Propose new BIP for Programmable Bitcoin Token Standard (PBTS) #1787

pull GobiShanthan wants to merge 2 commits into bitcoin:master from GobiShanthan:pbts-bip changing 1 files +305 −0
  1. GobiShanthan commented at 10:49 pm on March 8, 2025: none

    This pull request introduces a new Bitcoin Improvement Proposal (BIP):

    Programmable Bitcoin Token Standard (PBTS)

    PBTS provides a Layer 1 token standard leveraging Bitcoin Script and Taproot to enable the creation, transfer, and verification of native programmable tokens directly on Bitcoin. It introduces structured programmability without requiring changes to Bitcoin’s consensus rules.

    Key Highlights:

    • Layer 1 Implementation: Tokens are fully validated and transferred on Bitcoin’s base layer without external dependencies.
    • Taproot Optimized: Minimal impact on scalability, with optimized transaction size and fees.
    • Structured Programmability: Enables predefined execution paths, such as vesting contracts, milestone-based escrows, and oracle integration.

    Full details are available in the proposed BIP markdown file:

    Feedback, suggestions, and discussion are welcome.

  2. Propose new BIP for Programmable Bitcoin Token Standard (PBTS) 6ef2edd30a
  3. removed implementation link until further notice 6eb2eb7615
  4. in bip-pbst.md:6 in 6eb2eb7615 
    0@@ -0,0 +1,305 @@
1+# BIP-XXXX: Programmable Bitcoin Token Standard (PBTS)
2+
3+```
4+BIP: XXXX
5+Layer: Applications
6+Title: Programmable Bitcoin Token Standard (PBTS)
    murchandamus commented at 3:33 pm on March 12, 2025:
    This title clashes with “PSBTs” and will lead to confusion should this BIP get adopted. Would you be open to considering a different name?
    jonatack commented at 4:05 pm on March 12, 2025:
    Agree, it is too similar in naming to PSBTs.
    GobiShanthan commented at 9:37 pm on March 12, 2025:
    Thank you for your feedback! We recognize the potential confusion with PSBT (Partially Signed Bitcoin Transactions). To avoid this, we have renamed PBTS to TSB (Token Standard on Bitcoin). This ensures clarity and better represents the proposal’s goal: establishing a unified standard for Bitcoin-native tokens.
    murchandamus commented at 3:01 am on March 18, 2025:
    Could you please update the title of this PR, the title of the BIP, and the content of the document to reflect the new name?
  5. in bip-pbst.md:33 in 6eb2eb7615 
    28+
29+## Motivation
30+
31+Bitcoin adheres to the principles of **minimalism and security**, which have made it the most robust and decentralized blockchain. PBTS aligns with this philosophy by introducing **programmability without complexity**, ensuring that Bitcoin's core remains unchanged while extending its utility in a predictable and efficient way.
32+
33+Bitcoin currently lacks a **native** token standard that enables **flexible** and **fully Layer 1** token issuance with programmable conditions. Existing solutions such as **Ordinals, RGB, and Runes** either rely on **external tracking mechanisms** or **Layer 2 solutions** that introduce centralization risks. PBTS provides a **UTXO-based**, predefined, and non-intrusive method for issuing tokens that remain completely **verifiable on Bitcoin's base layer** with advanced programmable features like time-locked vesting and milestone-based escrow.
    murchandamus commented at 3:50 pm on March 12, 2025:

    In the Motivation, could you please expand on the issue this proposal addresses and how this proposal improves Bitcoin? It’s not obvious to me how a token standard improves Bitcoin.

    It is an open question whether colored coin protocols and other token schemes are on-topic for this repository.

