What is a Bitcoin unspent transaction output (UTXO)?
The beginner’s guide to Bitcoin UTXO
Unspent transaction output (UTXO) is the technique the Bitcoin protocol uses to track balances as they move between crypto wallets.
When it comes to tracking and managing individual crypto balances, blockchain-based protocols typically use one of two different accounting models.
One is called the Account/Balance model. Projects like Ethereum, Tezos and EOS use this model to track balances as blockchain users execute transactions. The other is called the Unspent Transaction Output (UTXO) model.
But what exactly is it, how does it work and what are the advantages of UTXO compared to the Account/Balance model?
Understanding the UTXO model
Adam Back and the late Hal Finney were two members of the Cypherpunk cryptography group that bitcoin white paper author Satoshi Nakamoto frequented. The two are credited with developing the UTXO model independently between 1997 and 2004 respectively.
When Bitcoin’s creator Satoshi Nakamoto launched the protocol in 2009, it became the first operational digital currency system to implement the UTXO model.
Both Hal Finney and Adam Back have long been suspected of being Satoshi Nakamoto, though it’s never been proven for certain.
UTXO at a glance
When you send bitcoin to someone, several steps programmatically take place. One of the earliest steps in the transaction process is for your cryptocurrency wallet to scan the blockchain for the amount of funds you have. These funds are known as unspent transaction outputs (UTXOs).
You can think of UTXOs as loose change leftover from previous bitcoin transactions.
The funds are considered “unspent” because they are freely available for you to send to someone or move to another wallet. They are called “transaction outputs” because they were created from previous transactions.
If you spend $12 on lunch using a $20 bill, you’d have a $8 bill leftover. In this example, the leftover $8 would be an unspent transaction output. It would go back in your wallet ready to be used to buy something else.
This is exactly how bitcoin UTXOs work. When you make a transaction, outputs from previous bitcoin transactions, i.e. your loose bitcoin change, are used as inputs for new transactions.
Another key comparison between physical cash transactions and UTXOs is that both have to be spent in full and cannot be subdivided. If you have a 5 bitcoin UTXO and want to send someone 1 BTC, you would have to send the entire UTXO worth 5 bitcoin and receive a new UTXO in return worth 4 BTC minus any fees.
Just like in the example above where you hand over a whole $20 bill to pay for a $10 lunch.
When a UTXO is spent, it is considered “consumed” and is technically removed from circulation.
Any change leftover is generated as an entirely new UTXO. This part of the UTXO system is how Bitcoin solves the double-spend problem.
Just as you can’t physically give a shopkeeper a $5 bill and then give the same $5 bill to someone else, a bitcoin user cannot successfully use the same unspent transaction output in two separate digital transactions.
When a person attempts to spend the same UTXO twice, the two transactions end up in a mempool — a sort of waiting room for pending transactions. They remain in here until successful miners that win the proof-of-work competition bundle them into new blocks.
You can learn more about this process in our Kraken Learn Center article What is bitcoin mining?
Even if both transactions are bundled into two separate blocks and processed simultaneously, because of timestamping, one of the transactions would be verified ahead of the other. After a number of confirmations had passed (new blocks added to the blockchain) other nodes would flag the second invalid transaction and reject it.
The only time a bitcoin transaction has no inputs is when newly minted BTC is created from mining.
Known as a coinbase transaction, this represents the first transaction in each new block.
Every satoshi (the sub-units of bitcoin) in circulation can be traced back using the transparent blockchain ledger to their respective coinbase transaction.
Why does Bitcoin use the UTXO model?
To identify a user’s balance, also known as a UTXO set, crypto wallet software scans the blockchain to find all UTXOs associated with the corresponding public wallet address.
The total sum of all UTXOs gives an accurate account of how much crypto a wallet owner controls.
When a UTXO is spent, the recipient’s public wallet address is assigned to the amount and a new UTXO is recorded on the blockchain once executed.
Bitcoin UTXOs are recorded in various transactions which are stored in blocks on the Bitcoin blockchain. However, this information is not clearly indexed, so it can be difficult to search for and collate metadata quickly.
When using wallet software such as the Bitcoin Core client, UTXO metadata is stored and indexed using a LevelDB database. LevelDB is an open-source storage system created by Google in 2011 and makes locating UTXOs much faster.
