key A (owned by Switch A) EC Generator G secp256k1 Shared Secret S (Private Key A) x (Private Key C) x G Controller & Switch A calculates this by using each other’s public key Range or set of values On, Off Value embedding formula PubKey A′ = PuhKey A + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

b. Controller & Switch B’s PubKey Protocol parameters:

TABLE-US-00012 Parameter Details Base public key Public Key B (owned by Switch B) EC Generator G secp256k1 Shared Secret S (Private Key B) x (Private Key C) x G Controller & Switch B calculates this by using each other’s public key Range or set of values On, Off Value embedding formula PubKey B′ = PubKey B + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0211] 2. Manual Mode is currently engaged (Switch A is on), and the Landing Gears are retracted (Switch B is off). [0212] 3. The Pilot prepares for landing and turns Switch A off (auto-landing). Each Switch embeds their state into a Value Embedded PubKey (PubKey A′ and PubKey B′) [0213] a. Switch A: [0214] i. PubKey A′ = PubKey A + SHA256(Off ⊕ S) x G [0215] b. Switch B: [0216] i. PubKey B′ = PubKey B + SHA256(Off ⊕S) x G [0217] 4. Both Switches create and submit to the blockchain a Bitcoin transaction (Intermediate Transaction) with an output to their respective Value Embedded PubKey [0218] a. Switch A’s Intermediate Transaction: See FIG. 15 Output 1 - the input spending this output will communicate PubKey A′ to the Controller Output 2 - change back to Switch A’s public key A [0219] b. Switch B’s Intermediate Transaction: see FIG. 16 Output 1 - the input spending this output will communicate PubKey B′ to the Controller Output 2 - change back to Switch B’s public key B [0220] 5. Both Switches create an unsigned Bitcoin transaction input which spends output 1 of their respective Intermediate Transaction. They send this input to the Controller: see FIG. 17 for [0221] a. Switch A’s transaction input [0222] b. Switch B’s transaction input [0223] 6. Controller uses the Bitcoin transaction inputs from the Switches and creates a Bitcoin transaction representing an IMPLY gate (IMPLY Gate Transaction). This transaction includes an input from the Controller itself, so that it alone can modify the outputs. See FIG. 18 [0224] 7. Controller requests for Switch A and Switch B to sign their respective input in the IMPLY Gate Transaction using SIGHASH_NONE. This locks in the inputs, while still allowing the outputs to be modified - See FIG. 19 [0225] 8. Controller uses its PubKey Protocol with Switch A to calculate a Value Embedded PubKey for On and Off, to find a match with PubKey A′ a. Controller finds that Off produces the same Value Embedded PubKey as PubKey A′ [0226] 9. Controller uses its PubKey Protocol with Switch A to calculate a Value Embedded PubKey for On and Off, to find a match with PubKey B′ a. Controller finds that Off produces the same Value Embedded PubKey as PubKey B′ [0227] 10. Controller applies the IMPLY gate logic: [0228] a. Switch A == On IMPLY Switch B == On [0229] b. Off == On IMPLY Off == On [0230] c. FALSE IMPLY FALSE [0231] d. TRUE - send signal to L_EXTEND to extend the landing gear [0232] 11. Controller updates IMPLY Gate Transaction’s output to send signal to L_EXTEND and to give change back to itself. It then signs its input with SIGHASH_ALL to lock in all inputs and outputs, and submits to the blockchain: See FIG. 20 [0233] 12. Landing Gear Extending System upon seeing a transaction output to L_EXTEND, turns on

Use Case Example 4: NAND Logic Gate

[0234] In this example, we implements the Bitcoin transaction to represent an NAND logic gate with two input sources. In a car each door typically has a switch that opens when the door is open, and if one or more doors are open a warning light is switched on to warn the driver. This is an implementation of a NAND gate. The whole system consists of 4 entities: Switch A, Switch B, Controller, and Light. Both Switches send a signal to the Controller when one of them changes state

TABLE-US-00013 NAND Logic in Controller: Switch A = Closed NAND Switch B = Closed Input Signal from Switch A to Controller Input Signal from Switch B to Controller Controller NAND Logic Output Signal from Controller to Light Open Open TRUE Turn On Open Closed TRUE Turn On Closed Open TRUE Turn On Closed Closed FALSE Turn Off

[0235] All logic evaluation is performed by the Controller. The Switches simply sends their open or closed state to the Controller.

