0% found this document useful (0 votes)
118 views59 pages

A Deep Dive Into Bitcoin and Bitcoin Scripts

This document provides an overview of Bitcoin mining and the Bitcoin payment workflow. It discusses how miners add new blocks to the blockchain by collecting transactions and solving a proof-of-work puzzle. Successful miners are rewarded with new bitcoins and transaction fees. The network prioritizes the longest blockchain to achieve consensus when multiple miners solve the puzzle simultaneously. New blocks are typically created every 10 minutes as the difficulty adjusts to maintain this block time.

Uploaded by

Kitty Rai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
118 views59 pages

A Deep Dive Into Bitcoin and Bitcoin Scripts

This document provides an overview of Bitcoin mining and the Bitcoin payment workflow. It discusses how miners add new blocks to the blockchain by collecting transactions and solving a proof-of-work puzzle. Successful miners are rewarded with new bitcoins and transaction fees. The network prioritizes the longest blockchain to achieve consensus when multiple miners solve the puzzle simultaneously. New blocks are typically created every 10 minutes as the difficulty adjusts to maintain this block time.

Uploaded by

Kitty Rai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 59

A Deep Dive into Bitcoin and Bitcoin Scripts

Saravanan Vijayakumaran

Department of Electrical Engineering


Indian Institute of Technology Bombay
https://www.ee.iitb.ac.in/~sarva

November 29, 2017

1 / 59
Bitcoin Mining
Preventing Spam in Public Databases
• A database you own where anyone in the world can add entries?
Your email inbox
• Hashcash was proposed in 1997 to prevent spam
• Protocol
• Suppose an email client wants to send email to an email server
• Client and server agree upon a cryptographic hash function H
• Email server sends the client a challenge string c
c

Server Client
ckx

• Client needs to find a string x such that H(ckx) begins with k zeros
• Since H has pseudorandom outputs, probability of success in a
single trial is
2n−k 1
= k
2n 2
• The x corresponding to c is considered proof-of-work (PoW)
• PoW is difficult to generate but easy to verify
3 / 59
Bitcoin Mining (1/2)
• Process of adding new blocks to the blockchain
• Nodes which want to perform transactions broadcast them
• Miners collect some of these transactions into a candidate block
nVersion
Block Header hashPrevBlock
hashMerkleRoot
Number of nTime
Transactions n nBits
Coinbase nNonce
Transaction
Regular
Transaction 1
Regular
Transaction 2
..
.
Regular
Transaction n − 1

• hashPrevBlock contains double SHA-256 has of previous block’s header


• hashMerkleRoot contains root hash of transaction Merkle tree
h = H(h0 k h1 )

h0 = H(h00 k h01 ) h1 = H(h10 k h10 )

h00 = H(t0 ) h01 = H(t1 ) h10 = H(t2 ) h10

t0 t1 t2

4 / 59
Bitcoin Mining (2/2)
nVersion
Block Header hashPrevBlock
hashMerkleRoot
Number of nTime
Transactions n nBits
Coinbase nNonce
Transaction
Regular
Transaction 1
Regular
Transaction 2
..
.
Regular
Transaction n − 1

• nBits encodes a 256-bit target value T , say

| ·{z
T = 0x 00 · · 00} FFFFF
| ·{z
· · FFFFF}
16 times 48 times

• Miner who can find nNonce such that


SHA256 (SHA256 (nVersion k HashPrevBlock k . . . k nNonce)) ≤ T
can add a new block
• Modifying any header field will require solving PoW puzzle again

5 / 59
Why is Mining Hard?
Target value Fraction of
T SHA256d outputs ≤ T

1
0x7FFFF
| {z · · · FFFF}
FFFF 2
63 times

1
0x0FFFF
| {z · · · FFFF}
FFFF 16
63 times

1
| ·{z
0x00 · · 00} FFFFF
| ·{z
· · FFFFF}
264
16 times 48 times

T +1
Pr [SHA256d output ≤ T ] ≈
2256

6 / 59
Why should anyone mine blocks?
• Successful miner gets rewarded in bitcoins
• Every block contains a coinbase transaction which creates
12.5 bitcoins
• Each miner specifies his own address as the destination of the
new coins
• Every miner is competing to solve their own PoW puzzle
• Miners also collect the transaction fees in the block

7 / 59
Block Addition Workflow
• Nodes broadcast transactions
• Miners accept valid transactions and reject invalid ones (solves double spending)
• Miners try extending the latest block
Candidate
Block A

Block Block Candidate


···
N −2 N −1 Block B

Candidate
Block C

• Miners compete to solve the search puzzle and broadcast solutions


• Unsuccessful miners abandon their current candidate blocks and start work on
new ones
Candidate
Block A0

