P2PKH

Pay To Pubkey Hash

This script pattern is used to “send” someone bitcoins. It’s the most common script used for locking an output to someone’s public key.

It is similar to P2PK, but the lock contains the hash of a public key instead (and not the public key itself).

How does P2PKH work?

The P2PKH script pattern contains a hashed public key surrounded by these opcodes:

scriptPubKey	76a91412ab8dc588ca9d5787dde7eb29569da63c3a238c88ac	`OP_DUP` `OP_HASH160` `12ab8dc588ca9d5787dde7eb29569da63c3a238c` `OP_EQUALVERIFY` `OP_CHECKSIG`	P2PKH
hex \| opcodes	inline \| stack

To solve this script, the owner of the hashed public key above needs to provide the original public key, along with a valid signature for it:

scriptSig	48304502203f004eeed0cef2715643e2f25a27a28f3c578e94c7f0f6a4df104e7d163f7f8f022100b8b248c1cfd8f77a0365107a9511d759b7544d979dd152a955c867afac0ef7860141044d05240cfbd8a2786eda9dadd520c1609b8593ff8641018d57703d02ba687cf2f187f0cee2221c3afb1b5ff7888caced2423916b61444666ca1216f26181398c	`304502203f004eeed0cef2715643e2f25a27a28f3c578e94c7f0f6a4df104e7d163f7f8f022100b8b248c1cfd8f77a0365107a9511d759b7544d979dd152a955c867afac0ef78601` `044d05240cfbd8a2786eda9dadd520c1609b8593ff8641018d57703d02ba687cf2f187f0cee2221c3afb1b5ff7888caced2423916b61444666ca1216f26181398c`
hex \| opcodes	inline \| stack

In short, when this script runs:

The original public key is DUPlicated and then HASH160’ed.
This hashed value is compared with the hashed public key in the scriptPubKey to make sure it is EQUALVERIFY.
If it matches, the script continues and the CHECKSIG checks the signature against the public key (just like a P2PK script).

Where can you find P2PKH scripts?

P2PKH is the default script used by wallets when you want to “send” someone bitcoins, so you can find it in most blocks in the blockchain.

Every time you send bitcoins to an `address` that starts with a `1` you are creating a P2PKH locking script.

Here are some interesting transactions that use P2PKH:

6f7cf9580f1c2dfb3c4d5d043cdbb128c640e3f20161245aa7372e9666168516 - First P2PKH Transaction (16th January 2009)
a1075db55d416d3ca199f55b6084e2115b9345e16c5cf302fc80e9d5fbf5d48d - Pizza Transaction (10,000 BTC)

Why do we have P2PKH as well as P2PK?

If P2PK does a good job of locking up bitcoins to a public key, why do we have the more complex P2PKH script?

Only Satoshi knows why we started using P2PKH, but the reason probably goes something like this…

Satoshi wanted a easier way for people to be able to share their public keys with each other. Satoshi knew that you could make public keys:

Safer by adding a checksum (to detect errors)
Shorter by converting the public key to base58

However, the result was still pretty big:

Satoshi was possibly not aware of *compressed* public keys at the time. This meant that using public keys (and the P2PK locking script) wasn’t very convenient.

Therefore, a solution for getting an even shorter result is to hash the public key first:

A hash function is good way to make anything shorter. Hash160 produces a 160-bit result, which is 40 characters long.

So there we have a much shorter version of our public key (we call it an address) that we can easily share with other people. Any wallet software can then take this address and decode it from base58 to get the public key hash, which can then be set inside a locking script.

Wallet software decodes addresses to get the `public key hash` from inside it.

Now, the only thing we have to do to make this work is to change the locking mechanism so that we lock an output to the hash of a public key. Then, we provide the original public key we come to unlock it, and the hash of that will be checked before carrying on with the signature check as normal:

It executes similarly P2PK really – it just checks that the public key when hashed matches what’s in the scriptPubKey first.

It’s a bit more complex from a programming perspective, but it does allow for the use of shorter and more convenient addresses for sending and receiving bitcoins.

I think Satoshi ultimately had usability in mind for Bitcoin, and that’s why we have P2PKH.

Would we still use P2PKH if Satoshi knew about compressed public keys?

Maybe, maybe not. Good question.

If you base58 encoded a compressed public key you would get an address that is 51 characters long (as opposed to the 34 characters you get by hashing it beforehand), so there may not have been as much as an incentive to hashing before creating an address:

51 Characters isn’t too bad for passing around.

Nonetheless, P2PKH had become the standard for sending and receiving bitcoins by this point, so that’s why we have stuck with it.

Still, it would have been simpler to have used P2PK from the start.

References

https://bitcoin.stackexchange.com/questions/3600/why-are-bitcoin-addresses-hashes-of-public-keys