Difference between revisions of "Bitcoin Transactions"
Line 360: | Line 360: | ||
* [[Script]] | * [[Script]] | ||
− | * [[Protocol | + | * [[Protocol#"tx" messages|Protocol rules - "tx" messages]] |
* [[Protocol#Transaction Verification|Protocol documentation - Transaction Verification]] | * [[Protocol#Transaction Verification|Protocol documentation - Transaction Verification]] | ||
* [[Raw Transactions]] | * [[Raw Transactions]] | ||
* [[Coin analogy]] | * [[Coin analogy]] | ||
* [[Transaction Malleability]] | * [[Transaction Malleability]] |
Revision as of 06:48, 28 October 2019
DISCLAIMER
This article is a direct copy of the original https://en.bitcoin.it/wiki/Transaction and has not been checked for correctness or edited. 24 September 2019 Expected review by: 15 October 2019
Review BJL 20190926
Need to remove references to P2SH and Witness data
Re-frame transaction types and remove references to Addresses
Link script and other pages
EDITS:
Removed TXBinaryMap.png image
Edited first paragraph
Edited second paragraph
Edited table
Added P2PK, P2RPH, P2MS and re-organised article
STILL TO DO:
- Double check all data and make sure that tables and other information are correct
- Add infographics for inputs, outputs and transaction combination (replacing images on original BTC Core page)
A transaction is a serialized data item that authorizes the transfer of Bitcoin value from inputs to outputs. A transaction can be ephemeral if it is created inside a Payment Channel, or it can be sent to the Bitcoin Network network and collected into a block. A transaction typically references previous transaction outputs as new transaction inputs and dedicates all input Bitcoin values to new outputs. Unspent Transaction Outputs (UTXOs) are the 'coins' in which all Bitcoins are stored. Transactions are not encrypted, so it is possible to browse and view every transaction ever collected into a block. Once transactions have been seen and validated by a majority of block creating nodes the Bitcoin network, they can be considered immutable. When they are eventually mined into a block, miners collaboratively agree on the order in which they were seen by the network.
Transaction outputs are puzzle scripts called ScriptPubKeys which are typically used to lock the contained Bitcoin value. Outputs are redeemed by making them inputs to new transactions and providing a ScriptSig which is a valid solution to the puzzle that locks the Bitcoin. Some outputs may have zero Bitcoin, but carry value in another form such as data or tokens. Scripts can be complex and specialised and may have more than one way to be redeemed.
All transactions are visible in the block chain, and can be viewed with a hex editor. A block explorer is a website where every transaction included within the block chain can be viewed in human-readable terms. This is useful for seeing the technical details of transactions in action and for verifying payments.
See also: Payment Channels
General format of a Bitcoin transaction
Field | Description | Size |
---|---|---|
Version no | currently 1 | 4 bytes |
Flag | If present, always 0001, and indicates the presence of witness data | optional 2 byte array |
In-counter | positive integer VI = VarInt | 1 - 9 bytes |
list of inputs | Input Structure | <in-counter> qty with variable length per input |
Out-counter | positive integer VI = VarInt | 1 - 9 bytes |
list of outputs | Output Structure | <out-counter> qty with variable length per output |
nLocktime | if non-zero and sequence numbers are < 0xFFFFFFFF: block height or timestamp when transaction is final | 4 bytes |
Example of a Bitcoin transaction with 1 input and 1 output only
Data
Input: Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04470b9a6 Index: 0 scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446618c4571d10 90db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6cc8d25c6b241501 Output: Value: 5000000000 scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d OP_EQUALVERIFY OP_CHECKSIG
Explanation
The input in this transaction spends 50 BTC from output #0 in transaction f5d8... Then the output sends 50 BTC to a P2PKH puzzle. When the recipient wants to spend this money, he will reference output #0 of this transaction in an input of his own transaction and provide the solution to the P2PKH.
Transaction Inputs and Outputs
Each Bitcoin transaction is comprised of Inputs and Outputs. Inputs provide the funds to be spent in the transaction, and Outputs define where those funds should be allocated.
