IntersectMBO · carlostome · Jan 27, 2026
diff --git a/src/Ledger/Dijkstra/Specification/Utxo.lagda.md b/src/Ledger/Dijkstra/Specification/Utxo.lagda.md
@@ -37,13 +37,13 @@ open import Ledger.Dijkstra.Specification.Script.Validation txs abs
 ```agda
 record UTxOEnv : Type where
   field
-    slot             : Slot
-    pparams          : PParams
-    treasury         : Treasury
-    utxo₀            : UTxO
-    isTopLevelValid  : Bool
-    globalScripts    : ℙ P1Script × ℙ P2Script
-    globalData       : DataHash ⇀ Datum
+    slot                 : Slot
+    pparams              : PParams
+    treasury             : Treasury
+    utxo₀                : UTxO
+    isTopLevelValid      : Bool
+    globalScripts        : ℙ P1Script × ℙ P2Script
+    globalData           : DataHash ⇀ Datum
 ```
 
 The `utxo₀`{.AgdaField} field of `UTxOEnv`{.AgdaRecord} is introduced in the Dijkstra

diff --git a/src/Ledger/Dijkstra/Specification/Utxow.lagda.md b/src/Ledger/Dijkstra/Specification/Utxow.lagda.md
@@ -95,13 +95,13 @@ module _ {tx : TopLevelTx} where
 languages :  ℙ P2Script → ℙ Language
 languages p2Scripts = mapˢ language p2Scripts
 
-allowedLanguages : TopLevelTx → UTxO → ℙ Language
-allowedLanguages tx utxo =
+allowedLanguagesLegacyMode : TopLevelTx → UTxO → ℙ Language
+allowedLanguagesLegacyMode tx utxo =
   if UsesBootstrapAddress tx utxo
     then ∅
     else
   if UsesV4Features tx
-    then fromList (PlutusV4 ∷ [])
+    then ∅
     else
   if UsesV3Features tx
     then fromList (PlutusV4 ∷ PlutusV3 ∷ [])
@@ -111,6 +111,8 @@ allowedLanguages tx utxo =
     else fromList (PlutusV4 ∷ PlutusV3 ∷ PlutusV2 ∷ PlutusV1 ∷ [])
 ```
 
+## The <span class="AgdaDatatype">SUBUTXOW</span> Transition System {#sec:the-subutxow-transition-system}
+
 ```agda
 data _⊢_⇀⦇_,SUBUTXOW⦈_ : UTxOEnv → UTxOState → SubLevelTx → UTxOState → Type where
 
@@ -149,16 +151,21 @@ data _⊢_⇀⦇_,SUBUTXOW⦈_ : UTxOEnv → UTxOState → SubLevelTx → UTxOSt
     ∙  ∀[ (vk , σ) ∈ vKeySigs ] isSigned vk (txidBytes txId) σ
     ∙  ∀[ s ∈ p1Scripts ] (hash s ∈ neededScriptHashes → validP1Script witsKeyHashes txVldt s)
     ∙  neededVKeyHashes ⊆ witsKeyHashes
+    ∙  ∀[ s ∈ p2Scripts ] (hash s ∈ neededScriptHashes → language s ≡ PlutusV4)
     ∙  neededScriptHashes ⊆ mapˢ hash p1Scripts ∪ mapˢ hash p2Scripts
     ∙  neededDataHashes ⊆ dom (Γ .globalData)
     ∙  txADhash ≡ map hash txAuxData
     ∙ Γ ⊢ s ⇀⦇ stx ,SUBUTXO⦈ s'
       ────────────────────────────────
       Γ ⊢ s ⇀⦇ stx ,SUBUTXOW⦈ s'
+```
 
+## The <span class="AgdaDatatype">UTXOW</span> Transition System {#sec:the-utxow-transition-system}
+
+```agda
 data _⊢_⇀⦇_,UTXOW⦈_ : UTxOEnv → UTxOState → TopLevelTx → UTxOState → Type where
 