Existing Set Up

[0236] Switch A owns private/public key pair A which has 1BTC [0237] Switch B owns private/public key pair B which has 1BTC [0238] Controller owns private/public key pair C which has 1BTC [0239] Light owns private/public key pair L_TURNON and L_TURNOFF

Steps

[0240] 1. When the system was first installed, Controller established a PubKey Protocol with Switch A and Switch B to allow secure communication of signals: [0241] a. Controller & Switch A’s PubKey Protocol parameters:

TABLE-US-00014 Parameter Details Base public key Public Key A (owned by Combination Lock A) EC Generator G secp256k1 Shared Secret S (Private Key A) x (Private Key C) x G Controller & Switch A calculates this by using each other’s public key Range or set of values Open, Closed (mapped to any unique pair of numbers) Value embedding formula PubKey A′ = PubKey A + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0242] b. Controller & Switch B’s PubKey Protocol parameters:

TABLE-US-00015 Parameter Details Base public key Public Key B (owned by Combination Lock B) EC Generator G secp256k1 Shared Secret S (Private Key B) x (Private Key C) x G Controller & Switch B calculates this by using each other’s public key Range or set of values Open, Closed (mapped to any unique pair of numbers) Value embedding formula PubKey B′ = PubKey B + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0243] 2. Switch A detects that its door has changed from closed opened, while Switch B detects that its door remains closed. Each Switch embeds their respective state (Open and Close) into a Value Embedded PubKey (PubKey A′ and PubKey B′) [0244] a. Switch A: [0245] i. PubKey A′ = PubKey A + SHA256(‘Open’ ⊕ S) x G [0246] b. Switch B: [0247] i. PubKey B′ = PubKey B + SHA256(‘Close’ ⊕ S)x G [0248] 3. See FIG. 21a and FIG. 21b. Both Switches create and submit to the blockchain a Bitcoin transaction (Intermediate Transaction) with an output to their respective Value Embedded PubKey [0249] a. Switch A’s Intermediate Transaction: FIG. 21a Output 1 - the input spending this output will communicate PubKey A′ to the Controller Output 2 - change back to Switch A’s public key A [0250] b. Switch B’s Intermediate Transaction: FIG. 21b Output 1 - the input spending this output will communicate PubKey B′ to the Controller Output 2 - change back to Switch B’s public key B [0251] 4. Both Switches send the Controller an unsigned Bitcoin transaction input which spends output 1 of their respective Intermediate Transaction. See FIG. 22 for [0252] a. Switch A’s transaction input: [0253] b. Switch B’s transaction input: [0254] 5. Controller uses the Bitcoin transaction inputs from the Switches and creates a Bitcoin transaction representing a NAND gate (NAND Gate Transaction). This transaction includes an input from the Controller itself, so that it alone can modify the outputs. See FIG. 23 [0255] 6. Controller requests for Switch A and Switch B to sign their respective input in the NAND Gate Transaction using SIGHASH_NONE. This locks in the inputs, while still allowing the outputs to be modified. See FIG. 24 [0256] 7. Controller uses its PubKey Protocol with Switch A to calculate a Value Embedded PubKey for each state Open and Close. [0257] a. Controller finds that ‘Open’ produces the same Value Embedded PubKey as PubKey A’ [0258] b. Controller uses its PubKey Protocol with Switch B to calculate a Value Embedded PubKey for each state Open and Close Controller finds that ‘Close’ produces the same Value Embedded PubKey as PubKey B’ [0259] 8. Controller applies the NAND gate logic to the switch states: [0260] a. Switch A = Closed NAND Switch B = Closed [0261] b. FALSE NAND TRUE [0262] c. TRUE - send signal to L_TURNON to turn on light [0263] 9. Controller updates NAND Gate Transaction’s output to send signal to L_TURNON and to give change back to itself. It then signs its input with SIGHASH_ALL to lock in all inputs and outputs, and submits to the blockchain. See FIG. 25. [0264] 10. Light upon seeing a transaction output to L_TURNON, turns on

