Script: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
X6763 (talk | contribs)
→‎Scripts: Added Gavin's address-obfuscation script
Line 641: Line 641:


== Scripts ==
== Scripts ==
Keep in mind that all constants actually use the data-pushing commands above.
This is a list of interesting scripts (official and unofficial). Keep in mind that all constants actually use the data-pushing commands above.


=== Standard Transaction to Bitcoin address ===
=== Standard Transaction to Bitcoin address ===
Line 718: Line 718:
=== Transaction with a message ===
=== Transaction with a message ===


It's possible to add arbitrary data to any transaction by just adding some data along with OP_DROP (or omitting OP_DROP and allowing the value to sit on the stack unused). Scripts are limited to 10,000 bytes and 201 instructions/values, and each individual instruction/value is limited to 520 bytes.
It's possible to add arbitrary data to any transaction by just adding some data along with OP_DROP. Scripts are limited to 10,000 bytes and 201 instructions/values, and each individual instruction/value is limited to 520 bytes.


  scriptPubKey: <message> OP_DROP <pubKey> OP_CHECKSIG
  scriptPubKey: <message> OP_DROP <pubKey> OP_CHECKSIG
Line 745: Line 745:
|Signature is checked for top two stack items.
|Signature is checked for top two stack items.
|}
|}
===Hidden recipient address===
With this script by Gavin, the address of the recipient is encrypted until after the output is claimed. "randomNumber" must be known by both the sender and the recipient.
scriptPubKey: OP_OVER OP_HASH160 OP_XOR <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG
scriptSig: <scriptsig> <public_key> <randomNumber>
Checking process:
{| class="wikitable"
|-
! Stack
! Script
! Description
|-
|Empty.
|<scriptsig> <public_key> <randomNumber> OP_OVER OP_HASH160 OP_XOR <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG
|scriptSig and scriptPubKey are combined.
|-
|<scriptsig> <public_key> <randomNumber>
|OP_OVER OP_HASH160 OP_XOR <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG
|Constants are added to the stack.
|-
|<scriptsig> <public_key> <randomNumber> <public_key>
|OP_HASH160 OP_XOR <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG
|<public_key> is copied to the top of the stack.
|-
|<scriptsig> <public_key> <randomNumber> <hash160>
|OP_XOR <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG
|<public_key> is hashed.
|-
|<scriptsig> <public_key> <xored_hash160>
|<xored_hash160> OP_EQUALVERIFY OP_CHECKSIG
|<hash160> and <randomNumber> are xored together, encrypting the hash.
|-
|<scriptsig> <public_key> <xored_hash160> <xored_hash160>
|OP_EQUALVERIFY OP_CHECKSIG
|Constant is pushed onto the stack.
|-
|<scriptsig> <public_key>
|OP_CHECKSIG
|Equality is checked between the top two stack items.
|-
|true
|Empty.
|The signature is checked
|}


[[Category:Technical]]
[[Category:Technical]]
[[Category:Vocabulary]]
[[Category:Vocabulary]]

Revision as of 02:04, 17 March 2011

Bitcoin uses a scripting system for transactions. Forth-like, Script is simple, stack-based, and processed from left to right. It is purposefully not Turing-complete, with no loops or nesting if statements.

A script is essentially a list of instructions recorded with each transaction that describe how the next person wanting to spend the Bitcoins being transferred can gain access to them. The script for a typical Bitcoin transfer to destination Bitcoin address D simply encumbers future spending of the bitcoins with two things: the spender must provide

  1. a public key that, when hashed, yields destination address D embedded in the script, and
  2. a signature to show evidence of the private key corresponding to the public key just provided.

Scripting provides the flexibility to change the parameters of what's needed to spend transferred Bitcoins. For example, the scripting system could be used to require two private keys, or a combination of several, or even no keys at all.

A transaction is valid if nothing in the combined script triggers failure and the top stack item is true (1). The party who originally sent the Bitcoins now being spent, dictates the script operations that will occur last in order to release them for use in another transaction. The party wanting to spend them must provide the input(s) to the previously recorded script that results in those operations occurring last leaving behind true (1).

Scripts are big-endian. (Is all data, also?)

Words

This is a list of all Script words (commands/functions). Some are currently disabled for security reasons.

True=1 and False=0.

Constants

When talking about scripts, these value-pushing words are usually omitted.

