Understanding Bitcoin Script
In fact, we can look at Bitcoin transactions in this way: "The initiator of the transaction offered a reward for a number of Bitcoins, and posted a math problem on the Internet. Whoever solves the math problem will give the reward." Following this line of thought, Alice's transfer to Bob can be understood as "Alice sent a math problem that only Bob can solve to the Internet, and Bob solved the problem and took the reward". Then, the "script" that appears in each transaction data is the question settlement, and the "script language" is the tool used to describe the question settlement.
"input script" and "output script"
Here we first discuss the single-input single-output bitcoin transaction, because it is more convenient to describe and does not affect the understanding of the "script".
9c50cee8d50e273100987bb12ec46208cb04a1d5b68c9bea84fd4a04854b5eb1 This is a single input single output transaction, look at the data we want to focus on:
Hash:
9c50cee8d50e273100987bb12ec46208cb04a1d5b68c9bea84fd4a04854b5eb1
Enter transaction:
Hash of leading input:
437b95ae15f87c7a8ab4f51db5d3c877b972ef92f26fbc6d3c4663d1bc750149输入脚本 scriptSig:
3045022100efe12e2584bbd346bccfe67fd50a54191e4f45f945e3853658284358d9c062ad02200121e00b6297c0874650d00b786971f5b4601e32b3f81afa9f9f8108e93c752201
038b29d4fbbd12619d45c84c83cb4330337ab1b1a3737250f29cec679d7551148a输出交易:
转账值:
0.05010000 btc输出脚本 scriptPubKey:
OP_DUP OP_HASH160 be10f0a78f5ac63e8746f7f2e62a5663eed05788 OP_EQUALVERIFY OP_CHECKSIG
假设Alice是转账发送者,Bob是接受者。那么『输入交易』表明了Alice要动用的比特币的来源,『输出交易』表明了Alice要转账的数额和转账对象——Bob。那么,你可能要问,数据中的『输入脚本』和『输出脚本』是不是就是题和解?对了一半!
在Bitcoin Wiki中提到:
原先发送币的一方,控制脚本运行,以便比特币在下一个交易中使用。想花掉币的另一方必须把以前记录的运行为真的脚本,放到输入区。
换句话说,在一个交易中,『输出脚本』是数学题,『输入脚本』是题解,但不是这道数学题的题解。我开始看Wiki的时候,在这里遇到了一些障碍,没法理解『输入脚本』和『输出脚本』的联系。但是在考虑交易间的关系后,就明白了。
假设有这么一系列交易:
1. 上图的三个交易都是单输入单输出交易
2. 每个『输入交易』『输出交易』中,都包含对应的『脚本』
3. 交易a,Alice转账给Bob;交易b,Bob转账给Carol;交易c,Carol转账给Dave
4. 当前交易的『输入』都引用前一个交易的『输出』,如交易b的『输入』引用交易a的『输出』
按照之前的说法,交易a中的『输出脚本』就是Alice为Bob出的数学题。那么,Bob想要引用交易a『输出交易』的比特币,就要解开这道数学题。题解是在交易b的『输入脚本』里给出的!Bob解开了这道题,获得了奖金,然后在交易b中为Carol出一道数学题,等待Carol来解…
所以说,下图中相同颜色的『输出』和『输入』才是一对题和解:
脚本语言
Bitcoin Wiki给出的对脚本的解释:
比特币在交易中使用脚本系统,与FORTH(一种编译语言)一样,脚本是简单的、基于堆栈的、并且从左向右处理,它特意设计成非图灵完整,没有LOOP语句。
要理解比特币脚本,先要了解『堆栈』,这是一个后进先出(Last In First Out )的容器,脚本系统对数据的操作都是通过它完成的。比特币脚本系统中有两个堆栈:主堆栈和副堆栈,一般来说主要使用主堆栈。举几个简单的例子,看下指令是如何对堆栈操作的(完整的指令集在Wiki里可以找到):
- 常数入栈:把一段常数压入到堆栈中,这个常数成为了栈顶元素
- OP_DUP:复制栈顶元素
- OP_EQUALVERIFY:检查栈顶两个元素是否相等
标准交易脚本
也就是P2PKH(Pay To Public Key Hash),我们常用的转账方式。Alice在转账给Bob的时候,『输出交易』中给出了Bob的『钱包地址』(等价于『公钥哈希』);当Bob想要转账给Carol的时候,他要证明自己拥有这个『钱包地址』对应的『私钥』,所以在『输入交易』中给出了自己的『公钥』以及使用『私钥』对交易的签名。看个实例:
* 交易a: 9c50cee8d50e273100987bb12ec46208cb04a1d5b68c9bea84fd4a04854b5eb1
* 交易b: 62fadb313b74854a818de4b4c0dc2e2049282b28ec88091a9497321203fb016e
交易b中有一个『输入交易』引用了交易a的『输出交易』,它们的脚本是一对题与解:
题:交易a的『输出脚本』,若干个脚本指令和转账接收方的『公钥哈希』
OP_DUP OP_HASH160 be10f0a78f5ac63e8746f7f2e62a5663eed05788 OP_EQUALVERIFY OP_CHECKSIG
解:交易b的『输入脚本』,这么一长串只是两个元素,『签名』和『公钥』(sig & pubkey)
3046022100ba1427639c9f67f2ca1088d0140318a98cb1e84f604dc90ae00ed7a5f9c61cab02210094233d018f2f015a5864c9e0795f13735780cafd51b950f503534a6af246aca4486b96c175683ab
_
Let's take a look at how these two scripts are executed to complete the "problem solving" process.
1. The "input script" is executed first. Because the script is executed from left to right, the "signature" is pushed to the stack first, followed by the "public key"
2. Next, the "Output Script" is executed. Executed from left to right, the first instruction is OP_DUP - copy the top element of the stack
3. OP_HASH160 - Calculate the hash of the top element of the stack and get the pubkeyhash
4. Push the "public key hash" in the "output script" into the stack, in order to distinguish it from the hash calculated earlier, call it pubkeyhash'
5. OP_EQUALVERIFY - Check whether the first two elements at the top of the stack are equal, if they are equal, continue to execute, otherwise interrupt execution and return failure
6. OP_CHECKSIG - use the first two elements of the stack to perform the signature check operation, if they are equal, return success, otherwise return failure
After such a series of instructions are executed, it can be verified whether the math problem is done correctly, that is to say, whether the person who wants to spend the bitcoin in the "wallet address" has the corresponding "private key". The above execution process can be executed in the script simulator , and you can see the execution status of each step. Interested children's shoes can try it out.
In fact, in addition to the standard P2PKH transaction scripts, there are also P2SH Multi-Sig scripts and real "puzzle-solving transactions" scripts, which we can discuss in the future.
Author: Wang Haibo Hyper
refer to