The Bitcoin Core client is a popular software used to connect to the Bitcoin blockchain network. Originally created by Satoshi Nakamoto, Bitcoin Core is now maintained by a community of voluntary developers.
UTXOs under the hood
At a more technical level, there are four main parts to a transaction:
- Version: This informs network nodes what version of client software is being used. Different versions follow different rules for verifying transaction data.
- Locktime: This is the amount of time that determines how fast a transaction is added to the blockchain. This input dictates what the earliest possible time is for the transaction to be processed by mining nodes.
- Input: Information pointing to the source of funds or previous transaction where the UTXO was produced. The input also contains something called the “unlocking script”.
- Output: Information regarding the value being transferred, the wallet where ownership of funds is being reassigned to and new UTXOs formed. The output also contains a “locking script”.
How UTXOs are different to physical cash
The main differences between the physical bills analogy and the UTXO model is that bitcoin and other UTXO-based cryptoassets aren’t bound by set amounts, i.e. $5, $10, $15, etc. Any amount of bitcoin (up to eight decimal places) can be an unspent transaction output.
For instance, you may have 0.0003847 BTC leftover from a transaction.
This amount would become a new UTXO which must be spent in full if used and cannot be divided into smaller amounts.
Let’s say John has a crypto wallet balance of 1 bitcoin. His balance and the composition of that balance are two different things, much in the same way you might have $100 in your wallet but it could comprise four $20 bills, two $5 bills and one $10.
Let’s say the composition of John’s 1 BTC balance is made up of 5 different unspent transaction outputs.
- 0.138 BTC
- 0.1 BTC
- 0.004 BTC
- 0.73 BTC
- 0.028 BTC
John wants to send 0.6 BTC to Jane. To do this, John’s wallet software will automatically group together any number of UTXOs he controls to cover this transaction plus any miner fees involved to process it.
In this example, let’s say his wallet software automatically sends over John’s bitcoin UTXO worth 0.73 BTC to Jane and returns the leftover amount minus transaction fees to John as a new UTXO.
This amount is automatically sent to a change address; a separate address linked to your crypto wallet.
Locking and unlocking scripts
When UTXOs are created, they are locked using the recipient’s public wallet address. In order to use that UTXO as an input in a new transaction, it has to be first unlocked using the sender’s digital signature.
This is another important thing to understand about bitcoin transactions. When a transaction is made, bitcoin isn’t digitally moved from one account to another. Instead, they are unlocked, reassigned to a new owner and then locked back up again.
This means only the new owner can unlock the funds using their digital signature and transfer them elsewhere; to another person or to another wallet under their control.
Script is a programming language used by Bitcoin to process transactions, including locking and unlocking UTXOs.
- Locking script (ScriptPubKey): When a UTXO is locked, the locking script (known as the ScriptPubKey) sets out conditions that need to be satisfied before the UTXO can be used as an input. This usually involves proving you own the private key that corresponds to the public wallet address used to lock the UTXO by providing a digital signature.
- Unlocking script (ScriptSig): To unlock a UTXO, you have to meet the conditions set by the locking script i.e. provide a digital signature that proves you control the private keys corresponding to the public key used to lock the UTXO.
This prevents anyone else from being able to access and spend those funds.
What is Bitcoin dust?
Bitcoin dust refers to UTXOs containing tiny trace amounts of satoshis leftover from previous transactions.
On their own, these miniscule amounts of BTC would cost more in transaction fees to process than they were worth and so they often sit in change addresses waiting to be bundled together with other UTXOs and spent.
What is a dusting attack?
Dusting attacks refer to scammers sending out dust to hundreds of thousands of different wallet addresses. The idea behind it is to ascertain potential targets for social engineering attacks.
A scammer will watch addresses containing the dust they’ve sent, waiting for the owner to make a transaction that bundles together UTXOs from different addresses linked to their wallet. Because dust UTXOs are so small, there’s a good chance they’ll be grouped together with others and used as inputs.
Once this happens, the scammer can get an idea of what funds a person has. They can then choose to embed phishing messages in transactions inviting the owner to click on a link that downloads malware, or visit fake websites that imitate legitimate landing pages and ask for personal information.
How dangerous are bitcoin dusting attacks?
Dusting attacks do not give scammers access to your funds.
They merely serve to narrow down what addresses are controlled by a particular crypto wallet.
In order to minimize your risk of dusting attacks it's best to never click on links or visit websites attached to dust transactions.