Inputs
An input is a reference to an output from a previous transaction. Multiple inputs are often listed in a transaction. All of the new transaction's input values (that is, the total coin value of the previous outputs referenced by the new transaction's inputs) are added up, and the total (less any transaction fee) is completely used by the outputs of the new transaction. Previous tx is a hash of a previous transaction. Index is the specific output in the referenced transaction. ScriptSig is the first half of a script which is provided when a UTXO is spent as an input to a transaction.
An input scriptSig may contain many components. In the above example two items are needed to solve the script, being a signature and a public key. In a P2PKH script The public key must match the hash given in the script of the redeemed output. The public key is used to verify the redeemers signature, which is the second component. More precisely, the second component is an ECDSA signature over a hash of a simplified version of the transaction. It, combined with the public key, proves the transaction was created by someone who controls the keys needed to spend the Bitcoin in the input. Various SIGHASH flags define how the transaction is simplified and can be used to create different types of payment.
General format (inside a block) of each input of a transaction - Txin
Field | Description | Size |
---|---|---|
Previous Transaction hash | doubled SHA256-hashed of a (previous) to-be-used transaction | 32 bytes |
Previous Txout-index | non negative integer indexing an output of the to-be-used transaction | 4 bytes |
Txin-script length | non negative integer VI = VarInt | 1 - 9 bytes |
Txin-script / scriptSig | Script | <in-script length>-many bytes |
sequence_no | normally 0xFFFFFFFF; irrelevant unless transaction's lock_time is > 0 | 4 bytes |
The input sufficiently describes where and how to get the bitcoin amount to be redeemed. If it is the (only) input of the first transaction of a block, it is called the generation transaction input and its content completely ignored. (Historically the Previous Transaction hash is 0 and the Previous Txout-index is -1.)
Outputs
An output contains a piece of Bitcoin Script which can be used to lock Bitcoins to a certain set of keys and/or inscribe data onto the ledger. The Value of an output is the number of Satoshis that this output will be worth when claimed. This ScriptPubKey is the second half of a a full script and is only completed when the output is spent. There can be more than one output, and they share the combined value of the inputs. Because each output from one transaction can only ever be referenced once by an input of a subsequent transaction, the entire value of the combined inputs needs to be allocated to the transaction outputs. Any remaining fees If the input is worth 50 BTC but you only want to send 25 BTC, Bitcoin will create two outputs worth 25 BTC: one to the destination, and one back to you (known as "change", though you send it to yourself). Any input bitcoins not redeemed in an output is considered a transaction fee, which is awarded to whoever generates the block that the transaction is mined in.
Outputs don't necessarily contain value as Bitcoins, and can carry zero satoshis. These outputs are typically used to carry other information or tokens for second layer applications or data handling.
SUGGEST AN INFOGRAPHIC HERE
General format (inside a block) of each output of a transaction - Txout
Field | Description | Size |
---|---|---|
value | non negative integer giving the number of Satoshis to be transferred | 8 bytes |
Txout-script length | non negative integer | 1 - 9 bytes VI = VarInt |
Txout-script / scriptPubKey | Script | <out-script length>-many bytes |
The output sets the conditions to release this bitcoin amount later. The sum of the output values of the first transaction is the value of the mined bitcoins for the block plus possible transactions fees of the other transactions in the block.
Transaction Verification
To verify that inputs are authorized to collect the values of referenced outputs, Bitcoin uses a Forth-like scripting system. The input's scriptSig and the referenced output's scriptPubKey are evaluated (in that order), with scriptPubKey using the values left on the stack by scriptSig. The input is authorized if scriptPubKey returns true. Through the scripting system, the sender can create very complex conditions that people have to meet in order to claim the output's value. For example, it's possible to create an output that can be claimed by anyone without any authorization. It's also possible to require that an input be signed by ten different keys, or be redeemable with a password instead of a key.
Puzzles and Solutions
The flexible scripting language enabled by the Bitcoin protocol allows a multitude of different transaction types to be created. Each scriptSig/scriptPubKey pair is validated by the network miners and mined into a block if found to be valid. Some commonly used Bitcoin puzzle types are described below:
Pay to Public Key (P2PK)
scriptPubKey: <pubKey> OP_CHECKSIG scriptSig: <sig>
When redeeming coins that have been sent to a Bitcoin public key the script verifies that the provided signature was generated by the private key that also corresponds to the public key.