Use Case Example 5: Nonimply Logic Gate

[0265] In the example we implement the Bitcoin transaction to represent a NONIMPLY logic gate with two input sources. Imagine a smart driveway lighting system which has Sensor A which detects the presence of a car, and Switch B which turns on/off manual only mode. If Sensor A does not detect a car, the driveway light is off. If Sensor A detects a car, it automatically turns on the driveway light if Switch B manual mode is off. This is an implementation of a NONIMPLY gate. The whole system consists of 4 entities: Sensor A, Switch B, Controller, and Driveway Light

TABLE-US-00016 NONIMPLY Logic in Controller: Sensor A == ‘Car' IMPLY Switch B == ‘Manual On’ Input Signal from Switch A to Controller Input Signal from Switch B to Controller Controller NONIMPLY Logic Output Signal from Controller to Driveway Light No Car Manual Off FALSE Turn Off Driveway Light No Car Manual On FALSE Turn Off Driveway Light Car Manual Off TRUE Turn On Driveway Light Car Manual On FALSE Turn Off Driveway Light

[0266] All logic evaluation is performed by the Controller. The Sensor and Switch simply sends their state.

Existing Setup

[0267] Sensor A owns private/public key pair A which has 1BTC [0268] Switch B owns private/public key pair B which has 1BTC [0269] Controller owns private/public key pair C which has 1BTC [0270] Driveway Light owns private/public key pair L ON and L OFF

[0271] Steps:

[0272] 1. When the system was first installed, Controller established a PubKey Protocol with Sensor A and Switch B to allow secure communication of signals: [0273] a. Controller & Sensor A’s PubKey Protocol parameters:

TABLE-US-00017 Parameter Details Base public key Public Key A (owned by Switch A) EC Generator G secp256k1 Shared Secret S (Private Key A) x (Private Key C) x G Controller & Sensor A calculates this by using each other’s public key Range or set of values Car, No Car Value embedding formula PubKey A′ = PubKey A + SHA256(value ⊕2 S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0274] b. Controller & Switch B’s PubKey Protocol parameters:

TABLE-US-00018 Parameter Details Base public key Public Key B (owned by Switch B) EC Generator G secp256k1 Shared Secret S (Private Key B) x (Private Key C) x G Controller & Switch B calculates this by using each other’s public key Range or set of values Manual On, Manual Off Value embedding formula PubKey B′ = PubKey B + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0275] 2. Sensor A currently detects no cars and Switch B has manual mode turned off. [0276] 3. Sensor A detects a car on the driveway. The Sensor and Switch embeds their state into a Value Embedded PubKey (PubKey A′ and PubKey B′) [0277] a. Sensor A: [0278] i. PubKey A′ = PubKey A + SHA256(Car ⊕ S) x G [0279] b. Switch B: [0280] i. PubKey B′ = PubKey B + SHA256(Manual Off ⊕ S) x G [0281] 4. Both Switches create and submit to the blockchain a Bitcoin transaction (Intermediate Transaction) with an output to their respective Value Embedded PubKey [0282] a. Sensor A’s Intermediate Transaction: FIG. 26 a Output 1 - the input spending this output will communicate PubKey A′ to the Controller Output 2 - change back to Switch A’s public key A [0283] b. Switch B’s Intermediate Transaction: FIG. 26b Output 1 - the input spending this output will communicate PubKey B′ to the Controller Output 2 - change back to Switch B’s public key B [0284] 5. Sensor A and Switch B create an unsigned Bitcoin transaction input which spends output 1 of their respective Intermediate Transaction. They send this input to the Controller. See FIG. 27 for [0285] a. Sensor A’s transaction input: [0286] b. switch B’s transaction input: [0287] 6. Controller uses the Bitcoin transaction inputs from the Sensor and Switch to create a Bitcoin transaction representing a NONIMPLY gate (NONIMPLY Gate Transaction). This transaction includes an input from the Controller itself, so that it alone can modify the outputs. See FIG. 28. [0288] 7. Controller requests for Sensor A and Switch B to sign their respective input in the NONIMPLY Gate Transaction using SIGHASH_NONE. This locks in the inputs, while still allowing the outputs to be modified. See FIG. 29. [0289] 8. Controller uses its PubKey Protocol with Sensor A to calculate a Value Embedded PubKey for Car and No Car, to find a match with PubKey A′ [0290] a. Controller finds that Car produces the same Value Embedded PubKey as PubKey A′ [0291] 9. Controller uses its PubKey Protocol with Switch A to calculate a Value Embedded PubKey for Manual On and Manual Off, to find a match with PubKey B′ [0292] a. Controller finds that Manual Off produces the same Value Embedded PubKey as PubKey B′ [0293] 10. Controller applies the NONIMPLY gate logic: [0294] a. Sensor A == ‘Car’ NONIMPLY Switch B == ‘Manual On’ [0295] b. ‘Car’== ‘Car’ NONIMPLY ‘Manual Off == ‘Manual On’ [0296] c. TRUE IMPLY FALSE [0297] d. TRUE - send signal to L_ON to turn on driveway light [0298] 11. Controller updates NONIMPLY Gate Transaction’s output to send signal to LON and to give change back to itself. It then signs its input with SIGHASH_ALL to lock in all inputs and outputs, and submits to the blockchain. See FIG. 30. [0299] 12. Driveway light upon seeing a transaction output to L_ON, turns on