    GobiShanthan commented at 10:08 pm on March 12, 2025:
    We initially submitted TBS as a standard BIP, but it should have been an informational BIP—apologies for the mistake. Regarding comparisons, I understand skepticism about another token standard; TBS isn’t meant to replace others but to provide a more Bitcoin-native approach that aligns with its security and validation model. While it’s an open question whether token protocols belong in this repository, token activity is already happening on Bitcoin (e.g., Ordinals), often inefficiently. TBS aims to improve Bitcoin by offering a structured, UTXO-based standard that optimizes Taproot, reducing blockchain bloat and improving transaction efficiency compared to ad-hoc tokenization methods.
    murchandamus commented at 3:06 am on March 18, 2025:
    There seems to be a misunderstanding here. I am not complaining about the type of the BIP, I’m pointing out that many members of this community are of the opinion that this repository should only collect proposals that further the Bitcoin currency. Colored coin protocols and token standards are inherently about other assets.
  6. in bip-pbst.md:97 in 6eb2eb7615 
    92+1. **Token Issuance Format**:
93+   * The output script is a Taproot output that contains:
94+     * Token ID: A 32-byte identifier (Hash of Issuer's Public Key + Script Hash)
95+     * Total Supply: Fixed integer representing the maximum possible supply
96+     * Decimals: Integer representing the decimal places (typically 8 to match satoshis)
97+     * Metadata Commitment: Optional hash of off-chain metadata (name, symbol, description)
    murchandamus commented at 4:00 pm on March 12, 2025:
    You claim that no consensus change is necessary, but it is not clear to me how the special meaning of this new output type is supposed to be enforced without new consensus rules. Could you perhaps clarify this point?
    GobiShanthan commented at 9:41 pm on March 12, 2025:

    TBS doesn’t require consensus changes because it doesn’t introduce any “special meaning” at the consensus level. Instead, it uses existing Bitcoin Script capabilities to create self-enforcing token rules. Here’s specifically how it works: The token properties (like ID and supply) are committed to in standard Taproot outputs through Bitcoin Script patterns. For example: <token_metadata_hash> OP_DROP <issuer_pubkey> OP_CHECKSIG

    Where token_metadata_hash is a hash of the token’s properties including ID and supply. When transferring tokens, spending conditions enforce token rules through standard script validation:

    To spend a token output, the transaction must provide valid signatures and satisfy all script conditions New outputs must preserve the token’s properties through identical script commitments The sum of token amounts in the outputs must match the inputs (preventing inflation)

    Crucially, this doesn’t require Bitcoin nodes to understand the concept of “tokens” - they simply enforce normal script execution rules. The token semantics are interpreted by compatible wallet software, but the validation happens through standard Bitcoin transaction verification. It’s similar to how multisig wallets work - Bitcoin consensus rules don’t understand the higher-level concept of “shared custody,” but they enforce the script conditions that implement it.

    murchandamus commented at 3:38 am on March 18, 2025:

    The token properties (like ID and supply) are committed to in standard Taproot outputs through Bitcoin Script patterns. For example: <token_metadata_hash> OP_DROP <issuer_pubkey> OP_CHECKSIG

    The leaf script <hash> OP_DROP <pubkey> OP_CHECKSIG can be satisfied by providing merely a signature corresponding to the pubkey and the transaction in the witness:

    <sig> <hash> OP_DROP <pubkey> OP_CHECKSIG

    is processed as follows. The signature is pushed on the stack, the hash is pushed on the stack, the hash is dropped, the pubkey is pushed on the stack, then OP_CHECKSIG checks whether the signature is a valid signature of the transaction by the private key corresponding to the pubkey. Please elaborate how this script commits to the token properties and how that can be used to enforce and validate the tokens.

    Where token_metadata_hash is a hash of the token’s properties including ID and supply.

    As described, the token_metadata_hash is just dropped, so as far as I can tell, any data can be provided here to the same effect.

    When transferring tokens, spending conditions enforce token rules through standard script validation:

    To spend a token output, the transaction must provide valid signatures and satisfy all script conditions

    The only relevant condition that I see here appears to require a signature from a specific key.

    New outputs must preserve the token’s properties through identical script commitments

    How is it enforced that subsequent outputs preserve the token properties? I do not see any mechanism that encumbers the subsequent outputs, nor does the above described output script require any such thing. What transaction introspection mechanism are you using to read the “token_metadata_hash” from the prior output? How is it ensured that the new outputs contain the identical script commitments. Are you proposing new consensus rules that enforce this? If so, what are these new consensus rules? It seems to me that if you can pull this off without new consensus rules, the proponents fighting for several years to introduce some covenant proposals would be excited to learn in detail how you manage to do that.

    The sum of token amounts in the outputs must match the inputs (preventing inflation)

    How is the token amount preserved? We threw away the token_metadata_hash in the output script, and we don’t have any mechanism to enforce any properties for the new outputs.

