Scribd
Upload
15 views32 pages

Understanding Bitcoin Transaction Workflows

The document outlines the Bitcoin transaction process, detailing the workflow between a customer and merchant, the formats of coinbase and regular transactions, and the Bitcoin scripting language used for transaction validation. It explains the structure of Bitcoin addresses, the importance of hashing public keys, and the execution of various script types including pay-to-public-key and multi-signature scripts. Key takeaways emphasize the role of challenge scripts in securing transactions and the encoding methods used for Bitcoin addresses.

Uploaded by

vadenel371
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views32 pages

Understanding Bitcoin Transaction Workflows

The document outlines the Bitcoin transaction process, detailing the workflow between a customer and merchant, the formats of coinbase and regular transactions, and the Bitcoin scripting language used for transaction validation. It explains the structure of Bitcoin addresses, the importance of hashing public keys, and the execution of various script types including pay-to-public-key and multi-signature scripts. Key takeaways emphasize the role of challenge scripts in securing transactions and the encoding methods used for Bitcoin addresses.

Uploaded by

vadenel371
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Bitcoin Transactions

Saravanan Vijayakumaran
sarva@[Link]

Department of Electrical Engineering


Indian Institute of Technology Bombay

August 5, 2019

1 / 32
Bitcoin Transactions
Bitcoin Payment Workflow
1. Request Bob’s address
2. Generate
3. Send Bob’s address address
4. Construct Alice Bob
t

5. Transmit
t 6. Query for t

Bitcoin network

• Merchant Bob shares address out of band (not using Bitcoin P2P)
• Customer Alice broadcasts transaction t which pays the address
• Miners collect broadcasted transactions into a candidate block
• One of the candidate blocks containing t is mined
• Merchant waits for confirmations on t before providing goods
3 / 32
Coinbase Transaction Format
Block Format
Coinbase Transaction
Output Format
Block Header

Amount x1 nValue
Number of Output 0
Challenge Script C1 scriptPubkeyLen
Transactions n
scriptPubkey
Coinbase
Transaction
Regular Amount x2
Output 1
Transaction 1 Challenge Script C2
Regular
Transaction 2
..
.
Regular
Transaction n − 1

• nValue contains number of satoshis locked in output


• 1 Bitcoin = 108 satoshis
• scriptPubkey contains the challenge script
• scriptPubkeyLen contains byte length of challenge script

4 / 32
Regular Transaction Format
Input Format
Previous Regular Tx Regular Transaction
with Tx ID = I1 hash
n
Tx ID = I1
Input 0 scriptSigLen
One or more Output Index = 0
Response Script R1 scriptSig
inputs nSequence

Amount x1 Tx ID = I1
Output 0 Output Index = 1 Input 1
Challenge Script C1
Response Script R2

Amount x2
Output 1 Challenge Script C2 Tx ID = I2
Output Index = 0 Input 2
Response Script R3 Output Format

Previous Coinbase Tx nValue


Amount y1
Output 0 scriptPubkeyLen
with Tx ID = I2 Challenge Script C4
scriptPubkey

Amount x3
Output 0 Amount y2
Challenge Script C3 Output 1
Challenge Script C5

• hash and n identify output being unlocked


• scriptSig contains the response script

5 / 32
Transaction ID
Regular Transaction

nVersion
Number of Inputs N
hash
n
Input 0 scriptSigLen
scriptSig
nSequence
..
.
hash
n
Double
Input N − 1 scriptSigLen
SHA-256 Tx ID
scriptSig
Hash
nSequence
Number of Outputs M
nValue
Output 0 scriptPubkeyLen
scriptPubkey
..
.
nValue
Output M − 1 scriptPubkeyLen
scriptPubkey
nLockTime

6 / 32
Bitcoin Scripting Language
Script
• Forth-like stack-based language
• One-byte opcodes
Remaining Script Stack State

OP_2 OP_3 OP_ADD

2
OP_3 OP_ADD

3
OP_ADD 2

8 / 32
Challenge/Response Script Execution
Remaining Script Stack State

<Response Script> <Challenge Script>

x1
x2
<Challenge Script> ..
.
xn

y1
y2
..
.
ym

Response is valid if top element y1 evaluates to True


9 / 32
Challenge Script Example
OP_HASH256 0x20 <256-bit string> OP_EQUAL
| {z }
S

Remaining Script Stack State

x
OP_HASH256 0x20 S OP_EQUAL

H(x)
0x20 S OP_EQUAL

S
OP_EQUAL H(x)

0 or 1

Unsafe challenge script! Guess why?


