Ladder Script
Block Reference
QABI_SPEND
QABIO Family
TYPE 0x0A02 · QABIO FAMILY

QABI_SPEND

Batch-spend the primed UTXO. Consumes the next preimage at committed_depth + 1, verifies against auth_tip, and relies on the tx-level aggregated_sig (FALCON-512 over SIGHASH_QABO) to authorise the whole batch atomically. Every primed input in the same tx shares the same aggregated signature — one FALCON verification per tx, not per input. Output set must bit-exact match the QABIBlock’s outputs vector; no coordinator-side skim is possible.

QABIO Non-invertible
Ladder Diagram
QABI_SPEND HASH256 · auth_tip (32B, conditions) HASH256 · committed_root (32B, conditions) NUMERIC · committed_depth (conditions) NUMERIC · committed_expiry (conditions) PUBKEY_COMMIT · owner_id (32B, conditions) PREIMAGE · spend_preimage (32B, witness) tx-level: aggregated_sig (FALCON-512, 666B) qabi_block (coord_pk + batch_id + entries + outputs), verified once per tx (cached) 9 consensus checks → SATISFIED per primed input
Fields
FieldData TypeSizeSideDescription
auth_tipHASH25632 BConditionsTip of the auth chain: H^N(auth_seed). Committed at UTXO creation time. The participant’s single secret is auth_seed; every future priming and spending preimage derives from it.
committed_rootHASH25632 BConditionsPrimed batch root. Zero before priming; set to the coordinator’s batch root by a QABI_PRIME tx. The coordinator’s aggregated sig at QABI_SPEND time is checked against the qabi_block whose SHA256 equals this root.
committed_depthNUMERIC1–4 BConditionsDepth of the most recently consumed preimage. Monotonically increasing. The witness-revealed spend_preimage must hash to auth_tip after committed_depth + 1 SHA256 iterations.
committed_expiryNUMERIC1–4 BConditionsMax block height at which the spend may fire. Evaluated against block_height. Prevents stale primed UTXOs from being batch-spent against an old committed batch after the window closes.
owner_idPUBKEY_COMMIT32 BConditionsSHA256 of the owner’s FALCON public key. Must match one entry in the QABIBlock’s entries list (consensus check 7). Ties the input to its position in the batch.
spend_preimagePREIMAGE32 BWitnessThe next preimage in the auth chain, revealed at depth committed_depth + 1. Verified via SHA256^(committed_depth + 1)(spend_preimage) == auth_tip.

QABI_SPEND carries the QABI_SPEND_WITNESS implicit layout (6 fields total, 1 witness-only). The per-tx qabi_block and aggregated_sig are not part of the block’s field list — they live on the transaction object itself and are shared across all primed inputs.

Evaluation Logic
1.All 6 witness+conditions fields present with correct types and sizes. Otherwise → ERROR
2.Check block_height <= committed_expiry (expiry window). Otherwise → UNSATISFIED
3.Verify SHA256^(committed_depth + 1)(spend_preimage) == auth_tip. Otherwise → UNSATISFIED
4.Tx must carry a 666-byte aggregated_sig and a non-empty qabi_block. Otherwise → ERROR
5.Parse qabi_block; coordinator_pubkey must be exactly 897 bytes (FALCON-512). Verify SHA256(qabi_block) == committed_root. Otherwise → UNSATISFIED
6.QABO sighash: compute SIGHASH_QABO over tx intent + per-input witness stacks (excluding aggregated_sig itself). Verify FALCON-512(coord_pk, sighash, aggregated_sig). Cached per tx — one verify per tx, not per input. Otherwise → UNSATISFIED
7.This input’s owner_id must appear in qabi_block.entries[*].participant_id (O(1) hash-indexed lookup). Otherwise → UNSATISFIED
8.Full output-set match: tx.vout bit-exact equal to qabi_block.outputs (same count, same order, same values, same scriptPubKeys). Otherwise → UNSATISFIED
9.Expiry binding: qabi_block.prime_expiry_height == committed_expiry. Otherwise → UNSATISFIED
10.All 9 checks pass → SATISFIED
Return Values
ConditionResult
Field count or types incorrectERROR
committed_expiry in the pastUNSATISFIED
spend_preimage does not hash to auth_tipUNSATISFIED
qabi_block SHA256 != committed_rootUNSATISFIED
FALCON-512 verify fails (shared across all inputs)UNSATISFIED
owner_id not in qabi_block.entriesUNSATISFIED
tx.vout != qabi_block.outputs bit-exactUNSATISFIED
expiry_height mismatch between qabi_block and committed stateUNSATISFIED
All 9 checks passSATISFIED
Worked Example

Coordinator finalises a 100-party QABIO batch

100 primed UTXOs, each committed to the same committed_root = SHA256(qabi_block)
Coordinator builds a tx with 100 inputs and K outputs (the destination list from qabi_block)
Each primed input’s witness reveals its own spend_preimage at its own committed_depth + 1
Coordinator computes SIGHASH_QABO and signs once with their FALCON-512 key → 666-byte aggregated_sig attached to the tx
Consensus verifies the aggregated sig ONCE per tx via the QABO sig cache → shared across all 100 inputs
For each input: check its own preimage, expiry, owner_id → SATISFIED
Tx mined; every participant’s contribution lands at their committed destination atomically, or none of them do
Use Cases
Coordinator-driven batch payments
A payroll service, mixing pool, or L2 exit coordinator collects primed UTXOs from N participants, publishes a single qabi_block listing contributions and destinations, and finalises the whole batch with one FALCON-512 signature. One on-chain tx, N inputs, K outputs, one signature. Consensus-guaranteed atomicity.
Post-quantum multi-party batching
The aggregated signature is FALCON-512 — not Schnorr — so the coordinator authorisation is PQ-safe today, without needing MuSig or threshold schemes. A coordinator wanting Schnorr or another PQ scheme (DILITHIUM3, SPHINCS+) would require a future QABI_BLOCK_VERSION = 0x02 with scheme dispatch.
Atomic swaps at scale
Any multi-party protocol needing “all or nothing” settlement with a small trusted (or semi-trusted) coordinator role: liquidity pool exits, swap commit phases, gas-station batch settlements. The coordinator sees the full tx before signing; participants see the coordinator’s pubkey + batch root before priming.
← QABI_PRIME Block Index →