P2PK

Pay To Public Key

A diagram showing the structure of a P2PK.

P2PK (Pay To Public Key) is a script pattern that locks an output to a public key.

It is a simpler version of the more-commonly used P2PKH locking script.

Legacy Script. This is a legacy script pattern and is rarely used.

Usage

How does P2PK work?

ScriptPubKey

To create a P2PK lock you just need to place a public key and a OP_CHECKSIG opcode in the ScriptPubKey:

OP_PUSHBYTES_65
049464205950188c29d377eebca6535e0f3699ce4069ecd77ffebfbd0bcf95e3c134cb7d2742d800a12df41413a09ef87a80516353a2f0a280547bb5512dc03da8
OP_CHECKSIG
41049464205950188c29d377eebca6535e0f3699ce4069ecd77ffebfbd0bcf95e3c134cb7d2742d800a12df41413a09ef87a80516353a2f0a280547bb5512dc03da8ac

Transaction: 1db6251a9afce7025a2061a19e63c700dffc3bec368bd1883decfac353357a9d (Output 1)

The public key can either be an uncompressed public key (65 bytes) or a compressed public key (33 bytes). Both are fine to use within a P2PK. The example above contains a 65-byte uncompressed public key.

ScriptSig

To unlock a P2PK you just need to provide a valid signature in the ScriptSig:

OP_PUSHBYTES_72
3045022100c219a522e65ca8500ebe05a70d5a49d840ccc15f2afa4ee9df783f06b2a322310220489a46c37feb33f52c586da25c70113b8eea41216440eb84771cb67a67fdb68c01
483045022100c219a522e65ca8500ebe05a70d5a49d840ccc15f2afa4ee9df783f06b2a322310220489a46c37feb33f52c586da25c70113b8eea41216440eb84771cb67a67fdb68c01

Transaction: e827a366ad4fc9a305e0901fe1eefc7e9fb8d70655a079877cf1ead0c3618ec0 (Input 0)

Execution

When the script runs, both the signature and public key are pushed on to the stack, and then the OP_CHECKSIG opcode verifies the signature against the public key and pushes a OP_1 on to the stack if the signature is valid.

If the signature is not valid, a OP_0 is pushed on to the stack and the script is invalid.

An animation showing the execution of a full P2PK script.

Examples

Where can you find P2PK scripts?

Despite being the simplest script for locking bitcoins to someone's public key, P2PK is not used as much as the similar (yet slightly more complex) P2PKH script.

Here are some examples of transactions using P2PK:

The coinbase transaction in the genesis block. This output has not been spent.
The first ever bitcoin transaction from Satoshi to Hal Finney. Satoshi actually used P2PK for both outputs in the first transaction, even though P2PKH was available. Probably because Hal was more than comfortable using public key cryptography directly, and Satoshi did not want to bother with the additional layer of complexity that comes with P2PKH.
This transaction contains a P2PK locked to a 33-byte compressed public key (as opposed to a 65-byte uncompressed public key in the examples above).

Coinbase Transactions

You'll most commonly find P2PK in coinbase transactions in the earlier blocks in the blockchain.

This is because the original Bitcoin Core miner would send the block reward to a P2PK when constructing a candidate block:

A diagram showing the output from an early coinbase transaction being locked to a P2PK.

It's pretty rare to find P2PK locking scripts being used in the wild these days.

Why did Satoshi use P2PK in the Bitcoin Core miner?

I'm not sure. Satoshi never gave a reason for this choice.

I think P2PKH was used as a convenient way for humans to make transactions, as it allowed you to use addresses instead of passing around your public key (which is longer). Whereas the miner does not need the convenience of addresses, so P2PK made for a simpler choice.

Why don't we use P2PK more often?

Because Satoshi designed P2PKH so that we can send each other shorter addresses instead of full public keys.

For convenience, Bitcoin wallets then only offered the ability to send bitcoins to addresses (which convert to P2PKH scripts), so the only way use P2PK is to construct one manually in a raw transaction.

Address

Does P2PK have an address?

A P2PK does not have an official address. However, you'll sometimes find blockchain explorers displaying addresses for P2PK locking scripts, even though they technically do not have one.

For example, this is the ScriptPubKey on the output of the genesis transaction, which is using a P2PK locking script:

OP_PUSHBYTES_65
04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
OP_CHECKSIG
4104678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5fac

Transaction: 4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b (Output 0)

This P2PK locking script does not have an official address, but some blockchain explorers will show that it has the address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa:

Screenshot of the genesis transaction on the blockchain.com explorer.
Screenshot of the genesis transaction on the blockchain.com explorer.

This is actually what the address would have been if it was a P2PKH instead of a P2PK.

So when you see an address for a P2PK, the blockchain explorer has taken it upon themselves to HASH160 the public key inside the P2PK, then convert that to a base58 address to show you what the address for that output would have been if it was actually a P2PKH locking script instead.

HASH160
Address (Base58)

So whilst P2PK and P2PKH are similar, and they would both lock coins to the same person if they both contain the same public key, it's not technically accurate to say that a P2PK locking script has an address.

The only benefit to finding the "addresses" for P2PKs is if you were doing some form of blockchain analysis, and wanted to see if coins had been locked to the same public key via a P2PK or P2PKH, and wanted to use an address as the search parameter.

Resources