Difference between revisions of "Script"
(Expanded) |
m |
||
Line 678: | Line 678: | ||
|<sig <pubKey> | |<sig <pubKey> | ||
|OP_CHECKSIG | |OP_CHECKSIG | ||
− | |||
| Equality is checked between the top two stack items. | | Equality is checked between the top two stack items. | ||
|- | |- | ||
Line 734: | Line 733: | ||
|<sig> <pubKey> | |<sig> <pubKey> | ||
|OP_CHECKSIG | |OP_CHECKSIG | ||
− | |||
|Top item in the stack is removed. | |Top item in the stack is removed. | ||
|- | |- |
Revision as of 18:24, 21 December 2010
Bitcoin uses a scripting system for transactions. Forth-like, Script is simple, stack-based, and processed from left to right. It is purposefully not Turing-complete, with no loops or nesting if statements.
A transaction is valid if nothing in the combined script triggers failure and the top stack item is true (1).
Scripts are big-endian. (Is all data, also?)
Contents
Words
This is a list of all Script words (commands/functions). Some are currently disabled for security reasons.
True=1 and False=0.
Constants
When talking about scripts, these value-pushing words are usually omitted.
Word | Opcode | Input | Output | Description |
---|---|---|---|---|
OP_0, OP_FALSE | 0 | Nothing. | 0 | The number 0 is pushed onto the stack. |
N/A | 1-75 | (special) | data | The next opcode bytes is data to be pushed onto the stack |
OP_PUSHDATA1 | 76 | (special) | data | The next byte contains the number of bytes to be pushed onto the stack. |
OP_PUSHDATA2 | 77 | (special) | data | The next two bytes contain the number of bytes to be pushed onto the stack. |
OP_PUSHDATA4 | 78 | (special) | data | The next four bytes contain the number of bytes to be pushed onto the stack. |
OP_1NEGATE | 79 | Nothing. | -1 | The number -1 is pushed onto the stack. |
OP_1, OP_TRUE | 81 | Nothing. | 1 | The number 1 is pushed onto the stack. |
OP_2-OP_16 | 82-96 | Nothing. | 2-16 | The number in the word name (2-16) is pushed onto the stack. |
Flow control
Word | Opcode | Input | Output | Description |
---|---|---|---|---|
OP_NOP | 97 | Nothing | Nothing | Does nothing. |
OP_IF | 99 | <expression> if [statements] [else [statements]] endif | If the top stack value is 1, the statements are executed. The top stack value is removed. | |
OP_NOTIF | 100 | <expression> if [statements] [else [statements]] endif | If the top stack value is 0, the statements are executed. The top stack value is removed. | |
OP_ELSE | 103 | <expression> if [statements] [else [statements]] endif | If the preceding OP_IF was not executed, these statements are. | |
OP_ENDIF | 104 | <expression> if [statements] [else [statements]] endif | Ends an if/else block. | |
OP_VERIFY | 105 | True / false | Nothing / False | Marks transaction as invalid if top stack value is not true. True is removed, but false is not. |
OP_RETURN | 106 | Nothing | Nothing | Marks transaction as invalid. |
Stack
Word | Opcode | Input | Output | Description |
---|---|---|---|---|
OP_TOALTSTACK | 107 | x1 | (alt)x1 | Puts the input onto the top of the alt stack. Removes it from the main stack. |
OP_FROMALTSTACK | 108 | (alt)x1 | x1 | Puts the input onto the top of the main stack. Removes it from the alt stack. |
OP_IFDUP | 115 | x | x / x x | If the input is true or false, duplicate it. |
OP_DEPTH | 116 | Nothing | <Stack size> | Puts the number of stack items onto the stack. |
OP_DROP | 117 | x | Nothing | Removes the top stack item. |
OP_DUP | 118 | x | x x | Duplicates the top stack item. |
OP_NIP | 119 | x1 x2 | x2 | Removes the second-to-top stack item. |
OP_OVER | 120 | x1 x2 | x1 x2 x1 | Copies the second-to-top stack item to the top. |
OP_PICK | 121 | xn ... x2 x1 x0 <n> | xn ... x2 x1 x0 xn | The item n back in the stack is copied to the top. |
OP_ROLL | 122 | xn ... x2 x1 x0 <n> | ... x2 x1 x0 xn | The item n back in the stack is moved to the top. |
OP_ROT | 123 | x1 x2 x3 | x2 x3 x1 | The top three items on the stack are rotated to the left. |
OP_SWAP | 124 | x1 x2 | x2 x1 | The top two items on the stack are swapped. |
OP_TUCK | 125 | x1 x2 | x2 x1 x2 | The item at the top of the stack is copied and inserted before the second-to-top item. |
OP_2DROP | 109 | x1 x2 | Nothing | Removes the top two stack items. |
OP_2DUP | 110 | x1 x2 | x1 x2 x1 x2 | Duplicates the top two stack items. |
