• Jonathan Fischoff

Plutus 101: From Multisig to Programmatic Validation

Smart contracts on Cardano operate differently than smart contracts on Ethereum. Plutus smart contracts are not scripts deployed on the Cardano blockchain, with methods users can execute. Plutus smart contracts are validators, e.g. functions that evaluate to a boolean. The smart contracts can either say "yes" the transactions should succeed, or "no" it should not.

Multisig Transaction Validation: The Intuitive Perspective

Most Cardano users have an intuitive sense of how transaction validation works. You never have to ask for permission when sending to a wallet address. However, if you want to take someone's Ada, you need their permission. To demonstrate permission, a tamper resistant signature is added to the transaction, which also verifies the identity of the signer. The intuitive understanding of transaction validation - receiving does not require permission but sending does - is accurate for single and multiple signature transactions.

If a transaction uses someone's Ada as input, their signature must be part of the submitting transaction for it to be valid. Multiple signature transactions merely mean multiple different users' assets are being used as input for a single transaction.

The UTxO Details

Transaction outputs which are yet to be used as inputs, the so called Unspent Transaction Outputs or UTxOs, are owned by wallet addresses. The balance of the wallet is the sum of all the UTxOs owned by that address.

To validate a multisig transaction, Cardano nodes look at transactions' input UTxOs, finds the addresses that own them, and then looks for signatures corresponding to the input addresses.

From Multisig to Smart Contracts

When Plutus smart contracts are compiled a Plutus Core binary output is produced. This binary output can be hashed to produce a "script address." Script addresses are new types of blockchain addresses. Unlike typical wallet addresses they do not have an associated key pair. There is no verification key or signing key. Like regular wallet addresses, they own UTxOs.

There are two phases to all Plutus segues. First there is a locking transactions that transfers assets to a script address. Just like sending Ada to a wallet address, there is no verification by the Plutus code associated with the script address when sending assets. However, to remove assets from the script address, they must be unlocked, by evaluating the Plutus code. Based on the user input and pending transaction details, the Plutus smart contract can either return true if the transaction should succeed or false if the transaction is ngmi. One important observation: to execute a smart contract requires at least two transactions. Another important observation is how limited the smart contracts are. They can either approve or deny transactions. They can't create new transactions. They can just return true or false

Most of the "work" must occur off-chain.


  • Plutus smart contracts are hashed to create a script address.

  • Assets are sent to the smart contract address and locked there.

  • Assets must pass the Plutus validator to leave the script address and be unlocked.

674 views1 comment

Recent Posts

See All

Update: A Cryptoslate article incorrectly stated "Cardano has a universal app exploit". This is not true. There is a common mistake dApp developers keep making. The rapid development of new dApps with