Use Case Example 6: Not Logic Gate

[0300] In this example we implement the Bitcoin transaction to represent a NOT logic gate with one input source. Imagine that the Crown Jewels in the Tower of London are displayed to millions of visitors every year. Imagine that the Imperial State Crown sits upon a pressure sensitive switch that is normally closed. Placing the crown on the switch arms the alarm. Removing the crown from the switch activates the alarm. This is an implementation of a NOT gate. The whole system consists of a controller, a switch, and an alarm. The Switch sends a signal to the Controller when it changes state.

TABLE-US-00019 NOT Logic in Controller: NOT Switch = Closed Signal from Switch Controller NOT logic Output Signal from Controller to Alarm Closed False Activate Alarm Open True Arm Alarm

Existing Setup

[0301] Switch owns private/public key pair X which has 1BTC [0302] Controller owns private/public key pair C which has 1BTC [0303] Alarm owns private/public key pairs A_Activate and A_Arm

Steps

[0304] 1. During installation, Controller and Switch establishes a PubKey Protocol with the following parameters:

TABLE-US-00020 Parameter Details Base public key Public Key X (uses Switch’s public key) EC Generator G secp256k1 Shared Secret S (Private Key C) x (Private Key X) x G Controller and Switch calculates this by using each other’s public key Range or set of values True, False Value embedding formula PubKey X′ = PubKey X + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0305] 2. Switch is initially in closed state (crown is on the switch) [0306] 3. Switch detects a change when the crown is removed. Switch embeds signal ‘false’ into a Value Embedded PubKey (PubKey X′) [0307] a. PubKey X′ = PubKey X + SHA256(‘false’ ⊕S) x G [0308] 4. Switch creates and submits to the blockchain an Intermediate Transaction with an output to its Value Embedded PubKey. Sec FIG. 31 Output 1 - the input spending this output will communicate PubKey X′ to the Controller Output 2 - change back to Switch X’s public key A [0309] 5. Switch sends Controller an unsigned Bitcoin transaction input spending Output 1 of the Intermediate Transaction. See FIG. 32 [0310] 6. Controller creates a Bitcoin transaction representing an NOT gate (NOT Gate Transaction) including the Bitcoin transaction input received from Switch. See FIG. 33 [0311] 7. Controller requests Switch to sign its input in NOT Gate Transaction so that it is locked in [0312] a. Switch signs with SIGHASH_NONE, preventing it from being modified: FIG. 34 [0313] 8. Controller calculates Value Embedded PubKey for ‘true’ and ‘false’, and compares it with the Value Embedded PubKey (PubKey X′) from the unlocking script. It finds a match with ‘false’ [0314] 9. Controller applies the NOT gate to the value ‘false’, and determines that it should send a signal to Activate Alarm (A_ACTIVATE) [0315] 10. Controller updates NOT Gate Transaction’s output to send a signal to A_ACTIVATE and change back to its own public key C. It then signs is input with SIGHASH_ALL, and submits to the blockchain. See FIG. 35 Output 1 - Signal to Activate Alarm Output 2 - Change back to Controller’s public key C [0316] 11. Alarm upon seeing a transaction output to A_ACTIVATE, activates

