TYPE 0x0204 · HASH FAMILY
HASH_GUARDED
Raw SHA-256 preimage verification. SATISFIED when SHA256(preimage) equals the committed hash. Non-invertible and fail-closed.
Hash Non-InvertibleLadder Diagram
Fields
| Field | Data Type | Size | Side | Description |
|---|---|---|---|---|
| committed_hash | HASH256 | 32 B | Conditions | SHA-256 hash that the preimage must match |
| preimage | PREIMAGE | var | Witness | Data whose SHA-256 must equal committed_hash. Length is unconstrained — the full byte run is consumed. |
Wire Format Breakdown
Conditions side (committed in the rung leaf):
0x0204
0
1
HASH256 · 32B
= 38 bytes
Witness side (in input witness):
0x0204
0
1
PREIMAGE · var
≈ 4 + 1 + len bytes
Total (conditions + witness)
≈ 43 + len bytes
The "inverted" byte is rejected at deserialization for HASH_GUARDED (non-invertible). PubkeyCountForBlock = 0.
Evaluation Logic
1.
Locate the HASH256 and PREIMAGE fields in the merged conditions+witness block. If either is missing → ERROR
2.
committed_hash must be exactly 32 B; otherwise → ERROR
3.
Compute SHA256(PREIMAGE) using
CSHA256. The PREIMAGE length is unconstrained — the full byte run is consumed.
4.
memcmp the 32-byte result against committed_hash. Equal → SATISFIED; differs → UNSATISFIED
Return Values
| Condition | Result |
|---|---|
| HASH256 or PREIMAGE field missing | ERROR |
committed_hash not exactly 32 B | ERROR |
| SHA256(preimage) ≠ committed_hash | UNSATISFIED |
| SHA256(preimage) = committed_hash | SATISFIED |
JSON Wire Format
Conditions (committed in the rung leaf)
{
"type": "HASH_GUARDED",
"inverted": false,
"fields": [
{ "type": "HASH256", "hex": "a1b2c3...32 bytes (committed_hash)" }
]
}Witness (input)
{
"type": "HASH_GUARDED",
"inverted": false,
"fields": [
{ "type": "PREIMAGE", "hex": "deadbeef... (variable-length preimage)" }
]
}Use Cases
Standalone Hash Lock
Standalone hash lock. Provides raw SHA-256 preimage verification without requiring a companion signature block. Non-invertible by design, preventing data embedding through failed verification + inversion.
Commitment Reveal
Commit a hash on-chain, then reveal the preimage later to unlock funds. Useful for oracle-based protocols, escrow release, and data attestation where a signature is not needed.
Cross-Chain Hash Lock
Hash-locked spending conditions for atomic swap protocols where the hash preimage is revealed on another chain. Combine with SIG or COSIGN for additional authorization requirements.
Anti-Spam Properties
HASH_GUARDED is non-invertible: the inverted flag is rejected at deserialization. This prevents an attacker from creating a block with a garbage hash, providing arbitrary preimage data, and inverting the result to SATISFIED. There is no way to embed arbitrary data through this block type.