Deep understanding of Bitcoin trading scripts

Reference:http://www.infoq.com/cn/articles/deep-understanding-of-bitcoin-transaction-script

In the Bitcoin blockchain, each chunk points to the previous block , and the chunk Hashiki computed by SHA256 is the basis for the non-tampering of the bitcoin ledger.

In a block, the Bitcoin system uses trading (Transaction) to represent a bitcoin transaction. A chunk contains at least one transaction. These transaction hashes calculate the Merkle hash of all trades by Merkle tree and are included in the chunk hash to make the transaction non-modifiable .

If we look closely at each transaction, we can see that, in addition to the first transaction, each transaction has one or more inputs (txin) and one or more outputs (txout), except for the miners ' mining proceeds:

The first miner's mining income transaction is often referred to as Coinbase, which has no input, so txin's hash is always labeled as 00000000 ... 0000

For other transactions, any txin will only be traced back to a hash of a trade in the blockchain prior to this block, as well as the index:

By trading Hash and index (starting from 0), you can uniquely determine an unused trade output--utxo (unspent Transaction output). in this way, each TX input is associated with a previous TX output.

We assume that in the last transaction, Bob paid Alice 0.15 BTC.

Since bitcoin does not have an account concept, the output of this transaction does not write Alice's name, nor does it write Alice's public key.

So, Alice wants to spend the 0.15 BTC, how she should prove she owns the Utxo, and the others can't fake Alice to spend the Utxo.

The answer is that the output of Bitcoin's trade creation is not a simple public key address, but a script . In this transaction where Bob pays Alice 0.15 BTC, Bob creates an output script similar to the following:

Op_dup op_hash160 abcd1234 ... 9876 op_equalverify Op_checksig

Among them, abcd1234 ... 9876 is Alice's public key hash. The whole script means, who can provide a signature and a public key, let this script run through, who can spend 1.5 BTC of this transaction.

Because creating a signature can only use Alice's private key, signatures created by non-Alice's private key cannot be validated by this script, so others cannot impersonate Alice to spend the output.

once Alice has provided a signature and her own public key, she has actually created another transaction to spend this output.

Everyone can verify that the new transaction that Alice created is valid. If it works, the deal will be packaged by miners into new chunks, making it a part of the blockchain that cannot be changed.

We take the famous pizza transaction as an example to verify whether a transaction is valid.

In Trading cca75078 ... 4d79 (in, the only txin input provided by the Sigscript is:

8b4830450221009908144ca6539e09512b9295c8

a27050d478fbb96f8addbc3d075544dc41328702

201aa528be2b907d316d2da068dd9eb1e23243d9

7e444d59290d2fddf25269ee0e0141042e930f39

ba62c6534ee98ed20ca98959d34aa9e057cda01c

Fd422c6bab3667b76426529382c23f42b9b08d78

32d4fee1d6b437a8526e59667ce9c4e9dcebcabb

The Sigscript is actually composed of two parts:

Signature: 30450221...ee0e01 (71 bytes + 1 byte signature type), the actual signature is the 30450221...ee0e with the last byte 01 removed, and the signature type is Sighash_all (0x01).

Public key: 042e930f...cabb (65 bytes)

To verify that the transaction is valid, we first find the output of the previous transaction based on the previous output hash:a1075db5...d48d and index 0 declared by Txin:

https://webbtc.com/tx/a1075db55d416d3ca199f55b6084e2115b9345e16c5cf302fc80e9d5fbf5d48d

The script for this trade output is:

1976a91446af3fb481837fadbb421727f9959c2d32a3682988ac

The Bitcoin script consists of a series of instructions and data, each of which occupies one byte, and the data is determined by the length of the data head. The following binary script translated Bitcoin instructions are as follows:

Op_dup op_hash160 46af3fb481837fadbb421727f9959c2d32a36829 op_equalverify Op_checksig

Now we have the signature, the public key, and the script:

Sig:30450221...ee0e01

Pubkey:042e930f...cabb

Op_dup op_hash160 46af3fb4 ... 6829 op_equalverify Op_checksig

You can run this script to verify that the transaction is valid.

The bitcoin script is designed to run as a stack of virtual machine instructions, it has only a limited number of instructions, and deliberately designed to not loop, conditional jump, so the Bitcoin script is not a full-fledged language.

The execution of the Bitcoin script is very simple. We first have to prepare an empty stack, and then put the signature and the public key into the stack:

Immediately after that, we can execute the txout script:

Op_dup op_hash160 46af3fb481837fadbb421727f9959c2d32a36829 op_equalverify Op_checksig

First executes the op_dup, which copies the elements of the top of the stack, so the result becomes:

Immediately after executing op_hash160, it calculates sha256/ripemd160 on the top of the stack, actually computes the public key hash, so the result of the operation becomes:

The next instruction is actually a data, we directly put the data into the stack:

Then, execute op_equalverify, this instruction compares the top two elements of the stack is equal, if not, the entire script fails to execute, if equal, the script will continue to execute, so the result of the operation becomes:

Finally, execute the instruction Op_checksig, which verifies the signature. First, we validate the entire transaction based on the signature type Sighash_all (0x01). The authentication method is:

Remove all txin scriptsig (red) from the current transaction, and replace the current txin scriptsig with the Utxo script (Blue section), and adjust the Length field (Green section):

Finally plus the small-endian 4-byte signature type 0x01 (Gray section), calculated two times SHA256, we get:

C2d48f45 ... 2669

Now, the signature is validated using the ECDSA algorithm:

Boolean ecdsa_verify_signature (byte[] message, byte[] signature, byte[] pubkey)

Based on the verification result of the signature, we can confirm that the transaction is valid.

With the introduction of scripts, we can see that bitcoin actually implements a transfer mechanism of digital currency ownership strictly based on computer program verification through programming scripts. due to the scalability of computer programs, Bitcoin payments are not limited to a public key address that must be paid. using scripts, we can construct various payment conditions, for example, multiple signature verification conditions:

2 <public-key1> <public-key2> <public-key3> 3 op_checkmultisign

This provides multiple public key addresses and requires multiple signature scripts for signature verification, allowing at least n signatures to be used at the M signature species. The script above allows for any two valid signatures in 3 public key addresses.

When we host Bitcoin in a third-party online wallet, we can use multiple signatures to ensure that only our own and third-party wallets are co-signed before we can use the output, so that hackers will not be able to spend the user's Bitcoin after attacking a third-party wallet.

With op_checklocktimeverify, we can specify a lock time for a trade, before which the trade output cannot be spent. this directive actually realized Alipay's 7-day funds locked and then paid to the seller's function.

There are some transactions that do not specify a public key hash, for example, the script for this transaction is as follows:

op_hash256 6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000 op_equal

It means to say, who can provide a data, it's SHA256 is 6fe28c0a ... 0000, who can spend this deal.

( Note: The transaction has been spent and someone has found a qualifying data )

From the Bitcoin script, we can see that the digital currency payment based on blockchain is actually a safe transfer of digital currency ownership. If we register the financial assets or physical assets in the blockchain in the digital form, we can safely realize the transfer of ownership under various conditions through the script, which is the application of the intelligent contract in the blockchain.