TYPE 0x0703 · COMPOUND FAMILY

HASH_SIG

Hash preimage verification combined with signature check in a single block. Collapses a hash + SIG two-block pattern, saving 8 bytes on wire.

Compound Non-Invertible
Ladder Diagram
HASH_SIG HASH CHECK + SIG VERIFY Preimage hash must match AND signature must verify
Fields
FieldData TypeSizeSideDescription
hashHASH25632 BConditionsSHA-256 hash the preimage must match. F24: the descriptor surface accepts either form — hash_sig(@pk, <preimage_hex>) auto-SHA256s the input, while hash_sig(@pk, h:<HASH256_hex>) stores the supplied 32-byte hash verbatim. Both produce identical conditions; the h: form is what formatladder emits so that parse → format → parse round-trips.
schemeSCHEME1 BConditionsSignature scheme identifier (0x01 = Schnorr, 0x02 = ECDSA). Routes to post-quantum verifier when PQ scheme set.
pubkeyPUBKEY32-33 BWitnessPublic key matching the commitment
signatureSIGNATURE64-65 BWitnessSchnorr signature over the transaction
preimagePREIMAGE32 BWitnessData whose SHA-256 equals the hash field — provided by the user. The node derives HASH256 from this data at creation time.

Public key folded into Merkle leaf via merkle_pub_key (PubkeyCountForBlock = 1). No key field in conditions.

Wire Format Breakdown
0x0703 0 2 HASH256 · 32B SCHEME · 1B Conditions ≈ 40 bytes
0x0703 0 3 PUBKEY · 35B SIGNATURE · 66B PREIMAGE · var Witness ≈ 105 + len bytes
Total ≈ 145 + len bytes
Evaluation Logic
1.Locate the conditions HASH256 and witness PREIMAGE. Either missing → ERROR. HASH256 not exactly 32 B → ERROR
2.Compute SHA256(PREIMAGE) and memcmp against the conditions HASH256. Mismatch → UNSATISFIED (returns immediately; signature is not even checked).
3.Locate witness PUBKEY and SIGNATURE. Either missing → ERROR. PUBKEY identity is bound at MLSC-proof level via merkle_pub_key.
4.Read the optional conditions SCHEME (defaults to Schnorr). Dispatch VerifySigWithScheme(pubkey, sig, scheme, ...); the result is the block result. Sig size checks fire here per the resolved scheme.
JSON Wire Format
Conditions
{
  "type": "HASH_SIG",
  "fields": [
    { "type": "HASH256", "hex": "e3b0c442...32 bytes" },
    { "type": "SCHEME", "hex": "01" }
  ]
}
Witness
{
  "type": "HASH_SIG",
  "fields": [
    { "type": "PUBKEY", "hex": "02abc1...33 bytes" },
    { "type": "SIGNATURE", "hex": "30440...64 bytes" },
    { "type": "PREIMAGE", "hex": "deadbeef...32 bytes" }
  ]
}
Use Cases
Atomic Swap Claim Path
Counterparty reveals the hash preimage and signs in a single step. No timelock needed — the timeout path uses a separate TIMELOCKED_SIG rung.
Secret-Gated Signing
Require both knowledge of a secret (preimage) and possession of a private key. Neither alone is sufficient — dual-factor spending authorization.
← HTLC PTLC →