    Crucially, this doesn’t require Bitcoin nodes to understand the concept of “tokens” - they simply enforce normal script execution rules.

    The described scripts indeed do not require Bitcoin nodes to understand anything about tokens, because they in fact simple ignore all information about the tokens and only enforce the normal script execution rules, which do not whatsoever seem to ensure the persistence of tokens.

    The token semantics are interpreted by compatible wallet software, but the validation happens through standard Bitcoin transaction verification.

    If the token semantics are only interpreted by compatible wallet software, we are talking about a client-side validation scheme.

    It’s similar to how multisig wallets work - Bitcoin consensus rules don’t understand the higher-level concept of “shared custody,” but they enforce the script conditions that implement it.

    No? OP_CHECKMULTISIG and OP_CHECKSIGADD are part of the Script language and explicitly count the number of signatures.

  7. in bip-pbst.md:169 in 6eb2eb7615 
    164+PBTS token transfers involve creating transactions that spend from token-containing UTXOs and create new UTXOs with the appropriate scripts to maintain token properties and conditions.
165+
166+1. **Standard Transfer**:
167+   * Spends from a token UTXO
168+   * Creates new outputs with token metadata preserved
169+   * May split tokens across multiple outputs (for partial transfers)
    murchandamus commented at 4:02 pm on March 12, 2025:
    I seem to be missing something. How are these transactions fashioned to enforce adherence to the token supply limit?
    GobiShanthan commented at 9:42 pm on March 12, 2025:

    Thank you for your question on token supply enforcement. This is indeed a critical aspect of the proposal. The token supply limit is enforced through a combination of transaction structure and script verification without requiring consensus changes:

    Genesis Commitment: When tokens are initially created, a specific UTXO contains the total supply commitment: Copy<token_id> <total_supply> <metadata_hash> OP_CAT OP_CAT OP_SHA256 <genesis_commitment_hash> OP_EQUALVERIFY <issuer_pubkey> OP_CHECKSIG

    Conservation in Transfers: For any transfer, the transaction must:

    Spend from one or more UTXOs containing token commitments Create new outputs with identical token ID and metadata commitments Ensure numerical conservation of the token amount

    Example Transfer Mechanism: Copy// Input UTXO with token_amount_in (e.g., 100 tokens)

    // Outputs Output1: <token_id> <metadata_hash> OP_CAT OP_CAT OP_SHA256 <token_commitment> OP_EQUALVERIFY <recipient1_pubkey> OP_CHECKSIG Output2: <token_id> <metadata_hash> OP_CAT OP_CAT OP_SHA256 <token_commitment> OP_EQUALVERIFY <recipient2_pubkey> OP_CHECKSIG The transaction is only valid if amount1 + amount2 = token_amount_in

    The key insight is that Bitcoin’s existing UTXO model inherently enforces conservation:

    You can only spend what exists You can’t double-spend the same UTXO Script verification ensures the token metadata remains consistent

    By encoding token amounts directly in the output scripts and requiring validation of these values during transfers, the supply limit is enforced through regular Bitcoin transaction validation rules. No new outputs containing valid token commitments can be created without spending existing ones, and the amount validation in the scripts ensures no inflation occurs during transfers.

    murchandamus commented at 3:59 am on March 18, 2025:

    Thank you for your question on token supply enforcement. This is indeed a critical aspect of the proposal. The token supply limit is enforced through a combination of transaction structure and script verification without requiring consensus changes:

    Genesis Commitment: When tokens are initially created, a specific UTXO contains the total supply commitment: Copy<token_id> <total_supply> <metadata_hash> OP_CAT OP_CAT OP_SHA256 <genesis_commitment_hash> OP_EQUALVERIFY <issuer_pubkey> OP_CHECKSIG

    While there is a proposal to reinstate OP_CAT in Tapscript, it is currently not part of Bitcoin’s Script language or Tapscript language, so I’m afraid, that this does not match your prior claim that your proposal doesn’t require consensus change.

    Further, none of the inputs to the OP_EQUALVERIFY in the following depend on the content of the transaction.

