Bitcoin Transaction Scripts: A Deep Dive into How They Work

Bitcoin's functionality is built on a foundation of complex but elegant cryptographic principles. At the heart of every transaction lies a critical component: the transaction script. Understanding this system is key to grasping how Bitcoin ensures security and ownership without a central authority.

This guide will break down the concepts of hashing, public-key cryptography, and the scripting language that makes it all work. We'll explore how addresses are generated and how the scripting system verifies transactions.

Understanding the Prerequisites

Before diving into transaction scripts, it's essential to be familiar with two fundamental cryptographic concepts. You don't need to know the intricate mathematical details, but a general understanding of how they work is crucial.

• Hash Algorithms: Bitcoin primarily uses the SHA-256 algorithm. A hash function takes an input of any size and produces a fixed-size string of characters, which is a unique digital fingerprint of the input.
• Asymmetric Cryptography: Bitcoin employs Elliptic Curve Cryptography (ECC). This uses a pair of keys: a private key (kept secret) and a public key (shared openly). What one key encrypts, only the other key can decrypt.

How a Bitcoin Address is Generated

A Bitcoin address, like 1QAc9S5EmycqjzzWDc1yiWzr9jJLC8sLiY, is the public-facing identifier you share to receive funds. It is derived from your public key through a series of cryptographic transformations. Here’s a simplified breakdown of the process:

1. Generate a Private Key: Using a cryptographically secure random number generator, a 32-byte private key is created. This number is essentially a secret number of immense size, making the chance of duplication astronomically low.
2. Derive the Public Key: The private key is processed using ECC to generate a corresponding public key. This is a 65-byte number (or 33 bytes in its compressed form).
3. Create a Public Key Hash (KeyID): The public key is processed through two hash functions: first SHA-256 and then RIPEMD-160. This 160-bit result is known as a KeyID or public key hash. This step enhances security by shortening the public key and adding an extra layer of hashing.
4. Add a Network Prefix: A single-byte version prefix is added to the hash to indicate which Bitcoin network the address is for (e.g., 0x00 for mainnet, 0x6f for testnet).
5. Calculate a Checksum: The version prefix and public key hash are hashed twice with SHA-256. The first four bytes of this result are used as a checksum to detect errors in the address.
6. Encode in Base58: The final payload (version byte + public key hash + checksum) is encoded using Base58 encoding. This format is chosen to avoid ambiguous characters like 0, O, I, and l, making addresses easier to read and transmit accurately.

The result of this multi-step process is the familiar Bitcoin address string. For developers, this process can be traced in the Bitcoin Core source code within functions like CKey::MakeNewKey and CKey::GetPubKey.

The Mechanics of Bitcoin Transaction Scripts

Every Bitcoin transaction contains scripts that define the conditions for spending the funds. These are the locking and unlocking mechanisms.

• Output Script (ScriptPubKey or "Lock"): This script is set by the sender when they create a transaction output. It defines the rules that must be met to spend the bitcoins sent to that output. It "locks" the funds.
• Input Script (ScriptSig or "Key"): This script is provided by the recipient when they want to spend the bitcoins. It provides the data (like a signature) needed to satisfy the conditions set in the output script. It is the "key" that unlocks the funds.

The Bitcoin virtual machine executes these scripts in sequence to validate a transaction. It first runs the input script (placing data on a stack) and then runs the output script using the stack data left behind by the input script.

A Standard Example: Pay-to-Public-Key-Hash (P2PKH)

The most common script type is Pay-to-Public-Key-Hash. Let's examine its components:

• Input Script (Unlocking Script): <Sig> <PubKey>

  • This provides a signature (Sig) and the full public key (PubKey).
• Output Script (Locking Script): OP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

Let's walk through the step-by-step execution of these combined scripts on the virtual machine's stack:

1. The input script runs first, pushing the <Sig> and then the <PubKey> onto the stack.

2. The output script begins execution:

   • OP_DUP: Duplicates the top item on the stack (the <PubKey>).
   • OP_HASH160: Applies the HASH160 (SHA-256 followed by RIPEMD-160) function to the duplicated public key.
   • <PubKeyHash>: The public key hash from the output script is pushed onto the stack.
   • OP_EQUALVERIFY: Compares the two top items—the hash it just computed from the provided public key and the PubKeyHash from the output script. If they are not equal, execution fails immediately. This verifies that the provided public key hashes to the expected value.
   • OP_CHECKSIG: This crucial opcode takes the remaining two items on the stack—the original <PubKey> and the <Sig>. It uses the public key to verify that the signature is valid for the current transaction. If the signature is valid, the result is TRUE and the transaction is valid.

This elegant script ensures that only the holder of the private key corresponding to the public key hash can create a valid signature to spend the funds. It is a powerful demonstration of using cryptography to prove ownership without revealing secrets.

👉 Explore advanced scripting techniques

Frequently Asked Questions

What is the main purpose of a Bitcoin script?
Bitcoin scripts define the conditions under which funds can be spent from a transaction output. They form a programmable system that allows for various types of transactions beyond simple transfers, enabling complex conditions and smart contracts on a basic level.

What's the difference between a public key and a Bitcoin address?
A public key is the direct cryptographic counterpart to a private key. A Bitcoin address is a shorter, hashed version of the public key (specifically, the HASH160 of the public key). Using the address instead of the full public key in scripts improves space efficiency and adds a layer of privacy and security.

Can Bitcoin scripts be used for more than simple payments?
Yes. While P2PKH is the most common, the Bitcoin scripting language allows for more complex operations. Scripts can require multiple signatures (multisig), impose time locks, or create puzzles that need to be solved to spend the funds, paving the way for more advanced 👉 blockchain applications.

What happens if a transaction script fails?
If, during execution, any opcode fails (e.g., OP_EQUALVERIFY finds unequal hashes or OP_CHECKSIG finds an invalid signature), the entire script validation fails. This causes the transaction to be rejected by the network as invalid, preventing the funds from being spent.

Is the Bitcoin scripting language Turing-complete?
No, it is intentionally not Turing-complete. It does not support loops or complex recursion. This design choice was made for security reasons to prevent scripts from running indefinitely, which could be used to attack network nodes.

Who executes these transaction scripts?
Every node on the Bitcoin network that validates transactions executes these scripts. For a transaction to be confirmed and added to a block, it must pass script validation by the miners and the full nodes that relay it.