This is the archived Spring 2015 version of the course. For the most recent version, see http://bitcoin-class.org.

Class 15: Script

Posted: Wed 04 March 2015

Schedule

  • Project 2 Part 2 is due tomorrow (Thursday, 5 March).
    Submission is by email, send a PDF with your answers to questions 5-9.

  • Keep thinking about ideas for your project. The first deliverable for the project will be a preliminary proposal due on March 19.

  • Enjoy your Spring Break!

Note: due to a bug in slideshare's updated player, ink markings no longer appear in the viewer.
If you download the slides, they are present though. Hopefully, the player will be fixed someday.

Bitcoin Script

Transaction outputs in bitcoin are protected by locking scripts, and must be unlocked by unlocking scripts. The scripts are written in a simple (compared to, say, the Java Virtual Machine language, but quite complex and poorly specified for what one might expect would be needed for bitcoin transactions) stack-based language. A transaction output is not unlocked unless an unlocking script is provided such that the result of executing the unlocking script, followed by executing the locking script, is a stack with value True on top (and no invalid transaction results during the execution).

Some script instructions:

Opcode Input Output Description
OP_1 - 1 Pushes a 1 (True) on the stack
OP_DUP a a a Duplicates the top element of the stack
OP_ADD a b (a+b) Pushes the sum of the top two elements.
OP_EQUAL a b 0 or 1 Pushes 1 if the top two elements are exactly equal, otherwise 0.
OP_VERIFY a - If a is not True (1), terminates as Invalid.
OP_RETURN - - Terminates as Invalid.
OP_EQUALVERIFY a b - If a and b are not equal, terminates as Invalid.
OP_HASH160 a H(a) Pushes bitcoin address, RIPEMD(SHA256(a)).

Some more complex instructions:

OP_IF [statements] OP_ENDIF - If the top of the stack is 1, executes [statements]. Otherwise does nothing.

OP_CHECKSIG - Pops two items from the stack, publickey and sig. Verifies the entire transaction (known from node state, not the stack) using the publickey and sig. If the signature is valid, push 1; otherwise, 0.

OP_1 OP_DUP OP_ADD OP_DUP OP_SUB OP_VERIFY

The most common locking script (send to public address):
OP_DUP
OP_HASH160
OP_DATA20 (bitcoin address)
OP_EQUALVERIFY
OP_CHECKSIG

What must be on the stack for the locking script to succeed (end with 1 on top of stack)?

OP_HASH160
[20-byte hash]
OP_EQUAL

What must be on the stack for the locking script above ("Pay-to-Script-Hash") to succeed?

According to Most Popular Transaction Scripts (analysis of all transactions in first 290,000 blocks), the ninth most popular script is: OP_RETURN OP_DATA_40

What must be on the stack for the OP_RETURN OP_DATA_40 locking script to succeed (end with 1 on top of stack)? (Trick question: what happens to the coin protected by this locking script?)

Is the bitcoin scripting language Turing-complete?

If you are not clear on what Turing-complete means, see Dori-Mic and the Universal Machine!

BTCD Code

Type: Script is the virtual machine the executes scripts (note that it has two Stacks)

Execute a script: Execute
Execute one instruction: Step

Opcodes
exec function executes one instruction

Some interesting opcode implementations: OP_IF
OP_RETURN

Bitcoin Core Code

script/interpreter.cpp

OP_DUP
Crypto OP_CHECKSIG

Links

Script Playground

Some interesting things you can do with bitcoin scripts:
Contracts (see also Nick Szabo's Formalizing and Securing Relationships on Public Networks
Secure Multiparty Computations (to implement lotteries)

The OP_RETURN/pasted script execution bug doesn't even make this list of The 9 Biggest Screwups in Bitcoin History.

Block 71036

Comments