Understanding UTxO spending

Published 13.9.2023

Cardano uses an innovative Extended UTxO accounting model to support multi-assets and smart contracts. It is different from the account-based model that is used by banks or Ethereum. In this article, we will briefly explain the difference between account-based and UTxO models. The aim of the article is to explain in detail how users spend UTxOs.

The Difference between UTxO and the Account-Based Model

The account-based model is based on the concept of accounts and balances, which resemble how a bank operates. Ethereum uses this model. Users have accounts that hold their coin balance. Transactions update the balances of the sender and the receiver accounts. It is an atomic operation depending on a global state.

The extended-UTxO model extends the UTxO model that is used by Bitcoin. It is based on the concept of unspent transaction outputs (UTxO). A UTxO can be used as an input to a new transaction. Each (spending) transaction contains inputs and outputs. Transactions consume unspent outputs from previous transactions and produce new outputs that can be used as inputs for future transactions.

In the UTxO model, assets are stored in the ledger in the form of UTxO, not as account balances. The balance of an address is calculated by adding up the values of all the UTxOs controlled by that address. A user account can contain multiple addresses. Account-based models usually work with only one address.

Each UTxO can be spent only once, meaning it can be used as an input to only one transaction. Once a UTxO is used as an input, it is consumed forever. A new UTxO is created as an output of the transaction, which can be used as an input for a future transaction.

From one UTxO used as an input, more UTxOs can be created as outputs. Each new UTxO can be sent to different recipients (addresses). For example, a UTxO with 100 ADA can be used as an input for two new UTxOs with 20 and 80 ADAs. The UTxO with 20 ADA can be sent to Alice’s address, and the UTxO with 80 ADA can be sent to Bob’s address. This way, the transaction can split the value of the input UTxO and distribute it to different addresses.

This is necessary if Alice has a UTxO with 100 ADA and wants to send Bob 80 ADA. 20 ADA must return to Alice's address.

In the UTxO model, transactions are stateless, meaning they do not depend on any previous history or global state. Transactions only need to provide valid inputs, outputs, fees, and witnesses to be valid.

A witness is a piece of data that proves that a transaction is authorized by the owner of the funds. A witness can be either a signature (for key credentials) or a script execution (for script credentials). We will talk about it later.

The UTXO set is the set of all UTxOs in the Cardano network. It stores all the required information to validate a new transaction without having to inspect the full blockchain. When a new transaction is created, input UTXOs are used to claim the funds they are holding.

In the account-based model, transactions update the global state of the ledger by modifying the balances of the sender and receiver accounts. Transactions are stateful, meaning they depend on the previous history and global state of the ledger. Transactions can spend any amount of funds from an account, as long as there is enough balance. Transactions deduct coins from the sender's account balances and credit them to the recipient's account balances. Transactions can also execute smart contracts, which can modify the state of the ledger or trigger other actions.

Spending UTxO from Shelley Addresses

A Shelley address consists of a header and a payload. The payload contains a payment credential and stake address reference. We will not cover staking in this article. We will only focus on spending UTxO via key credentials (public/verification key). So we will only be interested in payment credentials.

In the image below you can see the basic Shelley address scheme.

A payment credential is a part of a Shelley address that identifies who owns the funds in the address. A payment credential can be either a key credential (based on a public/verification key) or a script credential (a hash of the spending script). There can be multiple UTxOs on a single Shelley address.

It is important to understand how UTxOs are associated with addresses. It must be ensured that UTxOs can be spent from an address and that the same address can receive new UTxOs. An analogy is often used that UTxOs sit on the address, or that the address holds UTxOs. UTxOs are moved between sender and recipient addresses. This analogy is fine, but it is somewhat simplistic.

UTxO can be simply described as a structure that consists of an identifier and a value. The identifier is a so-called outpoint. The outpoint acts as a pointer to the location of the UTxO in the blockchain. An outpoint consists of the transaction ID and the output index of the transaction that created the UTxO. The value is the amount of coins or tokens that the UTxO holds.

You can see UTxO in the image below.

