TYPE 0x0005 · SIGNATURE FAMILY

KEY_REF_SIG

Signature verification using a key commitment referenced from a relay block. Enables cross-rung key sharing without duplicating pubkey commitments, saving ~30 bytes per reference.

Signature Non-Invertible

Ladder Diagram

Fields

Field	Data Type	Size	Side	Description
relay_index	NUMERIC	4 B	Conditions	Index into the relay array (must be in rung's relay_refs)
block_index	NUMERIC	4 B	Conditions	Index of the target block within the resolved relay
pubkey	PUBKEY	32-33 B	Witness	Full public key (verified against relay's Merkle leaf)
signature	SIGNATURE	64-65 B	Witness	Schnorr signature (64B) or with sighash byte (65B). PQ signatures variable size.

Key resolved from relay (PubkeyCountForBlock = 0). No key field in conditions.

Wire Format Breakdown

Conditions side (in scriptPubKey):

0x0005 0 2 NUMERIC · 4B NUMERIC · 4B = 14 bytes

Witness side (in input witness):

0x0005 0 2 PUBKEY · 33B SIGNATURE · 64B = 105 bytes

Total (conditions + witness) 119 bytes

KEY_REF_SIG resolves its public key from a relay block rather than folding it into the rung's own Merkle leaf. PubkeyCountForBlock = 0 for KEY_REF_SIG; the key is bound via the relay's leaf instead. Each additional rung referencing the same relay key avoids duplicating the key in multiple Merkle leaves.

Evaluation Logic

1. Extract relay_index and block_index from conditions NUMERIC fields. If missing → ERROR

2. Validate relay_index is in the current rung's relay_refs. If not declared → ERROR

3. Resolve target block: relays[relay_index].blocks[block_index]. Extract pubkey from relay's Merkle leaf and SCHEME from target.

4. Verify witness PUBKEY against relay's Merkle leaf verification. If mismatch → UNSATISFIED

5. Verify SIGNATURE against the resolved scheme (Schnorr, ECDSA, or PQ). If invalid → UNSATISFIED

6. Signature valid → SATISFIED

Return Values

Condition	Result
Missing NUMERIC fields (relay_index, block_index)	ERROR
Relay context unavailable or relay_refs missing	ERROR
relay_index not in rung's relay_refs	ERROR
relay_index or block_index out of bounds	ERROR
Target block missing pubkey in Merkle leaf	ERROR
Witness missing PUBKEY or SIGNATURE	ERROR
Merkle leaf verification fails	UNSATISFIED
Signature verification fails	UNSATISFIED
Signature valid against resolved key	SATISFIED

JSON Wire Format

Conditions (scriptPubKey)

{
  "type": "KEY_REF_SIG",
  "inverted": false,
  "fields": [
    { "type": "NUMERIC", "hex": "00000000" },
    { "type": "NUMERIC", "hex": "00000000" }
  ]
}

Relay (referenced by relay_refs)

{
  "type": "SIG",
  "fields": [
    { "type": "PUBKEY", "hex": "02abc1...33 bytes" },
    { "type": "SCHEME", "hex": "01" }
  ]
}

Witness (input)

{
  "type": "KEY_REF_SIG",
  "inverted": false,
  "fields": [
    { "type": "PUBKEY", "hex": "02abc1...33 bytes" },
    { "type": "SIGNATURE", "hex": "30440...64 bytes" }
  ]
}

Use Cases

Multi-Path Key Sharing

A single key bound to a relay's Merkle leaf is referenced by multiple rungs via KEY_REF_SIG. For example, the same hot-wallet key can authorize both an immediate spend (rung 0) and a timelocked recovery (rung 1) without folding the key into each rung's leaf separately.

MLSC Witness Compression

In Merkelised Ladder Script trees with many spending paths, KEY_REF_SIG reduces the size of each rung by ~30 bytes. Since relays are revealed alongside the spending rung in the MLSC proof, the verifier always has access to the referenced key commitment.

Relay-Based Key Management

A relay defines the authorized signer (key folded into relay's Merkle leaf). Multiple rungs can reference the same relay via KEY_REF_SIG to enforce that the same key is used across different spending paths with different additional conditions (timelocks, hashlock, etc.).

← MUSIG_THRESHOLD CSV →