From Bitcoin Wiki
Revision as of 23:26, 24 January 2011 by Dirtyfilthy (talk | contribs) (initial work)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

OP_CHECKSIG is used to verify that a signature for a tx output is valid

Parameters =

In addition to the script code itself, to operate OP_CHECKSIG needs to know the current transaction, the current transaction input, and the current hashtype (discussed later)

How it works

  1. the public key and the signature are popped from the stack, in that order.
  2. A new subscript is created from the instruction from the most recent OP_CODESEPARATOR to the end of the script. If there is no OP_CODESEPARATOR the entire script becomes the subscript (hereby referred to as subScript)
  3. The sig is deleted from subScript.
  4. The hashtype is removed from the last byte of the sig and stored
  5. A deep copy is made of the current transaction (hereby referred to txCopy)
  6. All OP_CODESEPARATORS are removed from subScript
  7. The scripts for all transaction inputs in txCopy are set to empty scripts
  8. The script for the current transaction input in txCopy is set to subScript

Now depending on the hashtype various things can happen to txCopy, these will be discussed individually


  1. The output of txCopy is set to a vector of zero size.
  2. All other inputs aside from the current input in txCopy have their outpoint index set to zero


  1. The output of txCopy is resized to the size of the current input index
  2. All other txCopy outputs aside from the output that is the same as the current input index are set to a blank script and a value of (long) -1;
  3. All other txCopy inputs aside from the current input are set to have an outpoint index of zero


  1. The txCopy input vector is resized to a length of one
  2. The current input is set as the first and only member of this vector

Final signature

An array of bytes is constructed from the serialized txCopy + one byte for the hash type. This array is sha256 hashed twice, then the public key is used to to check the supplied signature against the hash.

Return values

OP_CHECKSIG will push true to the stack if the check passed, false otherwise. OP_CHECKSIG_VERIFY leaves nothing on the stack but will cause the script eval to fail immediately if the check does not pass.