Word Opcode Input Output Description
OP_0, OP_FALSE 0 Nothing. 0 The number 0 is pushed onto the stack.
N/A 1-75 (special) data The next opcode bytes is data to be pushed onto the stack
OP_PUSHDATA1 76 (special) data The next byte contains the number of bytes to be pushed onto the stack.
OP_PUSHDATA2 77 (special) data The next two bytes contain the number of bytes to be pushed onto the stack.
OP_PUSHDATA4 78 (special) data The next four bytes contain the number of bytes to be pushed onto the stack.
OP_1NEGATE 79 Nothing. -1 The number -1 is pushed onto the stack.
OP_1, OP_TRUE 81 Nothing. 1 The number 1 is pushed onto the stack.
OP_2-OP_16 82-96 Nothing. 2-16 The number in the word name (2-16) is pushed onto the stack.

Flow control

Word Opcode Input Output Description
OP_NOP 97 Nothing Nothing Does nothing.
OP_IF 99 <expression> if [statements] [else [statements]] endif If the top stack value is 1, the statements are executed. The top stack value is removed.
OP_NOTIF 100 <expression> if [statements] [else [statements]] endif If the top stack value is 0, the statements are executed. The top stack value is removed.
OP_ELSE 103 <expression> if [statements] [else [statements]] endif If the preceding OP_IF or OP_NOTIF was not executed then these statements are.
OP_ENDIF 104 <expression> if [statements] [else [statements]] endif Ends an if/else block.
OP_VERIFY 105 True / false Nothing / False Marks transaction as invalid if top stack value is not true. True is removed, but false is not.
OP_RETURN 106 Nothing Nothing Marks transaction as invalid.

Stack

Word Opcode Input Output Description
OP_TOALTSTACK 107 x1 (alt)x1 Puts the input onto the top of the alt stack. Removes it from the main stack.
OP_FROMALTSTACK 108 (alt)x1 x1 Puts the input onto the top of the main stack. Removes it from the alt stack.
OP_IFDUP 115 x x / x x If the input is true or false, duplicate it.
OP_DEPTH 116 Nothing <Stack size> Puts the number of stack items onto the stack.
OP_DROP 117 x Nothing Removes the top stack item.
OP_DUP 118 x x x Duplicates the top stack item.
OP_NIP 119 x1 x2 x2 Removes the second-to-top stack item.
OP_OVER 120 x1 x2 x1 x2 x1 Copies the second-to-top stack item to the top.
OP_PICK 121 xn ... x2 x1 x0 <n> xn ... x2 x1 x0 xn The item n back in the stack is copied to the top.
OP_ROLL 122 xn ... x2 x1 x0 <n> ... x2 x1 x0 xn The item n back in the stack is moved to the top.
OP_ROT 123 x1 x2 x3 x2 x3 x1 The top three items on the stack are rotated to the left.
OP_SWAP 124 x1 x2 x2 x1 The top two items on the stack are swapped.
OP_TUCK 125 x1 x2 x2 x1 x2 The item at the top of the stack is copied and inserted before the second-to-top item.
OP_2DROP 109 x1 x2 Nothing Removes the top two stack items.
OP_2DUP 110 x1 x2 x1 x2 x1 x2 Duplicates the top two stack items.
OP_3DUP 111 x1 x2 x3 x1 x2 x3 x1 x2 x3 Duplicates the top three stack items.
OP_2OVER 112 x1 x2 x3 x4 x1 x2 x3 x4 x1 x2 Copies the pair of items two spaces back in the stack to the front.
OP_2ROT 113 x1 x2 x3 x4 x5 x6 x3 x4 x5 x6 x1 x2 The fifth and sixth items back are moved to the top of the stack.
OP_2SWAP 114 x1 x2 x3 x4 x3 x4 x1 x2 Swaps the top two pairs of items.

Splice

Word Opcode Input Output Description
OP_CAT 126 x1 x2 out Concatenates two strings. Currently disabled.
OP_SUBSTR 127 in begin size out Returns a section of a string. Currently disabled.
OP_LEFT 128 in size out Keeps only characters left of the specified point in a string. Currently disabled.
OP_RIGHT 129 in size out Keeps only characters right of the specified point in a string. Currently disabled.
OP_SIZE 130 in in size Returns the length of the input string.

