A purely peer-to-peer token protocol on bitcoin would allow for the creation of novel tokenisation use-cases. The main benefits of such a token protocol would be lost if a trusted third-party is still required to provide double-spend protection of the tokens. I propose a solution to the double-spend problem for non-native tokens which benefit from the same double-spend protections as bitcoin's native accounting units. Wallets establish direct connections to one another by participating in a peer-to-peer overlay network separate from that of the bitcoin nodes. Tokens are transmitted in an SPV manner(Simplified Payment Verification) between wallet peers. Wallets are recommended to simultaneously act as both headers-only SPV nodes within the bitcoin P2P network, and full peering nodes within a P2P overlay network. The P2P overlay network will facilitate direct wallet-to-wallet communications, and the bitcoin network will provide settlement and finality of the token transfers.
The protocol supports six token archetypes:
| Archetype | Description |
|---|---|
| NFT (Non-Fungible Token) | Unique, indivisible tokens bound to a single owner |
| Fungible Token | Divisible tokens that support minting, splitting and merging of amounts |
| Restricted NFT | NFTs with issuer-defined transfer policy flags |
| Restricted Fungible Token | Fungible tokens with issuer-defined transfer policy flags |
| Appendable Token | A loyalty/stamp card model where the issuer can append data (stamps) to a holder's token |
| State Machine Token | Dual-authority payment funnels with defined state transitions (create, enroll, confirm, convert, settle, timeout) |
Every TSL1 token transaction uses a fixed 5-output structure, regardless of token type or transfer depth:
| Output Index | Name | Purpose |
|---|---|---|
| 0 | Change | Standard P2PKH change output for the token holder |
| 1 | PP1 (Plug Point One) | The token output itself. Locked with the owner's public key hash and embeds the token ID. Validates the parent transaction via inductive proof |
| 2 | PP2 (Plug Point Two) | Witness coupling output. Coupled to PP1 to enforce simultaneous spend, linking the token transaction to its witness |
| 3 | PP3 / Partial Witness | Witness verification output. Uses partial SHA256 computation to verify the witness transaction without requiring the full transaction data |
| 4 | Metadata | OP_RETURN output carrying token metadata |
This fixed structure ensures that token transactions do not bloat as they are transferred through successive owners. Each transfer only needs to validate against its immediate parent transaction (inductive proof), not trace back to the genesis issuance.
- No external indexers - tokens are validated by miners directly during script execution
- No back-to-genesis tracing - inductive proofs validate only against the immediate parent transaction
- Native double-spend protection - token outputs are standard UTXOs subject to Bitcoin's consensus rules
- No transaction bloating - the fixed 5-output structure is maintained regardless of transfer depth
- On-chain identity anchoring - Rabin signature verification binds issuer identity to token issuance
| Library | Language | Version | Description |
|---|---|---|---|
| tstokenlib | Dart | 1.3.0 | Full-featured SDK with token lifecycle management, hand-optimized Bitcoin Scripts, Rabin identity anchoring, and comprehensive test coverage |
| tstokenlib4j | Java/JVM | 0.1.0 | Script lock/unlock builders with template-driven construction and cross-language test vectors for byte-identity with the Dart library |
The original sCrypt prototype contracts have been moved to legacy/contracts/. These were superseded by hand-optimized Bitcoin Script templates (4.5x - 6.7x smaller) maintained in the implementation libraries above.
The source code in this repository is licensed under the Apache License V2.0.
The author retains and reserves all rights in the draft PDF whitepaper titled "TSL1: A Peer-to-Peer Token Protocol for Bitcoin (draft v0.1)".
This protocol makes use of the PUSHTX technique, originally invented by Y. Chan and D. Kramer at nChain in 2017, as described in nChain's white paper "PUSHTX and its Building Blocks" (WP1605) by Wei Zhang. PUSHTX is the foundational mechanism that enables TSL1's inductive proof system by generating signatures in-script and using OP_CHECKSIG to verify transaction structure on-chain. Any patents held by nChain relating to the PUSHTX technique may apply to implementations of this protocol.
The author of TSL1 has no intention to ever patent any of the original work described in this repository. Please refer to the details of the Apache License V2.0 for appropriate licensing and use-rights.