    <token_id> <total_supply> <metadata_hash> OP_CAT OP_CAT OP_SHA256 <genesis_commitment_hash> OP_EQUALVERIFY <issuer_pubkey> OP_CHECKSIG

    So, this is trivially true, regardless of where you direct the funds from the UTXO.

    Conservation in Transfers: For any transfer, the transaction must:

    Spend from one or more UTXOs containing token commitments Create new outputs with identical token ID and metadata commitments Ensure numerical conservation of the token amount

    You seem to be describing the intended behavior, but the point of a Specification is to provide precise and comprehensive instructions how this behavior is achieved.

    Example Transfer Mechanism: Copy// Input UTXO with token_amount_in (e.g., 100 tokens)

    // Outputs Output1: <token_id> <metadata_hash> OP_CAT OP_CAT OP_SHA256 <token_commitment> OP_EQUALVERIFY <recipient1_pubkey> OP_CHECKSIG Output2: <token_id> <metadata_hash> OP_CAT OP_CAT OP_SHA256 <token_commitment> OP_EQUALVERIFY <recipient2_pubkey> OP_CHECKSIG The transaction is only valid if amount1 + amount2 = token_amount_in

    How do you enforce that a transaction is only valid when the two output amounts match the “token_amount_in”. Where was “token_amount_in” provided? Where are these values compared? How does validation fail when they don’t add up?

    The key insight is that Bitcoin’s existing UTXO model inherently enforces conservation:

    You can only spend what exists You can’t double-spend the same UTXO Script verification ensures the token metadata remains consistent

    I have yet to see a hint of a mechanism that enforces metadata consistency.

    By encoding token amounts directly in the output scripts and requiring validation of these values during transfers, the supply limit is enforced through regular Bitcoin transaction validation rules. No new outputs containing valid token commitments can be created without spending existing ones, and the amount validation in the scripts ensures no inflation occurs during transfers.

    Sounds great in theory, however, I seem to be unable to find a description of the mechanism that enforces token commitments, or amount consistency.

  8. murchandamus commented at 2:35 pm on March 14, 2025: contributor

    As I read it, this proposal is either a client-side validation scheme or requires a consensus change (or both), while claiming to be neither. The latter contradiction makes the comparison with existing schemes seem skewed. Especially, it is not at all obvious why this n-th standard for tokens is supposed to obsolete all others.

    This proposal should be improved to clarify what it is trying to achieve and how it is achieving that. There seems to be an underlying misunderstanding either about how consensus works or what mechanisms are necessary to achieve enforcement and validation as described in this document.

    I would appreciate it if future responses to questions were more to the point. The prior responses mostly repeat claims from the proposal, but barely address the main gist of my questions. Just because other networks have allowed themselves to be fully cannibalized by tokenization and the ensuing speculation and gambling, it is by no means obvious to me how tokens improve Bitcoin.

  9. GobiShanthan commented at 6:04 am on March 17, 2025: none

    Thank you for your thoughtful feedback. I appreciate your concerns and will address them directly:

    Regarding enforcement without consensus changes: TBS uses standard Bitcoin Script to enforce token rules. Token supply is maintained through transaction structure - when tokens are transferred, the transaction must spend existing token UTXOs and create outputs with identical token commitments where input and output amounts match exactly. This conservation is enforced through Bitcoin’s existing UTXO model and script validation.

    On the apparent contradiction: You’re right that TBS requires compatible wallet software to create valid token transactions (similar to multisig). However, unlike pure client-side validation, the token rules are enforced directly through Bitcoin’s consensus mechanisms when validating scripts - any node can verify token transactions without external systems. On comparison with other standards:

    I don’t claim TBS would necessarily obsolete all others - different approaches have different tradeoffs. The goal is to offer a standard that minimizes blockchain bloat and aligns with Bitcoin’s security model. On improving Bitcoin:

    I understand your concern about tokenization’s effects on other networks. My observation is simply that token activity is already happening on Bitcoin, and a well-designed standard might help reduce negative externalities like excessive data storage. I’ve edited my previous replies to be more direct and on-point. I apologize for my lengthy earlier responses. I’m fairly new to this process and would genuinely appreciate your guidance on how to improve this proposal.

    If you have any further questions, I would be happy to answer them.

