Bitcoin Scripts¶

As described in ScriptCoin.

Bitcoin Script¶

Bitcoin script is the assembly language leveraged by Bitcoin to validate transactions (see ScriptCoin). It is stacked based and comes with a distinguished set of operations which it is capable of solving. A Bitcoin script executes and if at the end of the execution, the stack is either empty or the top element is true, the script was successful. Otherwise the script failed and the Input-Output pair of the transaction must be refused. A Bitcoin Script is composed of two distinct scripts called the Unlock- and the Lock-Script. First the work of the Unlock script is done, then the work of the Lock script. If the final result is a valid solution (empty stack or true as top element), the transaction goes through.

Unlock¶

The unlock script is the script that runs during the transaction validation to validate the input.

Lock¶

The lock script runs during the transaction validation to validate the output.

Standard Scripts¶

Only a subset of so-called standard scripts is relayed by nodes: Pay-to-pubkey, Pay-to-pubkey-hash, Multisig, OP_RETURN and Pay-to-script-hash scripts.
Mot scripts in Bitcoin are Pay-to-pubkey-hash scripts

Pay-To-Pubkey¶

A Pay-To-Pubkey script consists of an unlock and a lock script which do the following (Pay amount of coins to public key matching the public key of the recipient):

Unlock-Script:

Push signature of the to be verified input to the stack

Lock-Script:

Push public key of recipient to the stack
Verify signature on the stack with the pushed public key

pay-to-pubkey Cryptographic details

65 bytes pubkey (uncompressed) = 64 bytes ECDSA key + 1 byte prefix (0x04)
- ECDSA Key = two 256 bit integers = 2 * 32 bytes
33 bytes pubkey (compressed) = 32 bytes ECDSA key + 1 byte prefix
- ECDSA Key = only one 256 bit integer

Pay-To-Pubkey-Hash¶

A Pay-To-Pubkey-Hash script consists of an unlock and a lock script which do the following (Pay amount of coins to hash matching the hash of the public key of the recipient):

Unlock-Script:

Push signature of the to be verified input to the stack
Push public key, that can verify the signature, to the stack

Lock-Script:

Duplicate public key
Hash duplicated public key
Push hash of public key contained in the output
Compare hashed duplicated public key with public key hash of output
Verify signature on the stack

pay-to-pubkey-hash pay-to-pubkey-hash-stack

Properties

no reveal of pubkey for receiver
key reuse is not good/ intended \(\rightarrow\) use new keypair for each transaction!

Multisignature¶

A Multisignature script consists of an unlock and a lock script which do the following (Pay only if \(x\) in \(n\) parties sign to spend the output):

Unlock-Script:

Push 0 to the stack (due to a bug in OP_CHECKMULTISIG)
Push all available signatures

Lock-Script:

Push number of required signature \(x\)
Push all public keys contained in output
Push number of pushed public keys \(n\), \(n >= x\)
Check all signatures and count that at least \(x\) valid signatures were present (all done by OP_CHECKMULTISIG)

multisig

multisig-stack

OP_RETURN¶

OP_RETURN is an operation code (opcode), which will throw an error whenever it is reached. An output that is locked with a script that contains OP_RETURN is unspendable due to this. A script can contain up to 80 bytes after the OP_RETURN instruction.

Useful for:

Embedding data in blockchain (Timestamping)
Proof-of-burn (starting another cryptocurrency by exporting bitcoins to another blockchain)

links: DSS TOC - Bitcoin - Index