Mastering Bitcoin

A compromise was reached that allows an output script starting with OP_RETURN to add nonpayment data to a transaction output. However, unlike the use of “fake” UTXOs, the OP_RETURN operator creates an explicitly provably unspendable output, which does not need to be stored in the UTXO set. OP_RETURN outputs are recorded on the blockchain, so they c

A Bitcoin transaction is a request for full nodes to update their database of coin ownership information. For Alice to transfer control of some of her bitcoins to Bob, she first needs to tell full nodes how to find the previous transfer where she received those bitcoins. Since control over bitcoins is assigned in transaction outputs, Alice points t

Wallet and protocol developers over the years have worked to design systems that allow users to recover access to their bitcoins after a problem without compromising security the rest of the time.

The general form of an output script setting a t-of-k multisignature condition is: t <Public Key 1> <Public Key 2> ... k OP_CHECKMULTISIG where k is the total number of listed public keys and t is the threshold of required signatures to spend the output. An output script setting a 2-of-3 multisignature condition looks like this: 2 3 OP_

Modern wallet applications don’t independently generate keys but instead derive them from a single random seed using a repeatable (deterministic) algorithm.

Although Bitcoin Core serves as a reference implementation for many major parts of the system, the Bitcoin whitepaper describes several early parts of the system. Most major parts of the system since 2011 have been documented in a set of Bitcoin Improvement Proposals (BIPs).

Elliptic curve cryptography (ECC) is a type of asymmetric or public key cryptography based on the discrete logarithm problem as expressed by addition and multiplication on the points of an elliptic curve. Figure 4-2 is an example of an elliptic curve, similar to that used by Bitcoin. Figure 4-2. An elliptic curve. Bitcoin uses a specific elliptic c

Differentiating between P2WPKH and P2WSH In the previous two sections, we demonstrated two types of witness programs: “Pay to witness public key hash (P2WPKH)” and “Pay to witness script hash (P2WSH)”. Both types of witness programs consist of the same version number followed by a data push. They look very similar, but are interpreted very differen

Only a valid transaction that correctly satisfies the conditions of the output script results in the output…

Some highlights have been hidden or truncated due to export limits.