OP CODESEPARATOR

Revision as of 11:19, 19 February 2020 by Brendan (talk | contribs)

OP_CODESEPARATOR was originally designed to be inserted between the ScriptPubKey and ScriptSig by the script evaluation engine. When OP_CHECKSIG is called in the ScriptPubKey, it will remove everything before OP_CODESEPARATOR. In the default case, the entire ScriptSig will be removed as the ScriptSig containing the signature can not signed by the signature.

There is no rule to prevent users from inserting OP_CODESEPARATOR into the ScriptPubKey however OP_CODESEPARATOR will only be effective if it is read by OP_CHECKSIG in the same ScriptPubKey. OP_CHECKSIG will read back to the closest OP_CODESEPARATOR before it and remove all message contents before that.

Example

Based on the understanding above, we can construct the following ScirptPubKey:

OP_CODESEPARATOR OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIG

To unlock this ScriptPubKey, we can use the following ScriptSig:

<Sig A> <PK A> <Sig B> <PK B> <Sig C> <PK C>

Note that the first OP_CHECKSIG will verify <Sig C> <PK C> on the following message:

OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIG.

The second OP_CHECKSIG will verify <Sig B> <PK B> on the following message:

OP_CHECKSIGVERIFY OP_CODESEPARATOR OP_CHECKSIG

i.e. the message hash used to create the signature excludes the first OP_CHECKSIGVERIFY and the OP_CODESEPARATOR inserted by the script evaluation engine.

The third OP_CHECKSIG will verify <Sig A> <PK A> on the following message:

OP_CHECKSIG

i.e. the message hash used to create the signature excludes the first and second instances of OP_CHECKSIGVERIFY and OP_CODESEPARATOR.

If someone changes the order of the signature in the ScriptSig, the verification of the signature will fail.

Retrieved from "https://wiki.bitcoinsv.io/index.php?title=OP_CODESEPARATOR&oldid=2236"