Bitcoin Transaction Overview
  • Basic Bitcoin Transaction Structure:
    • [version] [inputs] [outputs] [locktime]
  • 1) Version Field
    • Mostly unused, any value can be applied
    • Historically, default value of 1
    • For relative timelocks, must be set to >= 2
  • 2) Inputs
    • Each input uniquely references an unspent output
    • Each valid input script unlocks the referenced output
  • 3) Outputs
    • Output amount describes the amount spendable by output
    • Output script defines conditions for spending
    • Transaction fee is the difference between output and referenced input amounts. Fee must be positive amount.
  • 4) Locktime
    • Absolute time from which on the transaction can be broadcast
    • See absolute transaction timelocks
Transaction Verification
  • In general, spending a Bitcoin output means providing valid unlocking arguments in the input script of the spending transaction.
  • Bitcoin Script Code
    • Stack-based scripting operations.
    • Input & Output scripts are both evaluated sequentially by the Bitcoin Script Machine.
  • Output Script (Locking Script)
    • Generally, output script can describe anything.
    • Usually, the output script checks for valid endorsement/signatures in the input scripts.
  • Input Script (Unlocking Script)
    • Usually provides endorsement/signature of spending of output referenced in input.
P2PKH Output Scripts
  • A basic wallet will send to a P2PKH(destination public key hash) output when it sends funds to a regular Bitcoin address.
  • Output Script (Locking Script)
    • Input script must provide valid public key preimage.
    • Input script must provide valid endorsement.
  • Next: P2PKH Script Verification
    • Bitcoin script machine must run both input & previous output scripts and verify outcome.
    • Top script machine stack element must be non-zero to be valid.
    • If script runs are successful for all inputs, and the referenced output is unspent, the transaction is valid and can be broadcast.
P2PKH Script Evaluation
  • [Data] push operator
    • Represents data bytes to be pushed onto stack
  • OP_DUP
    • Duplicate top member of stack
  • OP_HASH160
    • Duplicate top member of stack
  • OP_EQUALVERIFY
    • Verifies if top 2 stack elements are equal.
      • If positive, nothing is output to stack and script run continues.
      • If negative, script run fails.
  • OP_CHECKSIG
    • Checks whether signature & public key are valid, returns 1 or 0 to stack.
Endorsement Check Operations
  • Checksig opcodes validate that the transaction is signed by the private key corresponding to the public key on the stack.
  • CheckSig/CheckVerify Operations
    • Usually part of an ouput script.
    • Checks endorsement(s) against public key(s).
    • Checks that endorsement signs correct transaction data.
  • Next: Transaction Endorsements
    • An endorsement signs off on all or parts of a transaction.
    • An endorsement is specific to each transaction input.
    • Each input spends its referenced output individually, with a separate endorsement.
Building an Endorsement
  • 1) Build TX w/o input script
    • The transaction is populated with all elements which are signed by the endorsement.
    • For Sighash ALL, this includes all the TX elements except for the input script, which is left empty.
  • 2) Sign Signature Hash
    • The serialized transaction is appended with the sighash marker, and hashed.
    • The endorsement is a DER encoded signature thereof.
  • 3) Complete Input Script & Broadcast
    • With a endorsement constructed, the transaction can now be completed with the valid input script and broadcast on the network.