SSLP - Super simple ledger protocol


As a BCH stakeholder:

  1. with a slight aversion to OP_RETURN because I value privacy and the effectiveness of the blockchain longterm
  2. but who’s excited by tokenization because I value innovation and choice

I propose using elliptic curve keys to encode token supply without using an op_return.

Honestly, I’m just sharing the idea for folks to think about, God willing, because I find it inspiring and hope it generates some new ideas.

Underlying concept

A secret number + any number = still a secret number.
A public number + any number = still a public number.

In ECCurve cryptography, as far as I know, those two numbers are linked. So I can encode any number by adding it to your public key and only you can unlock it with your private key + that same number. In this proposal, the number would represent token supply.

Semi technical explanation of underlying idea

For super simple SLP tokens without OP_RETURN, we can use elliptic curves without any scripting changes. The idea is that coins can be locked into addresses offset by the token supply (some integer) * G. The offset address will still be owned by the same owner as the non-offset address, except we can then deduce the supply (A + xG = A’, A` - A = xG, x being the supply)

A simple method of including both addresses is to lock outputs using multisig and since they’re cryptographically owned by the same person, 1-of-2 should work, iA.

A demonstration of a possible minting transaction using this technique may be the clearest way to demonstrate, since the minter is generally depositing directly to themselves. They can simply send a dust transaction to themselves with their own key offset by the supply.

Example minting: A + xG = A’

  1. A is Alice’s public key of the UTXO used for dust transaction
  2. A’ is Alice’s new public key which she’ll lock the dust to.
  3. x is the token supply

The resulting txid + x is all that’s needed for a token identifier for publicizing or keeping semi-secret, God willing.

More complex transactions can be modelled where the supply can still be validated to be consistent. An example of this could be multiple outputs where each output is a multisig of the non-offset address and offset address.


Although I used the terms addresses above for simplicity, this paradigm would require public keys. For simplicity, xpubs similar to BIP47 may be a strategy for ease of use.


This isn’t anything too complex for wallets to handle and possibly even protected from accidental burns, God willing. May even work for other coins. What do you think?

Ah dang it, this isn’t effective, sorry for the noise. I was trying to test this out and it’s a no-go due to some fundamental cryptography… A good lesson for hammering fundamentals. Anything * G is not recoverable.

Unless there’s some other way to add an arbitrary number to a keypair and be able to derive that same number using a pair of offset and non-offset public key… then I apologize because I want to give effective and actionable suggestions, God willing, and this does not meet that bar just yet!

EDIT: So yeah, :pensive:, multiplying by G is necessary to get a new derived key pair from the scalar, adding the scalar on its own to offset doesn’t have those same properties.