Divisible tokens

The invention claimed is: 1 . A computer-implemented method of generating a second transaction for a blockchain, the blockchain comprising a first transaction comprising a first token and a first output transferring an amount of a digital asset between a second party and a first party, wherein the first output of the first transaction comprises a cryptographic hash of the first token, wherein the first output comprises a locking script configured, when executed by a blockchain node, to verify that an input of a later blockchain transaction that references the first output of the first transaction comprises the first token by performing a cryptographic hash function on the first token and comparing a result of the cryptographic hash function with the cryptographic hash of the first token, the first token representing a first amount of a token asset other than the digital asset, the second transaction being for transferring a second token representing a second amount of the token asset from a first party to a third party; the method being performed by the first party and comprising: extracting the first token from the first transaction; determining, based on the extracted first token, the first amount of the token asset; determining a second amount of the token asset to transfer to the third party, the second amount being less than the first amount; generating a second token comprising data representing the second amount of the token asset; inputting the second token to a cryptographic hash function and executing the cryptographic hash function to generate a cryptographic hash of the second token; generating the second transaction comprising a first input configured to unlock the first output of the first transaction when the first input is executed by a blockchain node together with the first output of the first transaction, by performing steps of: encoding, into the first input of the second transaction, the first token; encoding, into a first output of the second transaction, the second token, the cryptographic hash of the second token, and a locking script configured, when executed by a blockchain node, to cause the blockchain node to verify that an input of a later blockchain transaction that references the first output of the second transaction comprises the second token by performing a cryptographic hash function on the second token and comparing a result of the cryptographic hash function with the cryptographic hash of the second token; and transmitting the second transaction over a network to one, some or all of the second party, the third party, and/or the blockchain node. 2 . The method of claim 1 , wherein the data representing the second amount of the token asset comprises one or more values, each value being used to represent a respective sub-amount of the first amount of the token asset. 3 . The method of claim 2 , wherein each value is generated based on an identifier of the first transaction. 4 . The method of claim 2 , wherein each value is generated based on a modulus of a public key of the first party, and wherein the output of the second transaction comprises the modulus. 5 . The method of claim 3 , wherein each value is based on a root node of a binary tree structure, the root node being generated based on the identifier of the first transaction and/or a predetermined modulus, wherein the tree structure comprises a root layer comprising a root node, and a sequence of one or more child layers, each child layer comprising one or more pairs of child nodes, each pair being children of a respective node of a previous layer in the structure, wherein each node represents a respective amount of the token asset, the root node representing the first amount, and wherein each pair of child nodes together represent an amount equal to the amount represented by the respective node of the previous layer. 6 . The method of claim 5 , wherein each value is a respective square root of a respective one of the one or more generated node. 7 . The method of claim 5 , wherein the root node is generated by applying a first cryptographic hash function to at least the identifier of the first transaction. 8 . The method of claim 7 , wherein the root node is generated by applying the first cryptographic hash function to at least the identifier of the first transaction and the modulus. 9 . The method of claim 8 , wherein the first token comprises the modulus. 10 . The method of claim 5 , wherein the first token represents the first amount A, wherein an i th layer of the tree structure comprises 2 i-1 node, and wherein each node in the i th layer represents an amount A*2 1-i . 11 . The method of claim 5 , wherein each pair of child nodes comprises a first child node and a second child node, and wherein each first child node in the i th layer comprises a square root of the respective node of the previous layer, and wherein each second child node in the i th layer comprises a square root of the respective node of the previous layer, and a component generated by applying a second cryptographic hash function to at least the identifier of the first transaction. 12 . The method of claim 11 , wherein the first and second cryptographic hash functions are different cryptographic hash functions. 13 . The method of claim 2 , wherein the respective sub-amount is a different sub-amount of the first amount, each representing a different amount of the token asset. 14 . The method of claim 1 , wherein the first input of the second transaction comprises a first public key of the first party and a digital signature generated based on a first private key corresponding to the first public key. 15 . The method of claim 14 , wherein the first transaction is generated by the second party, and wherein the method comprises: generating a shared private key based on a private key corresponding to a second public key of the first party and a public key of the second party; and generating the first public key of the first party based on the shared private key and the second public key of the first party. 16 . The method of claim 4 , comprising: generating a third public key of the first party, wherein the third public key comprises the modulus; and transmitting the third public key of the first party to the second party. 17 . Computer equipment, comprising: memory comprising one or more memory units; and processing apparatus comprising one or more processing units, wherein the memory stores code arranged to run on the processing apparatus, the code being configured so as when run on the processing apparatus, the processing apparatus performs a to perform the method of generating a second transaction for a blockchain, the blockchain comprising a first transaction comprising a first token and a first output transferring an amount of a digital asset between a second party and a first party, wherein the first output of the first transaction comprises a cryptographic hash of the first token, wherein the first output comprises a locking script configured, when executed by a blockchain node, to verify that an input of later blockchain transaction that references the first output of the first transaction comprises the first token by performing a cryptographic hash function on the first token and comparing a result of the cryptographic hash function with the cryptographic hash of the first token, the first token representing a first amount of a token asset other than the digital asset, the second transaction being for transferring a second token representing a second amount of the tok