Scripts and transaction validation

Introduction

  basics

The lock and unlock scripts for pay-to-pubkey-hash are a more secure way of assigning satoshis to a public key since the public key is not published as part of the lock script. It is only revealed with the unlock script.

Lock script

    hash

The lock script has five components:

OP_DUP OP_HASH160 ⟨hash⟩ OP_EQUALVERIFY OP_CHECKSIG

The following is the lock script from the output of the previous transaction that is referenced by the input of the example transaction. The byte string is color coded to show the underlying data structures of the script:

76a914698b8ec639a454f71313e49065a68e86b140f02588ac

These components are based on the following data structures:

OpCode : OP_DUP
OpCode : OP_HASH160
VarInt : Length of hash
[Byte] : Hash of public key
OpCode : OP_EQUALVERIFY
OpCode : OP_CHECKSIG

Unlock script

sig/pubK

The unlock script has two components:

⟨signature⟩ ⟨pubKey⟩

The following is the unlock script from the input of the example transaction. The byte string is color coded to show the underlying data structures of the script:

483045022100e2dff5cedd7924e0b8dce70147b6d4081edca367ae4038adebca41edaa8864240220206bf64423dcc39a6075196c418d267fcd92f36d00cdd5606bb3a299ddbf2a2f012102899aa3f9ddbae77c501bf48851a1df8d5d45574a812a866931b3e1f284c8b4b9

These components are based on the following data structures:

VarInt : Length of signature
[Byte] : Serialized signature
VarInt : Length of public key
[Byte] : Serialized public key

Combined script

 execute

The combined script has seven components:

⟨signature⟩ ⟨pubKey⟩ OP_DUP OP_HASH160 ⟨hash⟩ OP_EQUALVERIFY OP_CHECKSIG

The script is parsed and executed from left to right. Every data object is pushed on top of the stack implicitly. Validating the script the following steps are executed:

  1. The signature is pushed on the stack
⟨signature⟩ ⟨pubKey⟩ OP_DUP OP_HASH160 ⟨hash⟩ OP_EQUALVERIFY OP_CHECKSIG ⟨signature⟩

  1. The public key is pushed on the stack
⟨pubKey⟩ OP_DUP OP_HASH160 ⟨hash⟩ OP_EQUALVERIFY OP_CHECKSIG ⟨pubKey⟩⟨signature⟩

  1. The OpCode OP_DUP duplicates the top most item and pushes it on the stack
OP_DUP OP_HASH160 ⟨hash⟩ OP_EQUALVERIFY OP_CHECKSIG ⟨pubKey⟩
⟨pubKey⟩⟨signature⟩


  1. The OpCode OP_HASH160 pops the top most item off the stack and pushes the hash of the item on the stack
OP_HASH160 ⟨hash⟩ OP_EQUALVERIFY OP_CHECKSIG ⟨hash⟩
⟨pubKey⟩⟨signature⟩


  1. The hash of the public key is pushed on the stack
⟨hash⟩ OP_EQUALVERIFY OP_CHECKSIG ⟨hash⟩
⟨hash⟩
⟨pubKey⟩⟨signature⟩



  1. The OpCode OP_EQUALVERIFY pops the top two items off the stack and stops execution with an error if the items are not equal
OP_EQUALVERIFY OP_CHECKSIG ⟨pubKey⟩⟨signature⟩


  1. The OpCode OP_CHECKSIG pops the first two items off the stack, checks the signature and pushes ⟨1⟩ on the stack if the signature is valid (execution stops with an error otherwise)
OP_CHECKSIG ⟨1⟩

  1. The script evaluates as valid if the item on top of the stack is ⟨1⟩ after the execution has finished

Remarks

 OpCodes

The OpCode OP_EQUALVERIFY is a combination of the OpCodes OP_EQUAL and OP_VERIFY. The first pops the two top items from the stack and pushes ⟨1⟩ on the stack if the items are equal and ⟨0⟩ otherwise. The second pops the top most item from the stack and interrupts execution if the item is not ⟨1⟩.