New UTxOs are created through transactions. A transaction consumes input UTxOs and creates new UTxOs. When the Cardano network processes transactions, new (output) UTxOs with the desired destination address and value (number of coins or tokens) are created. Once an input UTxO is consumed, it cannot be consumed a second time.

The input of the transaction is a UTxO, but technically it is the outpoint (reference) that identifies the UTxO in the blockchain. The outpoint consists of the previous transaction ID and the output index of the transaction that created the UTxO. By providing the outpoint, the transaction claims the funds in the UTxO and can use them as input to the new transaction.

The input UTxO basically refers to the address (the address of the current owner) that must provide a witness. This is because the outpoint points to the location of the UTxO in the blockchain, and the UTxO has a destination address. The destination address has a payment credential, which is either a key credential or a script credential, that identifies who owns the funds in the address. The transaction must provide a valid witness for the payment credential of the destination address in order to spend the UTxO.

Spending a UTxO basically results in the creation of a new UTxO (or multiple UTxOs) that will be associated with a new destination address. A transaction that spends a UTxO as an input must also provide one or more outputs that specify the destination addresses and the values of the new UTxOs. The new UTxOs are then associated with the payment credentials of the destination addresses, which means only the owners of the credentials can spend them in future transactions.

A transaction does not contain the original address of UTxOs directly, but rather indirectly via outpoints of input UTxOs. Each outpoint consists of a transaction ID and an output index of the transaction that created the UTxO. It must be validated by the network that input UTxO can be spent by the current owner. If the validation passes then new UTxOs can be created (and associated with new destination addresses).

In the image below you can see a simplified Cardano transaction with one input UTxO and two outputs.

The input field contains a list of references to UTxOs that the transaction is spending. In our case, there is only one input UTxO.

The output field contains a list of pairs of addresses and values that the transaction is sending funds to. Each pair consists of a destination address and a value. In our case, there are two outputs.

The total value of the inputs must be equal to or greater than the total value of the outputs and the fee.

The fee field contains the amount of ADA that the user pays as a fee to the network for processing the transaction.

The witnesses field contains a set of witnesses that prove that the transaction is authorized by the owners of the funds (input UTxOs) or the actors of the actions. The transaction must provide a witness for each input address (or minting policy ID, withdrawal reward account, or certificate author’s credential). In our case, there is only one input UTxO so only one witness is needed for the validation.

Let's see an example in which Alice sends Bob 800 ADA. As in input, UTxO with 1000 ADA is used. The fee for processing the transaction is 1 ADA. Alice needs to get back 199 ADA to her address. Therefore, the transaction has two outputs.

Alice sends 800 ADA to Bob’s address, which has a key credential based on Bob’s public key. Alice’s transaction creates the first UTxO with Bob’s address as the destination and 800 ADA as the value. It also creates the second UTxO with Alice’s address as the destination and 199 ADA as the value.

In the image below you can see two transactions and two addresses. On the left is a previous transaction through which Alice acquired UTxO with 1000 ADA from someone else in the past. This UTxO is used as input for the second transaction that is created by Alice. Next, you see Alice's address and Bob's address, which are used as destination addresses in Alice's transaction.

Alice's transaction must include a witness to allow the input to be spent. The input UTxO references Alice's address (via the previous transaction) which contains payment credentials (blue arrows). Alice must insert a witness (private key signature) into her transaction. This is indicated by the red arrow in the picture.

Two new outputs will be created from the input UTxO. Funds (1000 ADA) will be distributed to multiple addresses (let’s neglect the fee). The first output contains Alice’s destination address and the value 199 ADA. The second output contains Bob’s destination address and the value 800 ADA. In the figure, the yellow arrows indicate the distribution of funds and the green arrows indicate the destination addresses.

Once the transaction is settled (and finalized) by the Cardano network, Bob can use his private key to spend the 800 ADA from his address. Alice can use her (same) private key to spend the 199 ADA that was left to her after her transaction was processed.


At first glance, the UTxO model may appear somewhat complicated compared to the account-based model, but it has many advantages, especially in the context of scalability and security. Next time we will describe how UTxO is spent through the validator script.


Related articles

Did you enjoy this article? Other great articles by the same author