Move bitcoin UTXOs off-chain with Statechains

Statechains author @SomsenRuben gives several different depths of explanations for how statechains work including a short FAQ. Statechain aim to allow users to move bitcoin UTXOs entirely off-chain. Enables instant off-chain creation of Lightning channels, with the ability to easily add or remove funds, and more.

Presentation at Scaling Bitcoin 2018



Statechains let you spend bitcoins without using the bitcoin blockchain (“off-chain”). Spending the bitcoins requires the help of a third party. If they don’t help, you can also do it without their help on the bitcoin blockchain. A little bit of trust is required.


You lock up bitcoins on-chain with a third party – the Statechain entity. In order to transfer the bitcoins, you sign a message telling the entity that you want to move the coins to a new owner. You simultaneously pass on your transitory key to that new owner, meaning both of you have equal control over the coins. The entity ensures that only the wishes of the last owner get fulfilled. If they misbehave, it is easily detectable.


Bob (B) locks up coins with Statechain entity A, but instead of using his key B, he creates and uses a transitory key X (this private key will be exposed to future owners). An off-chain timelock transaction will be created back to B, ensuring the coins return to Bob in case of a dispute. If Bob wants to send his coins to Carol, he does three things:

  • He signs a message stating he wants to transfer the coins to Carol (signed by B and C)
  • Together with the entity, he signs a bitcoin timelock transaction for Carol (signed by A and X)
  • These signatures are swapped atomically using Adaptor Signatures (preventing problems with aborting the protocol)

We use Eltoo to ensure the new timelock transaction takes precedence over the old one(s). Multiple UTXOs can be swapped simultaneously as well. For more details, check out the presentation and paper.


Q1: If I have 1 BTC locked up on a Statechain, can I send less than that amount?

A1: You can think of Statechains as the equivalent of real-life coins. In order to send less, you will first have to trade your 1 BTC for smaller amounts. E.g. You can swap your 1 BTC coin for two 0.5 BTC coins. You can do this trade with anyone who is online and willing. Alternatively, you can create a Lightning channel on top of a Statechain.

Q2: How does Lightning function on top of Statechains?

A2: It ends up working quite elegantly. If Bob wants to send coins to Carol, he can create a channel instead. From the perspective of the Statechain, this means both Bob and Carol must agree before the coins can move, and they can proceed to build their Lightning channel on top of it. Because channel creation happens off-chain, you gain some tremendous benefits. It becomes very easy to recreate the channel, and add or remove funds.

Q3: Aren’t Statechains less secure than Lightning?

A3: Yes, you’re making a trade-off. The Statechain entity should be a federation of multiple entities, similar to Liquid. This means a majority needs to become dishonest before you can lose money. They also require the cooperation of a prior owner (someone that knows the transitory key) before they can steal anything. Theoretically we can add an extra layer of security by using Hardware Security Modules (HSM) to transfer the transitory key, but this technology is not mature enough.

Q4: Why not just use federated sidechains instead?

A4: The transitory key adds additional security. If the federation goes rogue, they will only be able to obtain a small subset of all transitory keys. As soon as they steal any coins, people without compromised transitory keys can safely withdraw on-chain. This is because you can always redeem your coins on the bitcoin blockchain without specifically asking the federation for permission. From a legal perspective, the entity cannot be seen as a money transmitter, because they lack direct access to the transitory keys (similar to greenaddress), so the barrier to operating a Statechain is much lower.

Q5: How does this compare to Lightning channel factories?

A5: Lightning channel factories require less security trade-offs, but you can only change channels with the people inside your factory, and it requires all of them to be online. Anthony Towns and Olaoluwa Osuntokun ( u/roasbeef ) pointed out that factories can be useful on top of Statechains, because it lowers the required number of on-chain UTXOs per user, and you can add/remove users from the factory off-chain.

Q6: What are my options if I want to exit a Statechain?

A6: Everyone has a valid on-chain transaction that they can use at any time to redeem their bitcoins, but it is more efficient to close the channel cooperatively. Assuming graftroot gets adopted, this would be the ideal way to exit the system, because it allows the owner to decide what the redemption transaction will look like, and it even gives them the ability to withdraw coins from different bitcoin hard forks (if any occurred during the time the coins were in the Statechain). This solves the problem of uncertainty over which coins will be honored in case of a hard fork (ETF, exchanges, etc).

If you have any questions you can ask post them on /r/BitcoinDiscussion.

Follow @SomsenRuben on Twitter | Bitcoin Address: 1LLzLKumxd1u95CBYV2nmeWqegbkjMY1mv

Support us and the authors of this article by donating to the following address:


Comments powered by Talkyard.