  10. in bip-pbst.md:70 in 6eb2eb7615 
    65+   * Multi-signature requirements
66+   * Prepared for oracle integration
67+
68+## Comparison with Existing Bitcoin Token Standards
69+
70+| Feature                    | Ordinals                 | Runes           | PBTS                         |
    murchandamus commented at 2:57 am on March 18, 2025:
    It seems to me that you might mean “BRC20” tokens here, when you refer to “Ordinals”. The term Ordinals refers to a concept of assigning serial numbers to each satoshi in the order they were minted and tracking these satoshis per some defined rules through the history of the Bitcoin transaction graph.
  11. in bip-pbst.md:21 in 6eb2eb7615 
    16+Requires: 340, 341, 342
17+```
18+
19+## Abstract
20+
21+The **Programmable Bitcoin Token Standard (PBTS)** introduces a method to create, transfer, and validate native Bitcoin-based tokens using **Bitcoin Script** and **Taproot**. PBTS enhances Bitcoin's Layer 1 functionality by enabling **tokenized assets** with programmable conditions without compromising security, decentralization, or predictability. Unlike Ethereum or Solana, PBTS **does not introduce Turing-complete smart contracts** but leverages **structured pre-commitments** and **Taproot optimizations** to enable secure, efficient programmable tokens.
    murchandamus commented at 3:02 am on March 18, 2025:
    E.g., here and in many other places it still says “PBTS”
  12. in bip-pbst.md:82 in 6eb2eb7615 
    77+| Consensus Changes Required?| ❌ No                    | ❌ No           | ❌ No                        |
78+| Transaction Cost           | ❌ Expensive             | ⚠️ Medium       | ✅ Efficient                 |
79+| Programmable Conditions    | ❌ No                    | ⚠️ Limited      | ✅ Yes                       |
80+| Fully On-Chain Validation  | ❌ No                    | ❌ No           | ✅ Yes                       |
81+
82+## Specification
    murchandamus commented at 3:10 am on March 18, 2025:
    The Specification section should provide a formal description of the new feature that is precise and comprehensive enough to allow implementation of the feature.
  13. in bip-pbst.md:121 in 6eb2eb7615 
    116+    <locktime> OP_CHECKLOCKTIMEVERIFY OP_DROP
117+    <receiver_pubkey> OP_CHECKSIG
118+ELSE
119+    <issuer_pubkey> OP_CHECKSIG
120+ENDIF
121+```
    murchandamus commented at 3:43 am on March 18, 2025:
    This script appears to allow the issuer to always spend the UTXO and the recipient to also spend the UTXO after some time. The script does not seem to exhibit any characteristics that enforce any special behavior regarding tokens.
  14. in bip-pbst.md:141 in 6eb2eb7615 
    136+    <m2> <pubkey1> <pubkey2> <pubkeyN> <n> OP_CHECKMULTISIG
137+ELSEIF
138+    # Expiry condition (return to sender)
139+    <expiry_time> OP_CHECKLOCKTIMEVERIFY OP_DROP
140+    <sender_pubkey> OP_CHECKSIG
141+ENDIF
    murchandamus commented at 3:44 am on March 18, 2025:
    This may be describing a decaying multisig, but again doesn’t appear to introduce any handling of tokens.
  15. in bip-pbst.md:15 in 6eb2eb7615 
    10+Status: Draft
11+Type: Standards Track
12+Created: 2025-02-11
13+License: BSD-2-Clause
14+Discussions-To: bitcoin-dev@lists.linuxfoundation.org
15+Post-History: 2025-02-11
    murchandamus commented at 4:11 am on March 18, 2025:
    I don’t seem to have any emails received via the Bitcoin Developer Mailing List that pertain to this proposal.
  16. murchandamus commented at 4:38 am on March 18, 2025: contributor
    This feature is at least heavily underspecified, if not outright technically unsound. This pull request seems premature to me: at the least it would require a more technically compelling description of the feature and a comprehensive Specification. If work is to continue on this effort, I would suggest exploring a proof of concept in regard to analyzing the enforcement properties of the described mechanism.
  17. murchandamus marked this as a draft on Mar 18, 2025
  18. murchandamus added the label PR Author action required on Mar 18, 2025


GobiShanthan murchandamus jonatack

Labels
PR Author action required

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-03-29 07:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me