10 / 32
Pay to Public Key
• Challenge script: 0x21 <Public Key> OP_CHECKSIG
• Response script: <Signature>
Remaining Script Stack State

<Signature> <Public Key> OP_CHECKSIG

<Signature>
<Public Key> OP_CHECKSIG

<Public Key>
OP_CHECKSIG <Signature>

True/False

11 / 32
Signatures Protect Transactions
Message for
Regular Transaction Input 0 signatures

nVersion nVersion
0x02 0x02
hash0 hash0
n0 n0
Input 0 Input 0
scriptSigLen0 prevScriptPubkeyLen0
Fields
scriptSig0 prevScriptPubkey0
nSequence0 nSequence0
hash1 hash1
n1 n1 Input 1
Input 1 scriptSigLen1 0x00 Fields
scriptSig1 nSequence1
nSequence1 0x02
0x02 nValue0
nValue0 scriptPubkeyLen0 Output 0
scriptPubkeyLen0 scriptPubkey0 Fields
Output 0
scriptPubkey0 nValue1
nValue1 scriptPubkeyLen1 Output 1
Fields
Output 1 scriptPubkeyLen1 scriptPubkey1
scriptPubkey1 nLockTime
nLockTime nHashType

12 / 32
Transaction Merkle Root
Block Header nVersion
hashPrevBlock
Number of hashMerkleRoot
Transactions n nTime
Coinbase nBits
Transaction nNonce
Regular
Transaction 1
Regular
Transaction 2
..
.
Regular
Transaction n − 1

• hashMerkleRoot contains root hash of transaction Merkle tree


• Modifying any transaction will modify the block header
h = H(h0 k h1 )

h0 = H(h00 k h01 ) h1 = H(h10 k h10 )

h00 = H(t0 ) h01 = H(t1 ) h10 = H(t2 ) h10

t0 t1 t2

13 / 32
Key Takeaways
• Coinbase transactions have no inputs; outputs have challenge
scripts
• Regular transaction inputs unlock previous outputs; outputs
again have challenge scripts
• Scripts are expressed in a stack-based language
• Signatures prevent tampering of unconfirmed transactions

14 / 32
Bitcoin Addresses
Bitcoin Addresses
• To receive bitcoins, a challenge script needs to be specified
• Bitcoin addresses encode challenge scripts
• Example: 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm

• Bitcoin payment workflow (recap)


• Merchant shares address out of band (not using Bitcoin P2P network)
• Customer transmits transaction which pays the address
• Merchant waits for transaction confirmations before providing goods/service

16 / 32
Base58 Encoding

1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm
l
0091B24BF9F5288532960AC687ABB035127B1D28A50074FFE0

• Alphanumeric representation of bytestrings


• From 62 alphanumeric characters 0, O, I, l are excluded
Ch Int Ch Int Ch Int Ch Int Ch Int Ch Int Ch Int
1 0 A 9 K 18 U 27 d 36 n 45 w 54
2 1 B 10 L 19 V 28 e 37 o 46 x 55
3 2 C 11 M 20 W 29 f 38 p 47 y 56
4 3 D 12 N 21 X 30 g 39 q 48 z 57
5 4 E 13 P 22 Y 31 h 40 r 49
6 5 F 14 Q 23 Z 32 i 41 s 50
7 6 G 15 R 24 a 33 j 42 t 51
8 7 H 16 S 25 b 34 k 43 u 52
9 8 J 17 T 26 c 35 m 44 v 53

• Given a bytestring bn bn−1 · · · b0


• Encode each leading P zero byte as a 1
• Get integer N = n−m i
i=0 bi 256 P
• Get ak ak −1 · · · a0 where N = ki=0 ai 58i
• Map each integer ai to a Base58 character
17 / 32
Pay to Public Key Hash Address
Public Key SHA-256

RIPEMD-160

Prefix address
version byte

BkR
Double
SHA-256

Extract first C4
k
four bytes
BkRkC4

Base58
Encoding P2PKH Address

18 / 32
Why Hash the Public Key?
Point Addition

Private Key Public Key

ECDLP

• ECDLP = Elliptic Curve Discrete Logarithm Problem


• ECDLP currently hard but no future guarantees
• Hashing the public key gives extra protection

P2PK Solve
Private key
Address ECDLP

Find Find
P2PKH Solve
RIPEMD-160 SHA-256 Private key
Address ECDLP
preimage preimage

19 / 32
P2PKH Transaction
• Challenge script
OP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY
OP_CHECKSIG
Base58
P2PKH Address Decoding

BkRkC4

Discard last
four bytes

BkR

Discard address R
PubKeyHash
version prefix byte

• Response script: <Signature> <Public Key>

20 / 32
P2PKH Script Execution (1/2)
Remaining Script Stack State

<Signature> <Public Key> OP_DUP OP_HASH160


<PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

<Public Key> OP_DUP OP_HASH160 <Signature>


<PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

<Public Key>
OP_DUP OP_HASH160
<Signature>
<PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