Use Case Example 7: Or Logic Gate

[0317] Implements the Bitcoin transaction to represent an OR logic gate with two input sources Consider a building with an automated airflow system which uses an internal and external temperature sensor. The temperature sensors reads integer degrees Celsius from -30 to 50. If the internal temperature is above 21 or the external temperature is above 25, the airflow system expels cool air, otherwise the airflow system expels warm air. This is an implementation of an OR gate. The whole system consists of 4 entities: Temp. Sensor A, Temp. Sensor B, Controller, and Airflow System. Both sensors send a signal to the controller when either one detects a change in temperature.

TABLE-US-00021 OR Logic in Controller: Temp. A > 21 OR Temp. B > 25 Input Signal from Temp. Sensor A to Controller Input Signal from Temp. Sensor B to Controller Controller OR Logic Output Signal from Controller to Airflow System 21, 22, ..., 49, 50 26, 27, ..., 49, 50 TRUE Cool Air 21, 22, ..., 49, 50 -30, -29, ..., 24, 25 TRUE Cool Air -30, -29, ..., 19, 20 26, 27, ..., 49, 50 TRUE Cool Air -30, -29, ..., 19, 20 -30, -29, ..., 24, 25 FALSE Warm Air

[0318] All logic evaluation is performed by the Controller. The Temp. Sensors simply sends the temperature reading but does not evaluate whether it is hot or cold.

Existing Setup

[0319] Temp. Sensor A owns private/public key pair A which has 1BTC [0320] Temp. Sensor B owns private/public key pair B which has 1BTC [0321] Controller owns private/public key pair C which has 1BTC [0322] Airflow System owns private/public key pair S_COOL and S_WARM

Steps

[0323] 1. When the system was first installed, Controller established a PubKey Protocol with Temp. Sensor A and Temp. Sensor B to allow secure communication of signals: [0324] a. Controller & Temp. Sensor A’s PubKey Protocol parameters:

TABLE-US-00022 Parameter Details Base public key Public Key A (owned by Temp. Sensor A) EC Generator G secp256k1 Shared Secret S (Private Key A) x (Private Key C) x G Controller & Temp. Sensor A calculates this by using each other’s public key Range or set of values -30, -29, ..., 49, 50 Value embedding formula PubKey A′ = PubKey A + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0325] b. Controller & Temp. Sensor B’s PubKey Protocol parameters:

