Digital contracts using blockchain transactions

The invention claimed is: 1. A computer-implemented method of encoding a digital contract between a first party of a blockchain network and a second party of the blockchain network, the digital contract being for transferring an amount of a digital asset from the first party to the second party based on a condition of the contract being fulfilled; the method being performed by a trusted third party and comprising: obtaining a plurality of data elements, each data element representing a different condition of the contract, and wherein at least one of the different conditions is linked to the second party; generating a hash tree based on the plurality of data elements, wherein the hash tree comprises: i) a leaf layer comprising a first set of leaf hashes each generated by hashing a respective data element but not a secret value known only to the trusted third party, and a second set of leaf hashes comprising at least one hash key generated by hashing a secret value known only to the trusted third party but not any of the respective data elements; and ii) one or more internal layers each comprising a respective set of internal hashes, wherein each internal hash of a respective internal layer is generated by hashing a concatenation of at least two hashes from a lower layer; and iii) a root layer comprising a root hash, the root hash generated by hashing a concatenation of at least two hashes from an uppermost internal layer; making the root hash available to the first party for inclusion in a transaction of a blockchain; determining that the condition of the contract linked to the second party has been met; and in response, transmitting an authentication path to the second party, wherein the authentication path comprises a set of hashes, wherein the set of hashes comprises the hash key and one or more sets of internal hashes, each set of internal hashes belonging to a different internal layer of the hash tree. 2. The method of claim 1 , wherein said obtaining of the data elements comprises receiving the data elements from the first and/or second parties. 3. The method of claim 1 , wherein said making available of the root hash comprises transmitting the root hash to the first party. 4. The method of claim 1 , comprising: identifying a transaction of the blockchain generated by the first party, wherein the transaction comprises the digital contract, and wherein the digital contract comprises a locking script locking the amount of the digital asset to the first party; determining whether the locking script comprises the root hash; and notifying the second party if the locking script does not comprise the root hash. 5. The method of claim 1 , wherein the second set of leaf hashes comprises a plurality of different hash keys, each generated based on the secret value. 6. The method of claim 5 , wherein each of the first set of leaf hashes is paired with a different one of the hash keys, and wherein each internal hash of a lowermost internal layer of the hash tree is generated by hashing a concatenation of a different pair of leaf hashes. 7. The method of claim 6 , wherein the authentication path comprises the hash key paired with the leaf hash of the condition linked to the second party. 8. Computer equipment of a trusted third party, comprising: memory comprising one or more memory units; and processing apparatus comprising one or more processing units, wherein the memory stores code arranged to run on the processing apparatus, the code being configured so as when executed on the processing apparatus the processing apparatus performs a method of encoding a digital contract between a first party of a blockchain network and a second party of the blockchain network, the digital contract being for transferring an amount of a digital asset from the first party to the second party based on a condition of the contract being fulfilled; the method being performed by the computer equipment of the trusted third party and comprising: obtaining a plurality of data elements, each data element representing a different condition of the contract, and wherein at least one of the different conditions is linked to the second party; generating a hash tree based on the plurality of data elements, wherein the hash tree comprises: i) a leaf layer comprising a first set of leaf hashes each generated by hashing a respective data element but not a secret value known only to the trusted third party, and a second set of leaf hashes comprising at least one hash key generated by hashing a secret value known only to the trusted third party but not any of the respective data elements; and ii) one or more internal layers each comprising a respective set of internal hashes, wherein each internal hash of a respective internal layer is generated by hashing a concatenation of at least two hashes from a lower layer; and iii) a root layer comprising a root hash, the root hash generated by hashing a concatenation of at least two hashes from an uppermost internal layer; making the root hash available to the first party for inclusion in a transaction of a blockchain; determining that the condition of the contract linked to the second party has been met; and in response, transmitting an authentication path to the second party, wherein the authentication path comprises a set of hashes, wherein the set of hashes comprises the hash key and one or more sets of internal hashes, each set of internal hashes belonging to a different internal layer of the hash tree. 9. A computer program embodied on a non-transitory computer-readable storage medium and configured so as when run on computer equipment of a trusted third party, the computer equipment performs a method of encoding a digital contract between a first party of a blockchain network and a second party of the blockchain network, the digital contract being for transferring an amount of a digital asset from the first party to the second party based on a condition of the contract being fulfilled; the method being performed by the computer equipment of the trusted third party and comprising: obtaining a plurality of data elements, each data element representing a different condition of the contract, and wherein at least one of the different conditions is linked to the second party; generating a hash tree based on the plurality of data elements, wherein the hash tree comprises: i) a leaf layer comprising a first set of leaf hashes each generated by hashing a respective data element but not a secret value known only to the trusted third party, and a second set of leaf hashes comprising at least one hash key generated by hashing a secret value known only to the trusted third party but not any of the respective data elements; and ii) one or more internal layers each comprising a respective set of internal hashes, wherein each internal hash of a respective internal layer is generated by hashing a concatenation of at least two hashes from a lower layer; and iii) a root layer comprising a root hash, the root hash generated by hashing a concatenation of at least two hashes from an uppermost internal layer; making the root hash available to the first party for inclusion in a transaction of a blockchain; determining that the condition of the contract linked to the second party has been met; and in response, transmitting an authentication path to the second party, wherein the authentication path comprises a set of hashes, wherein the set of hashes comprises the hash key and one or more sets of internal hashes, each set of internal hashes belonging to a different internal layer of the hash tree. 10. A computer program embodied on a non-transitory computer-readable storage medium and configured so as when run o