Bitwise logic

Word Input Output Description
OP_INVERT 131 in out Flips all of the bits in the input. Currently disabled.
OP_AND 132 x1 x2 out Boolean and between each bit in the inputs. Currently disabled.
OP_OR 133 x1 x2 out Boolean or between each bit in the inputs. Currently disabled.
OP_XOR 134 x1 x2 out Boolean exclusive or between each bit in the inputs. Currently disabled.
OP_EQUAL 135 x1 x2 True / false Returns 1 if the inputs are exactly equal, 0 otherwise.
OP_EQUALVERIFY 136 x1 x2 True / false Same as OP_EQUAL, but runs OP_VERIFY afterward.

Arithmetic

Word Opcode Input Output Description
OP_1ADD 139 in out 1 is added to the input.
OP_1SUB 140 in out 1 is subtracted from the input.
OP_2MUL 141 in out The input is multiplied by 2. Currently disabled.
OP_2DIV 142 in out The input is divided by 2. Currently disabled.
OP_NEGATE 143 in out The sign of the input is flipped.
OP_ABS 144 in out The input is made positive.
OP_NOT 145 in out If the input is 0 or 1, it is flipped. Otherwise the output will be 0.
OP_0NOTEQUAL 146 in out Returns 1 if the input is 0. 0 otherwise.
OP_ADD 147 a b out a is added to b.
OP_SUB 148 a b out b is subtracted from a.
OP_MUL 149 a b out a is multiplied by b. Currently disabled.
OP_DIV 150 a b out a is divided by b. Currently disabled.
OP_MOD 151 a b out Returns the remainder after dividing a by b. Currently disabled.
OP_LSHIFT 152 a b out Shifts a left b bits, preserving sign. Currently disabled.
OP_RSHIFT 153 a b out Shifts a right b bits, preserving sign. Currently disabled.
OP_BOOLAND 154 a b out If both a and b are not 0, the output is 1. Otherwise 0.
OP_BOOLOR 155 a b out If a or b is not 0, the output is 1. Otherwise 0.
OP_NUMEQUAL 156 a b out Returns 1 if the numbers are equal, 0 otherwise.
OP_NUMEQUALVERIFY 157 a b out Same as OP_NUMEQUAL, but runs OP_VERIFY afterward.
OP_NUMNOTEQUAL 158 a b out Returns 1 if the numbers are not equal, 0 otherwise.
OP_LESSTHAN 159 a b out Returns 1 if a is less than b, 0 otherwise.
OP_GREATERTHAN 160 a b out Returns 1 if a is greater than b, 0 otherwise.
OP_LESSTHANOREQUAL 161 a b out Returns 1 if a is less than or equal to b, 0 otherwise.
OP_GREATERTHANOREQUAL 162 a b out Returns 1 if a is greater than or equal to b, 0 otherwise.
OP_MIN 163 a b out Returns the smaller of a and b.
OP_MAX 164 a b out Returns the larger of a and b.
OP_WITHIN 165 x min max out Returns 1 if x is within the specified range (left-inclusive), 0 otherwise.

Crypto

Word Opcode Input Output Description
OP_RIPEMD160 166 in hash The input is hashed using RIPEMD-160.
OP_SHA1 167 in hash The input is hashed using SHA-1.
OP_SHA256 168 in hash The input is hashed using SHA-256.
OP_HASH160 169 in hash The input is hashed twice: first with SHA-256 and then with RIPEMD-160.
OP_HASH256 170 in hash The input is hashed two times with SHA-256.
OP_CODESEPARATOR 171 Nothing Nothing All of the signature checking words will only match signatures to the data after the most recently-executed OP_CODESEPARATOR.
OP_CHECKSIG 172 sig pubkey True / false The entire transaction's outputs, inputs, and script (from the most recently-executed OP_CODESEPARATOR to the end) are hashed. The signature used by OP_CHECKSIG must be a valid signature for this hash and public key. If it is, 1 is returned, 0 otherwise.
OP_CHECKSIGVERIFY 173 sig pubkey True / false Same as OP_CHECKSIG, but OP_VERIFY is executed afterward.
OP_CHECKMULTISIG 174 sig1 sig2 ... <number of signatures> pub1 pub2 <number of public keys> True / False For each signature and public key pair, OP_CHECKSIG is executed. If more public keys than signatures are listed, some key/sig pairs can fail. All signatures need to match a public key. If all signatures are valid, 1 is returned, 0 otherwise.
OP_CHECKMULTISIGVERIFY 175 sig1 sig2 ... <number of signatures> pub1 pub2 ... <number of public keys> True / False Same as OP_CHECKMULTISIG, but OP_VERIFY is executed afterward.

