Skip to main content
The building blocks of how tokens work on Spark.

UTXO model

Tokens on Spark work like Bitcoin. You have outputs. To spend, you consume outputs and create new ones. Math has to balance. Inputs equal outputs. 
Alice has: 100 tokens (one output)
Alice sends: 75 to Bob

Result:
  Bob gets: 75 tokens (new output)
  Alice gets: 25 tokens (change output)
  Original output: consumed
This is different from account-based systems (like Ethereum) where you have a balance that gets debited. Here, you have discrete chunks of tokens that get spent and created.

TTXOs

A TTXO (Token Transaction Output) is a single token holding. It contains:
  • Owner: Who can spend it
  • Token: Which token (identified by a 32-byte identifier)
  • Amount: How many
  • Revocation commitment: For double-spend protection
  • Withdrawal parameters: For L1 exit
Each TTXO maps to a pre-signed Bitcoin transaction. If operators disappear, you broadcast that transaction and claim your tokens on L1. That’s the self-custody guarantee.

Operators and threshold

Spark Operators validate and co-sign transactions. A threshold of operators must agree for any transaction to go through.
OperatorsThreshold
22
32
53
Formula: (n + 2) / 2 rounded down. This is majority, not 1-of-n. What operators can do:
  • Delay transactions by refusing to sign
  • See transaction metadata
  • Run watchtowers
What operators cannot do:
  • Move your tokens without your signature
  • Steal your tokens (even if all collude)
  • Block your exit to L1

Revocation

The key innovation. How do you prevent double-spending in an off-chain system? When you receive tokens, each output has a revocation commitment. This is a public key where the private key is split among operators via DKG. Nobody knows the full key. When you spend those tokens, operators release their key shares. Now you can reconstruct the full revocation key for those outputs. If you try to cheat by broadcasting old (spent) outputs to L1:
  • Watchtowers detect it
  • They have the revocation key
  • They sweep your funds
  • You lose everything
Cheating costs more than you could gain. That’s the security model.

DKG

Distributed Key Generation. How operators create shared secrets without any single party knowing the full secret. Operators pre-generate batches of keys where:
  • Each operator holds a share
  • No single operator has the full private key
  • Threshold cooperation is needed to reconstruct
These become revocation commitments for new outputs.

Watchtowers

Services that monitor Bitcoin L1 for attempted double-spends. Each operator runs one. If someone broadcasts a revoked output:
  1. Watchtower detects it
  2. Uses stored revocation key to sweep
  3. Cheater loses everything
Only one honest watchtower is needed. They’re incentivized to catch cheaters. They get the bond.

Relationship to Bitcoin

Tokens on Spark aren’t wrapped or bridged. They’re native Bitcoin constructs. Exit transactions are valid Bitcoin transactions. Security comes from Bitcoin’s proof-of-work. Operators can disappear and you still exit to L1. No bridge. No custodian. That’s the point.