flywithu/Learning-Bitcoin-from-the-Command-Line
1
1
Fork 0
mirror of https://github.com/ChristopherA/Learning-Bitcoin-from-the-Command-Line.git synced 2025-06-07 16:06:26 +00:00
Code Issues Releases Wiki Activity

edits

Browse Source
This commit is contained in:
Shannon Appelcline 2020-07-15 14:56:16 -10:00 committed by GitHub
parent 90b51b00d1
commit a171fb5683
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
10_1_Understanding_the_Foundation_of_P2SH.md
View File

@ -1,4 +1,4 @@
# 8.1: Understanding the Foundation of P2SH
# 10.1: Understanding the Foundation of P2SH
> :information_source: **NOTE:** This is a draft in progress, so that I can get some feedback from early reviewers. It is not yet ready for learning.
@ -10,6 +10,7 @@ Here's the gotcha for using Bitcoin Scripts: for security reasons, most Bitcoin
* __Pay to Public Key (P2PK)__ — An older, deprecated transaction (`<pubKey> OP_CHECKSIG`) that has been replaced by the better security of P2PKH.
* __Pay to Public Key Hash (P2PKH)__ — A standard transaction (`OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG`) that pays to the hash of a public key.
* __Pay to Witness Public Key hash (P2WPKH)__ — The newest sort of public-key transaction. It's just (`OP_0 <pubKeyHash`) because it depends on miner consensus to work, as described in [§9.5](09_5_Scripting_a_P2WPKH.md).
* __Multisig__ — A transaction for a group of keys, as explained more fully in [§8.4](08_4_Scripting_a_Multisig.md).
* __Null Data__ — An unspendable transaction (`OP_RETURN Data`).
* __Pay to Script Hash (P2SH)__ — A transaction that pays out to a specific script, as explained more fully here.
@ -25,28 +26,28 @@ You already saw a P2SH transaction when you created a multisig in [§6.1: Sendin
So, let's look one more time at the `scriptPubKey` of that P2SH multisig:
```
"scriptPubKey": {
"asm": "OP_HASH160 babf9063cee8ab6e9334f95f6d4e9148d0e551c2 OP_EQUAL",
"hex": "a914babf9063cee8ab6e9334f95f6d4e9148d0e551c287",
"asm": "OP_HASH160 a5d106eb8ee51b23cf60d8bd98bc285695f233f3 OP_EQUAL",
"hex": "a914a5d106eb8ee51b23cf60d8bd98bc285695f233f387",
"reqSigs": 1,
"type": "scripthash",
"addresses": [
"2NAGfA4nW6nrZkD5je8tSiAcYB9xL2xYMCz"
"2N8MytPW2ih27LctLjn6LfLFZZb1PFSsqBr"
]
}
```
The locking script is quite simple looking: `OP_HASH160 babf9063cee8ab6e9334f95f6d4e9148d0e551c2 OP_EQUAL`. As usual, there's a big chunk of data in the middle. This is a hash of another, hidden locking script (`redeemScript`) that will only be revealed when the funds are redeemed. In other words, the standard locking script for a P2SH address is: `OP_HASH160 <redeemScriptHash> OP_EQUAL`.
The locking script is quite simple looking: `OP_HASH160 a5d106eb8ee51b23cf60d8bd98bc285695f233f3 OP_EQUAL`. As usual, there's a big chunk of data in the middle. This is a hash of another, hidden locking script (`redeemScript`) that will only be revealed when the funds are redeemed. In other words, the standard locking script for a P2SH address is: `OP_HASH160 <redeemScriptHash> OP_EQUAL`.
_What is a redeemScript?_ Each P2SH transaction carries the fingerprint of a hidden locking script within it as a 20-byte hash. When a P2SH transaction is redeemed, the full (unhashed) `redeemScript` is included as part of the `scriptSig`. Bitcoin will make sure the `redeemScript` matches the hash; then it actually runs the `redeemScript` to see if the funds can be spent (or not).
> :book: ***What is a redeemScript?*** Each P2SH transaction carries the fingerprint of a hidden locking script within it as a 20-byte hash. When a P2SH transaction is redeemed, the full (unhashed) `redeemScript` is included as part of the `scriptSig`. Bitcoin will make sure the `redeemScript` matches the hash; then it actually runs the `redeemScript` to see if the funds can be spent (or not).
One of the interesting elements of P2SH transactions is that neither the sender nor the Blockchain actually knows what the `redeemScript` is! A sender just sends to a standardized P2SH address marked with a "2" prefix and they don't worry about how the recipient is going to retrieve the funds at the end.
> :link: **TESTNET vs MAINNET:** Reminder: on testnet, the prefix for P2SH addresses is `2`, while on mainnet, it's `3`.
> :link: **TESTNET vs MAINNET:** on testnet, the prefix for P2SH addresses is `2`, while on mainnet, it's `3`.
## Understand How to Build a P2SH Script
Since the visible locking script for a P2SH transaction is so simple, creating a transaction of this sort is quite simple too. In theory. All you need to do is create a transaction whose locking script includes a 20-byte hash of the `redeemScript`. That hashing is done with Bitcoin's standard `OP_HASH160`.
_What is OP_HASH160?_ The standard hash operation for Bitcoin performs a SHA-256 hash, then a RIPEMD-160 hash.
> :book: ***What is OP_HASH160?*** The standard hash operation for Bitcoin performs a SHA-256 hash, then a RIPEMD-160 hash.
Overall, four steps are required:
@ -57,7 +58,7 @@ Overall, four steps are required:
Each of those steps of course takes some work on its own, and some of them can be pretty intricate. The good news is that you don't really have to worry about them, because they're sufficiently complex that you'll usually have an API take care of it all for you.