<Public Key>
OP_HASH160 <Public Key>
<PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <Signature>

21 / 32
P2PKH Script Execution (2/2)
Remaining Script Stack State

<PubKeyHashCalc>
<Public Key>
<Signature>
<PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

<PubKeyHash>
<PubKeyHashCalc>
<Public Key>
OP_EQUALVERIFY OP_CHECKSIG
<Signature>

<Public Key>
<Signature>
OP_CHECKSIG

True/False

22 / 32
m-of-n Multi-Signature Scripts
• m-of-n multisig challenge script specifies n public keys

m <Public Key 1> · · · <Public Key n> n OP_CHECKMULTISIG

• Response script provides signatures created using any m out of


the n private keys

OP_0 <Signature 1> · · · <Signature m>.

• Example: m = 2 and n = 3
• Challenge script

OP_2 <PubKey1> <PubKey2> <PubKey3> OP_3 OP_CHECKMULTISIG

• Response script
OP_0 <Sig1> <Sig2>

23 / 32
2-of-3 Multisig Script Execution
Remaining Script Stack State

OP_0 <Sig1> <Sig2> OP_2 <PubKey1>


<PubKey2> <PubKey3> OP_3 OP_CHECKMULTISIG

<Sig2>
OP_2 <PubKey1> <Sig1>
<PubKey2> <PubKey3> OP_3 OP_CHECKMULTISIG <Empty Array>

3
<PubKey3>
<PubKey2>
<PubKey1>
2
OP_CHECKMULTISIG
<Sig2>
<Sig1>
<Empty Array>

True/False

24 / 32
Pay to Script Hash Script
• Specify arbitrary scripts as payment destinations
• Challenge script

OP_HASH160 <RedeemScriptHash> OP_EQUAL


• Response script

<Response To Redeem Script> <Redeem Script>


• Example
• 1-of-2 Multisig Challenge Script
OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG
• 1-of-2 Multisig Response Script
OP_0 <Sig1> or OP_0 <Sig2>

• P2SH Multisig challenge script


OP_HASH160 <RedeemScriptHash> OP_EQUAL
• P2SH Multisig response script
OP_0 <Sig1> OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG
| {z } | {z }
Response to Redeem Script
Redeem Script

25 / 32
P2SH Multisig Script Execution (1/2)
Remaining Script Stack State
OP_0 <Sig1>
<OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG>
OP_HASH160 <RedeemScriptHash> OP_EQUAL

<Sig1>
<OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG> <Empty Array>
OP_HASH160 <RedeemScriptHash> OP_EQUAL

OP_1 <PubKey1> <PubKey2>


OP_2 OP_CHECKMULTISIG
<Sig1>
OP_HASH160 <RedeemScriptHash> OP_EQUAL <Empty Array>

<RedeemScriptHashCalc>
<Sig1>
<Empty Array>
<RedeemScriptHash> OP_EQUAL

<RedeemScriptHash>
<RedeemScriptHashCalc>
<Sig1>
OP_EQUAL <Empty Array>

26 / 32
P2SH Multisig Script Execution (2/2)
Remaining Script Stack State

<Sig1>
<Empty Array>
OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG

2
<PubKey2>
<PubKey1>
1
OP_CHECKMULTISIG
<Sig1>
<Empty Array>

True/False

27 / 32
Pay to Script Hash Address
Redeem Script SHA-256

RIPEMD-160

Prefix address
version byte

BkR
Double
SHA-256

Extract first C4
k
four bytes
BkRkC4

Base58
Encoding P2SH Address

28 / 32
Null Data Script
• Challenge script
OP_RETURN <Data>
Length(<Data>) ≤ 80 bytes
• OP_RETURN terminates script execution immediately
• No valid response script exists
• Null data outputs are unspendable
• Any bitcoins locked by a null data challenge script are lost forever
• Mainly used to timestamp data

29 / 32
Pre-SegWit Standard Scripts
• Pay to Public Key (P2PK)
• Pay to Public Key Hash (P2PKH)
• m-of-n Multi-Signature (Multisig)
• Pay to Script Hash (P2SH)
• Null Data

30 / 32
Key Takeaways
• Bitcoin addresses are shared over the Internet
• Transactions paying these addresses are broadcast on the
Bitcoin network
• P2PKH addresses are obtained by hashing public keys
• Signatures created using private keys unlock P2PKH outputs
• P2SH addresses are obtained by hashing scripts
• Unlocking P2SH outputs requires both redeem script and valid
response to it
• Null data scripts are for recording arbitrary data on the blockchain

31 / 32
References
• Chapter 5 of An Introduction to Bitcoin, S. Vijayakumaran,
[Link]/~sarva/[Link]

32 / 32

You might also like