OP_3DUP | 111 | x1 x2 x3 | x1 x2 x3 x1 x2 x3 | Duplicates the top three stack items. |
OP_2OVER | 112 | x1 x2 x3 x4 | x1 x2 x3 x4 x1 x2 | Copies the pair of items two spaces back in the stack to the front. |
OP_2ROT | 113 | x1 x2 x3 x4 x5 x6 | x3 x4 x5 x6 x1 x2 | The fifth and sixth items back are moved to the top of the stack. |
OP_2SWAP | 114 | x1 x2 x3 x4 | x3 x4 x1 x2 | Swaps the top two pairs of items. |
Splice
Word | Opcode | Input | Output | Description |
---|---|---|---|---|
OP_CAT | 126 | x1 x2 | out | Concatenates two strings. Currently disabled. |
OP_SUBSTR | 127 | in begin size | out | Returns a section of a string. Currently disabled. |
OP_LEFT | 128 | in size | out | Keeps only characters left of the specified point in a string. Currently disabled. |
OP_RIGHT | 129 | in size | out | Keeps only characters right of the specified point in a string. Currently disabled. |
OP_SIZE | 130 | in | in size | Returns the length of the input string. |
Bitwise logic
Word | Input | Output | Description | |
---|---|---|---|---|
OP_INVERT | 131 | in | out | Flips all of the bits in the input. Currently disabled. |
OP_AND | 132 | x1 x2 | out | Boolean and between each bit in the inputs. Currently disabled. |
OP_OR | 133 | x1 x2 | out | Boolean or between each bit in the inputs. Currently disabled. |
OP_XOR | 134 | x1 x2 | out | Boolean exclusive or between each bit in the inputs. Currently disabled. |
OP_EQUAL | 135 | x1 x2 | True / false | Returns 1 if the inputs are exactly equal, 0 otherwise. |
OP_EQUALVERIFY | 136 | x1 x2 | True / false | Same as OP_EQUAL, but runs OP_VERIFY afterward. |
Arithmetic
Word | Opcode | Input | Output | Description |
---|---|---|---|---|
OP_1ADD | 139 | in | out | 1 is added to the input. |
OP_1SUB | 140 | in | out | 1 is subtracted from the input. |
OP_2MUL | 141 | in | out | The input is multiplied by 2. Currently disabled. |
OP_2DIV | 142 | in | out | The input is divided by 2. Currently disabled. |
OP_NEGATE | 143 | in | out | The sign of the input is flipped. |
OP_ABS | 144 | in | out | The input is made positive. |
OP_NOT | 145 | in | out | If the input is 0 or 1, it is flipped. Otherwise the output will be 0. |
OP_0NOTEQUAL | 146 | in | out | Returns 1 if the input is 0. 0 otherwise. |
OP_ADD | 147 | a b | out | a is added to b. |
OP_SUB | 148 | a b | out | b is subtracted from a. |
OP_MUL | 149 | a b | out | a is multiplied by b. Currently disabled. |
OP_DIV | 150 | a b | out | a is divided by b. Currently disabled. |
OP_MOD | 151 | a b | out | Returns the remainder after dividing a by b. Currently disabled. |
OP_LSHIFT | 152 | a b | out | Shifts a left b bits, preserving sign. Currently disabled. |
OP_RSHIFT | 153 | a b | out | Shifts a right b bits, preserving sign. Currently disabled. |
OP_BOOLAND | 154 | a b | out | If both a and b are not 0, the output is 1. Otherwise 0. |
OP_BOOLOR | 155 | a b | out | If a or b is not 0, the output is 1. Otherwise 0. |
OP_NUMEQUAL | 156 | a b | out | Returns 1 if the numbers are equal, 0 otherwise. |
OP_NUMEQUALVERIFY | 157 | a b | out | Same as OP_NUMEQUAL, but runs OP_VERIFY afterward. |
OP_NUMNOTEQUAL | 158 | a b | out | Returns 1 if the numbers are not equal, 0 otherwise. |
OP_LESSTHAN | 159 | a b | out | Returns 1 if a is less than b, 0 otherwise. |
OP_GREATERTHAN | 160 | a b | out | Returns 1 if a is greater than b, 0 otherwise. |
OP_LESSTHANOREQUAL | 161 | a b | out | Returns 1 if a is less than or equal to b, 0 otherwise. |
OP_GREATERTHANOREQUAL | 162 | a b | out | Returns 1 if a is greater than or equal to b, 0 otherwise. |
OP_MIN | 163 | a b | out | Returns the smaller of a and b. |
OP_MAX | 164 | a b | out | Returns the larger of a and b. |
OP_WITHIN | 165 | x min max | out | Returns 1 if x is within the specified range (left-inclusive), 0 otherwise. |
Crypto
Word | Opcode | Input | Output | Description |
---|---|---|---|---|
OP_RIPEMD160 | 166 | in | hash | The input is hashed using RIPEMD-160. |
OP_SHA1 | 167 | in | hash | The input is hashed using SHA-1. |
OP_SHA256 | 168 | in | hash | The input is hashed using SHA-256. |
OP_HASH160 | 169 | in | hash | The input is hashed twice: first with SHA-256 and then with RIPEMD-160. |
OP_HASH256 | 170 | in | hash | The input is hashed two times with SHA-256. |
