Mastering Bitcoin

In “Scripted Multisignatures”, we looked at scripts that require signatures from multiple keys. However, there’s another way to require cooperation from multiple keys, which is also confusingly called multisignature. To distinguish between the two types in this section, we’ll call the version involving OP_CHECKSIG-style opcodes script multisignatur

The OP_TRUE opcode, also known as OP_1, will put the number 1 on the stack.

Bitcoin already uses a data structure known as a merkle tree that allows verifying an element is a member of a set without needing to identify every other member of the

Differentiating between P2WPKH and P2WSH In the previous two sections, we demonstrated two types of witness programs: “Pay to witness public key hash (P2WPKH)” and “Pay to witness script hash (P2WSH)”. Both types of witness programs consist of the same version number followed by a data push. They look very similar, but are interpreted very differen

One reason people choose to use Bitcoin is that it’s possible to create contracts with highly predictable outcomes. Legal contracts enforced by a court of law depend in part on decisions by the judges and jurors involved in the case. By contrast, Bitcoin contracts often require actions by their participants but are otherwise enforced by thousands o

Tapscript Taproot enables MAST but only with a slightly different version of the Bitcoin Script language than previously used, the new version being called tapscript. The major differences include: Scripted multisignature changes The old OP_CHECKMULTISIG and OP_CHECKMULTISIGVERIFY opcodes are removed. Those opcodes don’t combine well with one of th

Scriptless multisignatures are smaller and more private than scripted multisignatures. For scripted multisignatures, the number of bytes placed in a transaction increases for every key and signature involved. For scriptless multisignatures, the size is constant—​a million participants each providing their own partial key and partial signature puts

As we can see from the previous examples, upgrading to segregated witness is a two-step process. First, wallets must create segwit type outputs. Then, these outputs can be spent by wallets that know how to construct segregated witness transactions. In the examples, Alice’s wallet is able to create outputs paying segregated witness output scripts. B

So, when do we use VERIFY and when do we use OP_IF? If all we are trying to do is to attach a precondition (guard clause), then VERIFY is better. If, however, we want to have more than one execution path (flow control), then we need an OP_IF…​OP_ELSE flow control clause.