What is the Script language in Bitcoin?

Script A mini programming language.

Script is a mini programming language used as a locking mechanism for outputs.

  • A locking script is placed on every output.
  • An unlocking script must be provided to unlock an output (i.e. when you're using it as an input).

If a full script (unlocking + locking) is valid, the output is "unlocked" and can be spent.

What is the Script language?

Script is a very basic programming language. It consists of two types of things:

  • Data - For example; public keys and signatures.
  • OPCODES - Simple functions that operate on the data.

Here's a simple diagram of a typical P2PKH script used in Bitcoin:

How do you run Script?

The complete script is run from left-to-right. As it runs, it makes use of a data structure called a "stack".

  1. Data is always pushed on to the stack.
  1. OPCODES can pop elements off the stack, do something with them, then optionally "push" new elements on to the stack.
The DUP opcode duplicates the top element on the stack.

The DUP opcode duplicates the top element on the stack.

What makes a Script valid?

A script is valid if the top element left on the stack is a 1 (or greater).

The script is invalid if:

  1. The final stack is empty
  2. The top element is on the stack is 0
  3. The script exits prematurely (e.g. as with OP_RETURN).

Where can you find Script in Bitcoin?

A locking script is placed on every output you create in a transaction:

An unlocking script must be provided for every input you want to spend in a transaction:

Every node will then combine and run these two scripts to make sure they validate.

The Unlocking Script goes first!

Even though the unlocking script is provided after the initial locking script, we actually put it first when we run the both scripts together.

When we run the full script, the unlocking script goes before the locking script.

When we run the full script, the unlocking script goes before the locking script.

Why do we use Script?

  • Question: Why not just use a simple public key and signature comparison and do away with all this OPCODE and stack business?
  • Answer: Because you can create different types of locks with different combinations of OPCODES.

For example, here are some cool locking scripts you can create:

1. Math Puzzle

To spend this output, you need to provide two numbers that add up to 8.

This may not be the most secure locking script in the world.

This may not be the most secure locking script in the world.

2. Hash Puzzle

Here you just need something that hashes to the same result as what's inside the locking script.

3. Hash Collision Puzzle

This is a cool one. You can unlock it by providing two different strings of data that produce the same hash result.

In other words, it's acts an incentive to find a "hash collision".

The bitcoins that are locked to this script can be found at: 35Snmmy3uhaer2gTboc81ayCip4m9DT4ko. However, the script has been wrapped in a P2SH locking script, so you can't actually see the original locking script (until someone unlocks them).

The bitcoins that are locked to this script can be found at: 35Snmmy3uhaer2gTboc81ayCip4m9DT4ko. However, the script has been wrapped in a P2SH locking script, so you can't actually see the original locking script (until someone unlocks them).

These locking scripts are non-standard.1 Whilst these scripts are valid (and can be mined on to the blockchain), typical Bitcoin Core nodes will not relay them from their memory pools, which makes it difficult for them to get mined in the first place.

Standard Scripts

Despite being able to create a variety of different locking scripts with various combinations of OPCODES, most nodes will only relay a handful of "standard scripts":

  • Pay To Pubkey (P2PK)
  • Pay To Pubkey Hash (P2PKH)
  • Pay To Multisig (P2MS)
  • Pay To Script Hash (P2SH)

Why don't nodes relay non-standard scripts?

I know, it's a shame.

However, not every combination of OPCODE has been tested. So if nodes relayed every non-standard script they received, it would introduce the risk of an attack from someone spamming the network with scripts that take a long time to verify2. This could "clog up" nodes and bring the network to a halt.

On the other hand, the standard scripts have been thoroughly tested and can be validated quickly. So the whole non-relaying of non-standard transactions is just a safety measure.

Non-standard scripts are valid, they are just not actively relayed.

Even though a non-standard transaction does not get relayed between memory pools, it can still be mined in to a block. Nodes do not relay non-standard transactions because a memory pool can receive a large number of transactions in a short period of time, whereas a block can only hold a limited number of transactions.

So if you want a transaction with a non-standard script to be added to the blockchain, you either need to send it directly to a miner who will mine it for you, or mine it on to the blockchain yourself.

Summary

Script is just a mini programming language used in Bitcoin to provide the locking mechanism for outputs.

  • Every output is given a "locking script".
  • You must then provide an "unlocking script" in the transaction that wants to spend that output.

When a node receives the spending transaction, it will combine both of these scripts together and run them. If a 1 is left on the top of the stack after the script has completed, then the script is valid and the output can be spent.

Resources

By Greg Walker,

Last Updated: 26 Nov 2018
  • 26 Nov 2018: Added sub titles to every page.
  • 25 Nov 2018: Subtitles for pages in Glossary. Looks good.
  • 29 Apr 2018: added link to policy.cpp for isStandard() function
  • 26 Apr 2018: added footnote link to stackexchange question
  • 26 Apr 2018: /glossary/script - first draft

Hey there, it's Greg.

I'll let you know if something seriously interesting happens in bitcoin.


Don't worry, it doesn't happen very often.