So for now, we'll just provide you with an overview, so that you understand the general methodology. In [§8.2: Building the Structure of P2SH](08_2_Building_the_Structure_of_P2SH.md) we'll provide a more in-depth look at script creation, in case you ever want to understand the guts of this process.
So for now, we'll just provide you with an overview, so that you understand the general methodology. In [§10.2: Building the Structure of P2SH](10_2_Building_the_Structure_of_P2SH.md) we'll provide a more in-depth look at script creation, in case you ever want to understand the guts of this process.
## Understand How to Send a P2SH Script Transaction
@ -68,7 +69,7 @@ So how do you actually send your P2SH transaction? Again, the theory is very sim
3. Use that hex as your `scriptPubKey`.
4. Create the rest of the transaction.
Unfortunately, this is another place where you're going to need to fall back to APIs, in large part because `bitcoin-cli` doesn't provide any support for sending P2SH transactions.
Unfortunately, this is another place where you're going to need to fall back to APIs, in large part because `bitcoin-cli` doesn't provide any support for creating P2SH transactions. (It can redeem them just fine.)
## Understand How to Unlock a P2SH Script Transaction
@ -76,25 +77,25 @@ The trick to redeeming a P2SH transaction is that the recipient must have saved
An unlocking `scriptSig` for a P2SH transaction is formed as: `... data ... <redeemScript>`. The `data` must _solely_ be data that is pushed onto the stack, not operators. ([BIP 16](https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki) calls them signatures, but that's not an actual requirement.)
> :warning: **WARNING:** Though signatures are not a requirement, a P2SH script actually isn't very secure if it doesn't require at least one signature in its inputs. The reasons for this are described in [§11.1: Writing Puzzle Scripts](11_1_Writing_Puzzle_Scripts.md).
> :warning: **WARNING:** Though signatures are not a requirement, a P2SH script actually isn't very secure if it doesn't require at least one signature in its inputs. The reasons for this are described in [§13.1: Writing Puzzle Scripts](13_1_Writing_Puzzle_Scripts.md).
When a UTXO is redeemed, it runs in two rounds of verification:
1. First, the redeemScript in the `scriptSig` is hashed and compared to the hashed script in the `scriptPubKey`.
1. First, the `redeemScript` in the `scriptSig` is hashed and compared to the hashed script in the `scriptPubKey`.
2. If they match, then a second round of verification begins.
3. Second, the redeemScript is run using the prior data that was pushed on the stack.
3. Second, the `redeemScript` is run using the prior data that was pushed on the stack.
4. If that second round of verification _also_ succeeds, the UTXO is unlocked.
Whereas you can't easily create a P2SH transaction without an API, you should be able to easily redeem a P2SH transaction with `bitcoin-cli`. In fact, you already have. The exact process is described in [§8.5: Spending a P2SH Transaction.md](08_5_Spending_a_P2SH_Transaction.md), after we've finished with all the intricacies of P2SH transaction creation.
Whereas you can't easily create a P2SH transaction without an API, you should be able to easily redeem a P2SH transaction with `bitcoin-cli`. In fact, you already did in [§6.2: Sending a Transaction to a Multisig](06_2_Spending_a_Transaction_to_a_Multisig.md). The exact process is described in [§10.5: Spending a P2SH Transaction.md](10_5_Spending_a_P2SH_Transaction.md), after we've finished with all the intricacies of P2SH transaction creation.
> :warning: **WARNING:** You can create a perfectly valid transaction with a hashed redeemScript, but if the redeemScript doesn't run, or doesn't run correctly, your funds are lost forever. That's why it is so important to test your Scripts, as discussed in [§7.4: Testing a Bitcoin Script](07_4_Testing_a_Bitcoin_Script.md)
> :warning: **WARNING:** You can create a perfectly valid transaction with a correcly hashed redeemScript, but if the redeemScript doesn't run, or doesn't run correctly, your funds are lost forever. That's why it is so important to test your Scripts, as discussed in [§9.3: Testing a Bitcoin Script](09_3_Testing_a_Bitcoin_Script.md).
## Summary: Understanding the Foundation of P2SH
Arbitrary Bitcoin Scripts are non-standard in Bitcoin. However, you can incorporate them into standard transactions by using the P2SH address type. You just hash your script as part of the locking script, then you reveal and run it as part of the unlocking script. As long as you can also satisfy the `redeemScript`, the UTXO can be spent.
_What is the power of P2SH?_ You already know the power of Bitcoin Script, which allows you to create more complex Smart Contracts of all sorts. P2SH is what actually unleashes that power by letting you include arbitrary Bitcoin Script in standard Bitcoin transactions.
> :fire: ***What is the power of P2SH?*** You already know the power of Bitcoin Script, which allows you to create more complex Smart Contracts of all sorts. P2SH is what actually unleashes that power by letting you include arbitrary Bitcoin Script in standard Bitcoin transactions.
## What's Next?
Continue "Embedding Bitcoin Scripts" with [§8.2: Building the Structure of P2SH](08_2_Building_the_Structure_of_P2SH.md).
Continue "Embedding Bitcoin Scripts" with [§10.2: Building the Structure of P2SH](10_2_Building_the_Structure_of_P2SH.md).