Difference between revisions of "OP CODESEPARATOR"

m
 
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
OP_CODESEPARATOR is an opcode used in the script evaluation engine to determine what parts of a script must be hashed to create the message used when creating [[Digital Signatures (ECDSA)]] for Bitcoin transactions. The opcode is inserted automatically between the ScriptSig and ScriptPubKey prior to the evaluation taking place, however further instances of OP_CODESEPARATOR can be inserted into scripts to removing prior script sections from the message. This can allow transactions with multiple signatures to be built additively.
+
OP_CODESEPARATOR was originally designed to be inserted between the ScriptPubKey and ScriptSig by the script evaluation engine. When OP_CHECKSIG is called in the ScriptPubKey, it will remove everything before OP_CODESEPARATOR. In the default case, the entire ScriptSig will be removed as the ScriptSig containing the signature cannot be signed by the signature.  
 +
 
 +
There is no rule to prevent users from inserting OP_CODESEPARATOR into the ScriptPubKey however OP_CODESEPARATOR will only be effective if it is read by OP_CHECKSIG in the same ScriptPubKey. OP_CHECKSIG will read back to the closest OP_CODESEPARATOR before it and remove all message contents before that.  
  
 
==Example==
 
==Example==
The following is a basic [[Bitcoin Transactions#Pay to Public Key|P2PK]] script:
+
Based on the understanding above, we can construct the following ScriptPubKey:
 +
 
 +
<code>OP_CODESEPARATOR OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIG</code>
 +
 
 +
To unlock this ScriptPubKey, we can use the following ScriptSig:
 +
 
 +
<code><Sig A> <PK A> <Sig B> <PK B> <Sig C> <PK C></code>
 +
 
 +
Note that the first OP_CHECKSIG will verify <Sig C> <PK C> on the following message:
 +
 
 +
<code>OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIG</code>
 +
 
 +
The second OP_CHECKSIG will verify <Sig B> <PK B> on the following message:
 +
 
 +
<code>OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIG</code>
  
{| class="wikitable"
+
i.e. the message hash used to create the signature excludes the first OP_CHECKSIGVERIFY and the OP_CODESEPARATOR inserted by the script evaluation engine.
|-
 
! ScriptSig
 
! Inserted OCS
 
! ScriptPubKey
 
|-
 
| SIG1
 
| OP_CODESEPARATOR  
 
| PK1 OP_CHECKSIG
 
|}
 
  
The OP_CODESEPARATOR shown would normally be added by the script interpreter prior to the script being evaluated.
+
The third OP_CHECKSIG will verify <Sig A> <PK A> on the following message:
  
This script can be added to without SIG1 needing to be modified in the following way:
+
<code>OP_CHECKSIG</code>
  
SIG1 SIG2 OP_CODESEPARATOR PK2 OP_CHECKSIG OP_CODESEPARATOR PK1 OP_CHECKSIG
+
i.e. the message hash used to create the signature excludes the first and second instances of OP_CHECKSIGVERIFY and OP_CODESEPARATOR.
  
In this second revision, we add SIG2 to the top of the stack. The OP_CHECKSIG after PK2 would sign back to the OP_CODESEPARATOR added by the interpreter, covering the whole ScriptPubKey, however the second OP_CHECKSIG would only sign back to the preceding OP_CODESEPARATOR, removing the added PK2 and OP_CHECKSIG from the signature message.
+
If someone changes the order of the signature in the ScriptSig, the verification of the signature will fail.

Latest revision as of 00:30, 18 November 2020

OP_CODESEPARATOR was originally designed to be inserted between the ScriptPubKey and ScriptSig by the script evaluation engine. When OP_CHECKSIG is called in the ScriptPubKey, it will remove everything before OP_CODESEPARATOR. In the default case, the entire ScriptSig will be removed as the ScriptSig containing the signature cannot be signed by the signature.

There is no rule to prevent users from inserting OP_CODESEPARATOR into the ScriptPubKey however OP_CODESEPARATOR will only be effective if it is read by OP_CHECKSIG in the same ScriptPubKey. OP_CHECKSIG will read back to the closest OP_CODESEPARATOR before it and remove all message contents before that.

Example

Based on the understanding above, we can construct the following ScriptPubKey:

OP_CODESEPARATOR OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIG

To unlock this ScriptPubKey, we can use the following ScriptSig:

<Sig A> <PK A> <Sig B> <PK B> <Sig C> <PK C>

Note that the first OP_CHECKSIG will verify <Sig C> <PK C> on the following message:

OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIG

The second OP_CHECKSIG will verify <Sig B> <PK B> on the following message:

OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIG

i.e. the message hash used to create the signature excludes the first OP_CHECKSIGVERIFY and the OP_CODESEPARATOR inserted by the script evaluation engine.

The third OP_CHECKSIG will verify <Sig A> <PK A> on the following message:

OP_CHECKSIG

i.e. the message hash used to create the signature excludes the first and second instances of OP_CHECKSIGVERIFY and OP_CODESEPARATOR.

If someone changes the order of the signature in the ScriptSig, the verification of the signature will fail.