Checking process:
Stack | Script | Description |
---|---|---|
Empty. | <sig> <pubKey> OP_CHECKSIG | scriptSig and scriptPubKey are combined. |
<sig> | <pubKey> OP_CHECKSIG | Signature is added to the stack. |
<sig> <pubKey> | OP_CHECKSIG | Pubkey is added to stack. |
true | Empty. | Signature is checked. |
Pay to Public Key Hash (P2PKH)
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG scriptSig: <sig> <pubKey>
A Bitcoin address is only a hash, so the sender can't provide a full public key in scriptPubKey. When redeeming coins that have been sent to a Bitcoin address, the recipient provides both the signature and the public key. The script verifies that the provided public key does hash to the hash in scriptPubKey, and then it also checks the signature against the public key.
Checking process:
Stack | Script | Description |
---|---|---|
Empty. | <sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG | scriptSig and scriptPubKey are combined. |
<sig> <pubKey> | OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG | Constants are added to the stack. |
<sig> <pubKey> <pubKey> | OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG | Top stack item is duplicated. |
<sig> <pubKey> <pubHashA> | <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG | Top stack item is hashed. |
<sig> <pubKey> <pubHashA> <pubKeyHash> | OP_EQUALVERIFY OP_CHECKSIG | Constant added. |
<sig> <pubKey> | OP_CHECKSIG | Equality is checked between the top two stack items. |
true | Empty. | Signature is checked for top two stack items. |
Pay to R-Puzzle Hash (P2RPH)
scriptPubKey: OP_OVER OP_3 OP_SPLIT OP_NIP OP_1 OP_SPLIT OP_SWAP OP_SPLIT OP_DROP OP_HASH160 <rHash> OP_EQUALVERIFY OP_CHECKSIG scriptSig: <sig> <pubKey>
Bitcoins are locked in an R-Puzzle script requiring the spending party to sign using a known value for k rather than a random number. To redeem the script, the spending party provides both the signature and the public key. The script verifies that the provided signature was signed using the correct k-value, then checks the signature against the public key. Because the public key is not checked as part of the script solution, it is possible to sign the transaction using any keypair. This can be useful when dealing with tokens that are associated with a Bitcoin address as the pubkey that corresponds to that address can be used to sign the transaction without the requirement for there to be Bitcoin in the address. The technique is also relevant for Metanet node signing as the Metanet keys can be signed with an R-Puzzle without needing a separate signature.
Checking process:
Stack | Script | Description |
---|---|---|
Empty. | <sig> <pubKey> OP_OVER OP_3 OP_SPLIT OP_NIP OP_1 OP_SPLIT OP_SWAP OP_SPLIT OP_DROP OP_HASH160 <rHash> OP_EQUALVERIFY OP_CHECKSIG | scriptSig and scriptPubKey are combined. |
<sig> <pubKey> | OP_OVER OP_3 OP_SPLIT OP_NIP OP_1 OP_SPLIT OP_SWAP OP_SPLIT OP_DROP OP_HASH160 <rHash> OP_EQUALVERIFY OP_CHECKSIG | Constants are added to the stack. |
<sig> <pubKey> <sig> | OP_3 OP_SPLIT OP_NIP OP_1 OP_SPLIT OP_SWAP OP_SPLIT OP_DROP OP_HASH160 <rHash> OP_EQUALVERIFY OP_CHECKSIG | Second from top stack item is duplicated. |
<sig> <pubKey> <3 bytes> <sig'> | OP_NIP OP_1 OP_SPLIT OP_SWAP OP_SPLIT OP_DROP OP_HASH160 <rHash> OP_EQUALVERIFY OP_CHECKSIG | First 3 bytes of signature are split |
<sig> <pubKey> <sig'> | OP_1 OP_SPLIT OP_SWAP OP_SPLIT OP_DROP OP_HASH160 <rHash> OP_EQUALVERIFY OP_CHECKSIG | 3 byte data item is removed |
<sig> <pubKey> <R Length> <sig"> | OP_SWAP OP_SPLIT OP_DROP OP_HASH160 <rHash> OP_EQUALVERIFY OP_CHECKSIG | 1 byte containing R length is split from sig' |