Pseudo-words

These words are used internally for assisting with transaction matching. They are invalid if used in actual scripts.

Word Opcode Description
OP_PUBKEYHASH 253 Represents a public key hashed with OP_HASH160.
OP_PUBKEY 254 Represents a public key compatible with OP_CHECKSIG.
OP_INVALIDOPCODE 255 Matches any opcode that is not yet assigned.

Reserved words

Any opcode not assigned is also reserved. Using an unassigned opcode makes the transaction invalid.

Word Opcode When used...
OP_RESERVED 80 Transaction is invalid
OP_VER 98 Transaction is invalid
OP_VERIF 101 Transaction is invalid
OP_VERNOTIF 102 Transaction is invalid
OP_RESERVED1 137 Transaction is invalid
OP_RESERVED2 138 Transaction is invalid
OP_NOP1-OP_NOP10 176-185 The word is ignored.

Scripts

This is a list of interesting scripts (official and unofficial). Keep in mind that all constants actually use the data-pushing commands above.

Standard Transaction to Bitcoin address

scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig: <sig> <pubKey>

To demonstrate how scripts look on the wire, here is a raw scriptPubKey:

  76       A9             14
OP_DUP OP_HASH160    Bytes to push

89 AB CD EF AB BA AB BA AB BA AB BA AB BA AB BA AB BA AB BA   88         AC
                      Data to push                     OP_EQUALVERIFY OP_CHECKSIG

Here is how each word is processed:

Stack Script Description
Empty. <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG scriptSig and scriptPubKey are combined.
<sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG Constants are added to the stack.
<sig> <pubKey> <pubKey> OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG Top stack item is duplicated.
<sig> <pubKey> <pubHashA> <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG Top stack item is hashed.
<sig> <pubKey> <pubHashA> <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG Constant added.
<sig> <pubKey> OP_CHECKSIG Equality is checked between the top two stack items.
true Empty. Signature is checked for top two stack items.

Standard Generation / transaction to IP address

scriptPubKey: <pubKey> OP_CHECKSIG
scriptSig: <sig>

Checking process:

Stack Script Description
Empty. <sig> <pubKey> OP_CHECKSIG scriptSig and scriptPubKey are combined.
<sig> <pubKey> OP_CHECKSIG Constants are added to the stack.
true Empty. Signature is checked for top two stack items.

Transaction with a message

It's possible to add arbitrary data to any transaction by just adding some data along with OP_DROP. Scripts are limited to 10,000 bytes and 201 instructions/values, and each individual instruction/value is limited to 520 bytes.

scriptPubKey: <message> OP_DROP <pubKey> OP_CHECKSIG
scriptSig: <sig>
Stack Script Description
Empty. <sig> <pubKey> OP_CHECKSIG scriptSig and scriptPubKey are combined.
<sig> <pubKey> <message> OP_DROP OP_CHECKSIG Constants are added to the stack.
<sig> <pubKey> OP_CHECKSIG Top item in the stack is removed.
true Empty. Signature is checked for top two stack items.

Hidden recipient address

With this script by Gavin, the address of the recipient is encrypted until after the output is claimed. "randomNumber" must be known by both the sender and the recipient.

scriptPubKey: OP_OVER OP_HASH160 OP_XOR <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG
scriptSig: <scriptsig> <public_key> <randomNumber>

Checking process:

Stack Script Description
Empty. <scriptsig> <public_key> <randomNumber> OP_OVER OP_HASH160 OP_XOR <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG scriptSig and scriptPubKey are combined.
<scriptsig> <public_key> <randomNumber> OP_OVER OP_HASH160 OP_XOR <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG Constants are added to the stack.
<scriptsig> <public_key> <randomNumber> <public_key> OP_HASH160 OP_XOR <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG <public_key> is copied to the top of the stack.
<scriptsig> <public_key> <randomNumber> <hash160> OP_XOR <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG <public_key> is hashed.
<scriptsig> <public_key> <xored_hash160> <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG <hash160> and <randomNumber> are xored together, encrypting the hash.
<scriptsig> <public_key> <xored_hash160> <xored_hash160> OP_EQUALVERIFY OP_CHECKSIG Constant is pushed onto the stack.
<scriptsig> <public_key> OP_CHECKSIG Equality is checked between the top two stack items.
true Empty. The signature is checked