TABLE-US-00023 Parameter Details Base public key Public Key B (owned by Temp. Sensor B) EC Generator G secp256k1 Shared Secret S (Private Key B) x (Private Key C) x G Controller & Temp. Sensor B calculates this by using each other’s public key Range or set of values -30, -29, ..., 49, 50 Value embedding formula PubKey B′ = PubKey B + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0326] 2. Temp. Sensor A currently reads 21, and Temp. Sensor B reads 27 [0327] 3. Temp. Sensor A detects a change from 21 to 20. Each Temp. Sensor embeds their reading into a Value Embedded PubKey (PubKey A′ and PubKey B′) [0328] a. Temp. Sensor A: [0329] i. PubKey A′ = PubKey A + SHA256(20 ⊕ S) x G [0330] b. Temp. Sensor B: [0331] i. PubKey B′ = PubKey B + SHA256(27 ⊕ S) x G [0332] 4. Both Temp. Sensors create and submit to the blockchain a Bitcoin transaction (Intermediate Transaction) with an output to their respective Value Embedded PubKey [0333] a. Temp. Sensor A’s Intermediate Transaction: FIG. 36a Output 1 - the input spending this output will communicate PubKey A′ to the Controller Output 2 - change back to Temp. Sensor A’s public key A [0334] b. Temp. Sensor B’s Intermediate Transaction: FIG. 36b Output 1 - the input spending this output will communicate PubKey B′ to the Controller Output 2 - change back to Temp. Sensor B’s public key B [0335] 5. Both Temp. Sensor create an unsigned Bitcoin transaction input which spends output 1 of their respective Intermediate Transaction. They send this input to the Controller. See FIG. 37 for [0336] a. Temp. Sensor A’s transaction input [0337] b. Temp. Sensor B’s transaction input [0338] 6. Controller uses the Bitcoin transaction inputs from the Temperature Sensors and creates a Bitcoin transaction representing an OR gate (OR Gate Transaction). This transaction includes an input from the Controller itself, so that it alone can modify the outputs. See FIG. 38 [0339] 7. Controller requests for Temp. Sensor A and Temp. Sensor B to sign their respective input in the OR Gate Transaction using SIGHASH_NONE. This locks in the inputs, while still allowing the outputs to be modified. See FIG. 39 [0340] 8. Controller uses its PubKey Protocol with Temp. Sensor A to calculate a Value Embedded PubKey for each temperature -30, -29, ..., 49, 50 until it finds one which matches PubKey A′ [0341] a. Controller finds that 20 produces the same Value Embedded PubKey as PubKey A′ [0342] 9. Controller uses its PubKey Protocol with Temp. Sensor B to calculate a Value Embedded PubKey for each temperature -30, -29, ..., 49, 50 until it finds one which matches PubKey B′ [0343] a. Controller finds that 27 produces the same Value Embedded PubKey as PubKey B′ [0344] 10. Controller applies the OR gate logic to the temperature readings: [0345] a. Temp. A > 21 OR Temp. B > 25 [0346] b. 20 > 21 OR 27 > 25 [0347] c. FALSE OR TRUE [0348] d. TRUE - send signal to S_COOL to expel cool air [0349] 11. Controller updates OR Gate Transaction’s output to send signal to S_COOL and to give change back to itself. It then signs its input with SIGHASH_ALL to lock in all inputs and outputs, and submits to the blockchain. See FIG. 40 [0350] 12. Airflow system upon seeing a transaction output to S_COOL, expels cool air

Use Case Example 8: Xnor Logic Gate

[0351] In this example we implement the Bitcoin transaction to represent an XNOR logic gate with two input sources. Consider a production system which produces two items: cricket balls and cricket ball corks. Both items pass through the same quality control which has two scanners A and B. Scanner A gives a belief reading from 0, 5, 10, ..., 95, 100% of whether the ball is red. Scanner B gives a belief reading from 0, 5, 10, ..., 95, 100% of whether the ball has stitches. If a ball has both features, it is accepted as it is a normal cricket ball. If a ball has neither feature, it is also accepted as it is a cork. If a ball has only one of the features, it is rejected because it is a defect. This is an implementation of a XNOR gate.

[0352] The whole system consists of 4 entities: Scanner A, Scanner B, Controller, and Production System. Both detectors send a belief to the controller when either one detects a change. XNOR Logic in Controller: Scanner Belief A > 90% XNOR Scanner Belief B > 60% Detecting stitches is less accurate than detecting red, so a larger range of acceptable values is used for Scanner B.

TABLE-US-00024 Input Signal from Scanner A to Controller Input Signal from Scanner B to Controller Controller XNOR Logic Output Signal from Controller to Prod. System 0, 5, ...,75,90% 0, 5, ..., 55, 60% TRUE Accept 0, 5, ..., 75, 90% 65, 70, ..., 95, 100% FALSE Reject 95, 100% 0, 5, ..., 55, 60% FALSE Reject 95, 100% 65, 70, ..., 95, 100% TRUE Accept

[0353] All logic evaluation is performed by the Controller. The Scanners simply sends their belief reading but does not evaluate whether it is high enough to assume there is a fire.