-  UTXOW :
+  UTXOW-normal :
     let
          open Tx tx
          open TxBody txBody
@@ -190,12 +197,70 @@ data _⊢_⇀⦇_,UTXOW⦈_ : UTxOEnv → UTxOState → TopLevelTx → UTxOState
                                        (range (utxo₀ ∣ txIns))
 
     in
+    ∙  ∀[ s ∈ p2Scripts ] (hash s ∈ neededScriptHashes → language s ≡ PlutusV4)
     ∙  ∀[ (vk , σ) ∈ vKeySigs ] isSigned vk (txidBytes txId) σ
     ∙  ∀[ s ∈ p1Scripts ] (hash s ∈ neededScriptHashes → validP1Script witsKeyHashes txVldt s)
     ∙  neededVKeyHashes ⊆ witsKeyHashes
     ∙  neededScriptHashes ⊆ mapˢ hash p1Scripts ∪ mapˢ hash p2Scripts
     ∙  neededDataHashes ⊆ dom (Γ .globalData)
-    ∙  languages p2Scripts ⊆ allowedLanguages tx utxo
+    ∙  txADhash ≡ map hash txAuxData
+    ∙  Γ ⊢ s ⇀⦇ tx ,UTXO⦈ s'
+      ────────────────────────────────
+      Γ ⊢ s ⇀⦇ tx ,UTXOW⦈ s'
+
+  UTXOW-legacy :
+    let
+         open Tx tx
+         open TxBody txBody
+         open TxWitnesses txWitnesses
+         open UTxOEnv
+
+         utxo₀               = Γ .utxo₀
+         utxo                = s .UTxOState.utxo
+
+         witsKeyHashes       : ℙ KeyHash
+         witsKeyHashes       = mapˢ hash (dom vKeySigs)
+
+         topLevelScripts : ℙ Script
+         topLevelScripts =
+           ScriptsOf tx
+           ∪ mapPartial txOutToScript
+           ( range (utxo₀ ∣ SpendInputsOf tx)
+           ∪ range (utxo₀ ∣ ReferenceInputsOf tx))
+
+         p1Scripts : ℙ P1Script
+         p1Scripts = mapPartial toP1Script topLevelScripts
+
+         p2Scripts : ℙ P2Script
+         p2Scripts = mapPartial toP2Script topLevelScripts
+
+         neededScriptHashes  : ℙ ScriptHash
+         neededScriptHashes  = mapPartial (isScriptObj  ∘ proj₂) (credsNeeded utxo₀ txBody)
+
+         neededVKeyHashes : ℙ KeyHash
+         neededVKeyHashes = mapPartial (isKeyHashObj ∘ proj₂) (credsNeeded utxo₀ txBody)
+
+         txDataHashes     : ℙ DataHash
+         txDataHashes     = mapˢ hash txData
+
+         neededDataHashes : ℙ DataHash
+         neededDataHashes = mapPartial (λ txOut@(a , _ , d , _) → do sh ← isScriptObj (payCred a)
+                                                                     _  ← lookupHash sh p2Scripts
+                                                                     d >>= isInj₂)
+                                       (range (utxo₀ ∣ txIns))
+
+         refInputsDataHashes = mapPartial txOutToDataHash (range (utxo ∣ refInputs))
+         outputsDataHashes   = mapPartial txOutToDataHash (range txOuts)
+
+    in
+    ∙  ∃[ h ∈ neededScriptHashes ] ∃[ s ∈ p2Scripts ] h ≡ hash s × language s ∈ fromList (PlutusV1 ∷ PlutusV2 ∷ PlutusV3 ∷ [])
+    ∙  ∀[ (vk , σ) ∈ vKeySigs ] isSigned vk (txidBytes txId) σ
+    ∙  ∀[ s ∈ p1Scripts ] (hash s ∈ neededScriptHashes → validP1Script witsKeyHashes txVldt s)
+    ∙  neededScriptHashes ⊆ mapˢ hash topLevelScripts
+    ∙  neededVKeyHashes ⊆ witsKeyHashes
+    ∙  neededDataHashes ⊆ txDataHashes
+    ∙  txDataHashes     ⊆ neededDataHashes ∪ outputsDataHashes ∪ refInputsDataHashes
+    ∙  languages p2Scripts ⊆ allowedLanguagesLegacyMode tx utxo
     ∙  txADhash ≡ map hash txAuxData
     ∙  Γ ⊢ s ⇀⦇ tx ,UTXO⦈ s'
       ────────────────────────────────