P2PKH (Pay To Pubkey Hash)
  • Hash256
  • Hash160
  • Reverse Bytes
Youtube Twitter

P2PKH Pay To Pubkey Hash

This script pattern is used to "send" someone bitcoins. It's the most common script used for locking an output to someone's public key.

It is similar to P2PK, but the lock contains the hash of a public key instead (and not the public key itself).

How does P2PKH work?

The P2PKH script pattern contains a hashed public key surrounded by these opcodes:

scriptPubKey 76a91412ab8dc588ca9d5787dde7eb29569da63c3a238c88ac
OP_DUP OP_HASH160 12ab8dc588ca9d5787dde7eb29569da63c3a238c OP_EQUALVERIFY OP_CHECKSIG
P2PKH
hex | opcodes inline | stack

To solve this script, the owner of the hashed public key above needs to provide the original public key, along with a valid signature for it:

scriptSig 48304502203f004eeed0cef2715643e2f25a27a28f3c578e94c7f0f6a4df104e7d163f7f8f022100b8b248c1cfd8f77a0365107a9511d759b7544d979dd152a955c867afac0ef7860141044d05240cfbd8a2786eda9dadd520c1609b8593ff8641018d57703d02ba687cf2f187f0cee2221c3afb1b5ff7888caced2423916b61444666ca1216f26181398c
304502203f004eeed0cef2715643e2f25a27a28f3c578e94c7f0f6a4df104e7d163f7f8f022100b8b248c1cfd8f77a0365107a9511d759b7544d979dd152a955c867afac0ef78601 044d05240cfbd8a2786eda9dadd520c1609b8593ff8641018d57703d02ba687cf2f187f0cee2221c3afb1b5ff7888caced2423916b61444666ca1216f26181398c
hex | opcodes inline | stack

In short, when this script runs:

  • The original public key is DUPlicated and then HASH160'ed.
  • This hashed value is compared with the hashed public key in the scriptPubKey to make sure it is EQUALVERIFY.
  • If it matches, the script continues and the CHECKSIG checks the signature against the public key (just like a P2PK script).

Where can you find P2PKH scripts?

P2PKH is the default script used by wallets when you want to "send" someone bitcoins, so you can find it in most blocks in the blockchain.

Every time you send bitcoins to an address that starts with a 1 you are creating a P2PKH locking script.

Every time you send bitcoins to an address that starts with a 1 you are creating a P2PKH locking script.

Here are some interesting transactions that use P2PKH:

Why do we have P2PKH as well as P2PK?

If P2PK does a good job of locking up bitcoins to a public key, why do we have the more complex P2PKH script?

Only Satoshi knows why we started using P2PKH, but the reason probably goes something like this...

Satoshi wanted a easier way for people to be able to share their public keys with each other. Satoshi knew that you could make public keys:

  • Safer by adding a checksum (to detect errors)
  • Shorter by converting the public key to base58

However, the result was still pretty big:

Satoshi was possibly not aware of compressed public keys at the time. This meant that using public keys (and the P2PK locking script) wasn't very convenient.

Satoshi was possibly not aware of compressed public keys at the time. This meant that using public keys (and the P2PK locking script) wasn't very convenient.

Therefore, a solution for getting a shorter result is to hash the public key first:

A hash function is good way to make anything shorter. Hash160 produces a 160-bit result, which is 40 characters long.

A hash function is good way to make anything shorter. Hash160 produces a 160-bit result, which is 40 characters long.

So there we have a much shorter version of our public key (we call it an address) that we can easily share with other people. Any wallet software can then take this address and decode it from base58 to get the hash160(public key), which can then be set inside a locking script.

Wallet software decodes addresses to get the hash160(public key) from inside it.

Wallet software decodes addresses to get the hash160(public key) from inside it.

Now, the only thing we have to do to make this work is to change the locking mechanism so that we lock an output to the hash of a public key. Then, we provide the original public key we come to unlock it, and the hash of that will be checked before carrying on with the signature check as normal:

It executes similarly P2PK really -- it just checks that the public key when hashed matches what's in the scriptPubKey first.

It executes similarly P2PK really -- it just checks that the public key when hashed matches what's in the scriptPubKey first.

It's a bit more complex from a programming perspective, but it does allow for the use of shorter and more convenient addresses for sending and receiving bitcoins.

I think Satoshi ultimately had usability in mind for Bitcoin, and that's why we have P2PKH.

Would we still use P2PKH if Satoshi knew about compressed public keys?

Maybe, maybe not. Good question.

If you base58 encoded a compressed public key you would get an address that is 51 characters long (as opposed to the 34 characters you get by hashing it beforehand), so there may not have been as much as an incentive to hashing before creating an address:

51 Characters isn't too bad for passing around.

51 Characters isn't too bad for passing around.

Nonetheless, P2PKH had become the standard for sending and receiving bitcoins by this point, so that's why we have stuck with it.

Still, it would have been simpler to have used P2PK from the start.

References

By Greg Walker,

Last Updated: 24 May 2019
  • 24 May 2019: Added Hashover comment system (basic functionality to test it out)
  • 31 Jan 2019: script page checks and edits
  • 29 Jan 2019: Updated title images for script pages. Also added simple breadcrumb for these pages too.
  • 25 Jan 2019: removed unnecessary address code from example scripts
  • 25 Jan 2019: script examples now have hex switches and show the tooltips thanks to using the output.js file in browser/transaction/output
  • 23 Jan 2019: First draft of P2PK, P2PKH, P2MS, and P2SH pages.

Hey there, it's Greg.

I'll let you know about cool website updates, or if something seriously interesting happens in bitcoin.


Don't worry, it doesn't happen very often.