<sig> <pubKey> <sig"> <R Length> | OP_SPLIT OP_DROP OP_HASH160 <rHash> OP_EQUALVERIFY OP_CHECKSIG | R Length parameter is moved to top of stack |
<sig> <pubKey> <R> <sig'"> | OP_DROP OP_HASH160 <rHash> OP_EQUALVERIFY OP_CHECKSIG | R is split from sig" |
<sig> <pubKey> <R> | OP_HASH160 <rHash> OP_EQUALVERIFY OP_CHECKSIG | sig'"== is dropped from stack |
<sig> <pubKey> <rHashA> | <rHash> OP_EQUALVERIFY OP_CHECKSIG | R is double hashed (SHA256 followed by RIPEMD160) and result left on stack |
<sig> <pubKey> <rHashA> <rHash> | OP_EQUALVERIFY OP_CHECKSIG | Previously defined R-Hash is pushed onto stack |
<sig> <pubKey> | OP_CHECKSIG | Script checks if rHashA = rHash |
true | Empty. | Signature is checked for top two stack items. |
Pay to Multi Signature (P2MS)
scriptPubKey: OP_3 <pubKey1> <pubKey2> <pubKey3> <pubKey4> <pubKey5> OP_5 OP_CHECKMULTISIG scriptSig: OP_1 <sig1> <sig2> <sig4>
OP_CHECKMULTISIG offers users the capability to lock coins with a requirement for multiple parties to sign the scriptSig before coins can be spent. OP_CHECKMULTISIG can check many signatures against many public keys as long as the signatures in the scriptSig are provided in an order that corresponds to the order in which the public keys are placed in the scriptPubKey. The first opcode in the ScriptPubKey defines how many signatures must be provided in order for the coin to be successfully spent. The last one before OP_CHECKMULTISIG tells the scripting engine how many public keys to evaluate those signatures against. There must be at least as many items on the stack as are required for the OP_CHECKMULTISIG opcode to process or the script will be invalid. The current version of the scripting engine also includes a bug that requires an additional value to be placed on the stack before the signatures. In this example, OP_1 has been used to push a 1 to the top of the stack, but in theory any piece of data can be used. This value is consumed by the checking process but is not evaluated.
Checking process:
Stack | Script | Description |
---|---|---|
Empty. | OP_1 <sig1> <sig2> <sig4> OP_3 <pubKey1> <pubKey2> <pubKey3> <pubKey4> <pubKey5> OP_5 OP_CHECKMULTISIG | scriptSig and scriptPubKey are combined. |
1 <sig1> <sig2> <sig4> | OP_3 <pubKey1> <pubKey2> <pubKey3> <pubKey4> <pubKey5> OP_5 OP_CHECKMULTISIG | Constants from scriptSig are added to the stack. |
1 <sig1> <sig2> <sig4> 3 <pubKey1> <pubKey2> <pubKey3> <pubKey4> <pubKey5> 5 | OP_CHECKMULTISIG | Constants from scriptPubKey are added to the stack. |
true | Empty. | Multisignature script evaluation is performed |
Generation
Generations have a single input, and this input has a "coinbase" parameter instead of a scriptSig. The data in "coinbase" can be anything; it isn't used. Bitcoin puts the current compact-format target and the arbitrary-precision "extraNonce" number there, which increments every time the Nonce field in the block header overflows. Outputs can be anything, but Bitcoin creates one exactly like an IP address transaction. The extranonce contributes to enlarge the domain for the proof of work function. Miners can easily modify nonce (4byte), timestamp and extranonce (2 to 100bytes).
Other Puzzle Types
Bitcoin's scripting language is rich and diverse and allows a user to create almost any kind of financial instrument that we have today, and many that we don't have. Puzzles do not need to conform to any particular standard or template however it is expected that the vast majority of transactions will be built using template scripts.
Pieces of script can be combined to make larger and more complex transactions, and scripts can be built inside conditional loops allowing a single transaction output to be redeemed in multiple different ways.