Existing Setup

[0354] Scanner A owns private/public key pair A which has 1BTC [0355] Scanner B owns private/public key pair B which has 1BTC [0356] Controller owns private/public key pair C which has 1BTC [0357] Production System owns private/public key pair S_ACCEPT and S_REJECT

Steps

[0358] 1. When the system was first installed, Controller established a PubKey Protocol with Scanner A and Scanner B to allow secure communication of signals: [0359] a. Controller & Scanner A’s PubKey Protocol parameters:

TABLE-US-00025 Parameter Details Base public key Public Key A (owned by Scanner A) EC Generator G secp256k1 Shared Secret S (Private Key A) x (Private Key C) x G Controller & Scanner A calculates this by using each other’s public key Range or set of values 0, 5, ..., 95, 100% Value embedding formula PubKey A′ = PubKey A + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0360] b. Controller & Scanner B’s PubKey Protocol parameters:

TABLE-US-00026 Parameter Details Base public key Public Key B (owned by Scanner B) EC Generator G secp256k1 Shared Secret S (Private Key B) x (Private Key C) x G Controller & Scanner B calculates this by using each other’s public key Range or set of values 0, 5, 95, 100% Value embedding formula PubKey B′ = PubKey B + SHA256(value ⊕ S) x G Key Communicating Method Pay to Public Key Hash (P2PKH)

[0361] 2. A ball passes through the scanners. Scanner A reads 100% match. Scanner B reads 75% match. [0362] 3. Each Scanner embeds their reading into a Value Embedded PubKey (PubKey A′ and PubKey B′) [0363] a. Scanner A: [0364] i. PubKey A′ = PubKey A + SHA256(100% S) x G [0365] b. Scanner B: [0366] i. PubKey B′ = PubKey B + SHA256(75% S) x G [0367] 4. Both Scanners create and submit to the blockchain a Bitcoin transaction (Intermediate Transaction) with an output to their respective Value Embedded PubKey [0368] a. Scanner A’s Intermediate Transaction: See FIG. 41a Output 1 - the input spending this output will communicate PubKey A′ to the Controller Output 2 - change back to Scanner A’s public key A [0369] b. Scanner B’s Intermediate Transaction: See FIG. 41b Output 1 - the input spending this output will communicate PubKey B′ to the Controller Output 2 - change back to Scanner B’s public key B [0370] 5. Both Scanners create an unsigned Bitcoin transaction input which spends output 1 of their respective Intermediate Transaction. They send this input to the Controller. See FIG. 42 for [0371] a. Scanner A’s transaction input [0372] b. Scanner B’s transaction input [0373] 6. Controller uses the Bitcoin transaction inputs from the Scanners and creates a Bitcoin transaction representing a XNOR gate (XNOR Gate Transaction). This transaction includes an input from the Controller itself, so that it alone can modify the outputs. See FIG. 43 [0374] 7. Controller requests for Scanner A and Scanner B to sign their respective input in the XNOR Gate Transaction using SIGHASH_NONE. This locks in the inputs, while still allowing the outputs to be modified. See FIG. 44. [0375] 8. Controller uses its PubKey Protocol with Scanner A to calculate a Value Embedded PubKey for each belief 0, 5, ..., 95, 100% until it finds one which matches PubKey A′ [0376] a. Controller finds that 100% produces the same Value Embedded PubKey as PubKey A′ [0377] 9. Controller uses its PubKey Protocol with Scanner B to calculate a Value Embedded PubKey for each belief 0, 5, ..., 95, 100% until it finds one which matches PubKey B′ [0378] a. Controller finds that 75% produces the same Value Embedded PubKey as PubKey B′ [0379] 10. Controller applies the NOR gate logic to the temperature readings: [0380] a. Scanner Belief A > 90% XNOR Scanner Belief B > 60% [0381] b. 100 > 60 XNOR 75 > 60 [0382] c. TRUE OR TRUE [0383] d. TRUE - send signal to S_ACCEPT to accept the ball [0384] 11. Controller updates XNOR Gate Transaction’s output to send signal to S_ACCEPT and to give change back to itself. It then signs its input with SIGHASH_ALL to lock in all inputs and outputs, and submits to the blockchain. See FIG. 45. [0385] 12. The system upon seeing a transaction output to S_ACCEPT, allows the ball to continue to packaging

[0386] It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be capable of designing many alternative embodiments without departing from the scope of the invention as defined by the appended claims. In the claims, any reference signs placed in parentheses shall not be construed as limiting the claims. The word “comprising” and “comprises”, and the like, does not exclude the presence of elements or steps other than those listed in any claim or the specification as a whole. In the present specification, “comprises” means “includes or consists of” and “comprising” means “including or consisting of”. The singular reference of an element does not exclude the plural reference of such elements and vice-versa. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.