OP_CODESEPARATOR | 171 | Nothing | Nothing | All of the signature checking words will only match signatures to the data after the most recently-executed OP_CODESEPARATOR. |
OP_CHECKSIG | 172 | sig pubkey | True / false | The entire transaction's outputs, inputs, and script (from the most recently-executed OP_CODESEPARATOR to the end) are hashed. The signature used by OP_CHECKSIG must be a valid signature for this hash and public key. If it is, 1 is returned, 0 otherwise. |
OP_CHECKSIGVERIFY | 173 | sig pubkey | True / false | Same as OP_CHECKSIG, but OP_VERIFY is executed afterward. |
OP_CHECKMULTISIG | 174 | sig1 sig2 ... <number of signatures> pub1 pub2 <number of public keys> | True / False | For each signature and public key pair, OP_CHECKSIG is executed. If more public keys than signatures are listed, some key/sig pairs can fail. All signatures need to match a public key. If all signatures are valid, 1 is returned, 0 otherwise. |
OP_CHECKMULTISIGVERIFY | 175 | sig1 sig2 ... <number of signatures> pub1 pub2 ... <number of public keys> | True / False | Same as OP_CHECKMULTISIG, but OP_VERIFY is executed afterward. |
Pseudo-words
These words are used internally for assisting with transaction matching. They are invalid if used in actual scripts.
Word | Opcode | Description |
---|---|---|
OP_PUBKEYHASH | 253 | Represents a public key hashed with OP_HASH160. |
OP_PUBKEY | 254 | Represents a public key compatible with OP_CHECKSIG. |
OP_INVALIDOPCODE | 255 | Matches any opcode that is not yet assigned. |
Reserved words
Any opcode not assigned is also reserved. Using an unassigned opcode makes the transaction invalid.
Word | Opcode | When used... |
---|---|---|
OP_RESERVED | 80 | Transaction is invalid |
OP_VER | 98 | Transaction is invalid |
OP_VERIF | 101 | Transaction is invalid |
OP_VERNOTIF | 102 | Transaction is invalid |
OP_RESERVED1 | 137 | Transaction is invalid |
OP_RESERVED2 | 138 | Transaction is invalid |
OP_NOP1-OP_NOP10 | 176-185 | The word is ignored. |
Scripts
Keep in mind that all constants actually use the data-pushing commands above.
Standard Transaction to Bitcoin address
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG scriptSig: <sig> <pubKey>
To demonstrate how scripts look on the wire, here is a raw scriptPubKey:
76 A9 14 OP_DUP OP_HASH160 Bytes to push AB CD EF AB BA AB BA AB BA AB BA AB BA AB BA AB BA AB BA 88 AC Data to push OP_EQUALVERIFY OP_CHECKSIG
Here is how each word is processed:
Stack | Script | Description |
---|---|---|
Empty. | <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG | scriptSig and scriptPubKey are combined. |
<sig> <pubKey> | OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG | Constants are added to the stack. |
<sig> <pubKey> <pubKey> | OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG | Top stack item is duplicated. |
<sig <pubKey> <pubHashA> | <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG | Top stack item is hashed. |
<sig <pubKey> <pubHashA> <pubKeyHash> | OP_EQUALVERIFY OP_CHECKSIG | Constant added. |
<sig <pubKey> | OP_CHECKSIG | Equality is checked between the top two stack items. |
true | Empty. | Signature is checked for top two stack items. |
Standard Generation / transaction to IP address
scriptPubKey: <pubKey> OP_CHECKSIG scriptSig: <sig>
Checking process:
Stack | Script | Description |
---|---|---|
Empty. | <sig> <pubKey> OP_CHECKSIG | scriptSig and scriptPubKey are combined. |
<sig> <pubKey> | OP_CHECKSIG | Constants are added to the stack. |
true | Empty. | Signature is checked for top two stack items. |
Transaction with a message
It's possible to add arbitrary data to any transaction by just adding some data along with OP_DROP (or ommitting OP_DROP and allowing the value to sit on the stack unused). Scripts are limited to 10,000 bytes and 201 instructions/values, and each individual instruction/value is limited to 520 bytes.
scriptPubKey: <message> OP_DROP <pubKey> OP_CHECKSIG scriptSig: <sig>
Stack | Script | Description |
---|---|---|
Empty. | <sig> <pubKey> OP_CHECKSIG | scriptSig and scriptPubKey are combined. |
<sig> <pubKey> <message> | OP_DROP OP_CHECKSIG | Constants are added to the stack. |
<sig> <pubKey> | OP_CHECKSIG | Top item in the stack is removed. |
true | Empty. | Signature is checked for top two stack items. |