Block Block Block Candidate


···
N −2 N −1 N Block B 0

Candidate
Block C 0

8 / 59
What if two miners solve the puzzle at the same time?
Solution
Blockfrom Block
miner
N + 1A N +2

Block Block Block


···
N −2 N −1 N

Solution
Stalefrom
miner
blockB

• Both miners will broadcast their solution on the network


• Nodes will accept the first solution they hear and reject others

B
B
A

MB
A B
A MA B

B
A A
A B B

• Nodes always switch to the longest chain they hear


• Eventually the network will converge and achieve consensus
9 / 59
How often are new blocks created?
• Once every 10 minutes

nVersion
hashPrevBlock
hashMerkleRoot
nTime
nBits
nNonce

• Every 2016 blocks, the target T is recalculated


• Let tsum = Number of seconds taken to mine last 2016 blocks

tsum
Tnew = ×T
14 × 24 × 60 × 60

• Recall that probability of success in single trial is T +1


2256
• If tsum = 2016 × 8 × 60, then Tnew = 4
5T
• If tsum = 2016 × 12 × 60, then Tnew = 56 T

10 / 59
Bitcoin Payment Workflow
• Merchant shares address out of band (not using Bitcoin P2P)
• Customer broadcasts transaction t which pays the address
• Miners collect broadcasted transactions into a candidate block

Block Header

Number of
Transactions n
Coinbase
Transaction
Regular
Transaction 1
Regular
Transaction 2
..
.
Regular
Transaction n − 1

• One of the candidate blocks containing t is mined


• Merchant waits for confirmations on t before providing goods

11 / 59
Bitcoin Transaction Format
Coinbase Transaction Format
Pre-SegWit
Block Format
Coinbase Transaction
Output Format
Block Header

Amount x1 nValue
Number of Output 0
Challenge Script C1 scriptPubkeyLen
Transactions n
scriptPubkey
Coinbase
Transaction
Regular Amount x2
Output 1
Transaction 1 Challenge Script C2
Regular
Transaction 2
..
.
Regular
Transaction n − 1

• nValue contains number of satoshis locked in output


• 1 Bitcoin = 108 satoshis
• scriptPubkey contains the challenge script
• scriptPubkeyLen contains byte length of challenge script

13 / 59
Transaction ID
Regular Transaction

nVersion
Number of Inputs N
hash
n
Input 0 scriptSigLen
scriptSig
nSequence
..
.
hash
n
Double
Input N − 1 scriptSigLen
SHA-256 Tx ID
scriptSig
Hash
nSequence
Number of Outputs M
nValue
Output 0 scriptPubkeyLen
scriptPubkey
..
.
nValue
Output M − 1 scriptPubkeyLen
scriptPubkey
nLockTime

14 / 59
Regular Transaction Format
Pre-SegWit
Input Format
Previous Regular Tx Regular Transaction
with Tx ID = I1 hash
n
Tx ID = I1
Input 0 scriptSigLen
One or more Output Index = 0
Response Script R1 scriptSig
inputs nSequence

Amount x1 Tx ID = I1
Output 0 Output Index = 1 Input 1
Challenge Script C1
Response Script R2

Amount x2
Output 1 Challenge Script C2 Tx ID = I2
Output Index = 0 Input 2
Response Script R3 Output Format

Previous Coinbase Tx nValue


Amount y1
Output 0 scriptPubkeyLen
with Tx ID = I2 Challenge Script C4
scriptPubkey

Amount x3
Output 0 Amount y2
Challenge Script C3 Output 1
Challenge Script C5

• hash and n identify output being unlocked


• scriptSig contains the response script
15 / 59
Bitcoin Scripting Language
Script
• Forth-like stack-based language
• One-byte opcodes
Remaining Script Stack State

OP_2 OP_3 OP_ADD

2
OP_3 OP_ADD

3
OP_ADD 2

17 / 59
Challenge/Response Script Execution
Remaining Script Stack State

<Response Script> <Challenge Script>

x1
x2
<Challenge Script> ..
.
xn

y1
y2
..
.
ym

Response is valid if top element y1 evaluates to True


18 / 59
Challenge Script Example
OP_HASH256 0x20 <256-bit string> OP_EQUAL
| {z }
S

Remaining Script Stack State

x
OP_HASH256 0x20 S OP_EQUAL

H(x)
0x20 S OP_EQUAL

S
OP_EQUAL H(x)

0 or 1

Unsafe challenge script! Guess why?


19 / 59
Pre-SegWit Standard Scripts
• Pay to Public Key (P2PK)
• Pay to Public Key Hash (P2PKH)
• m-of-n Multi-Signature (Multisig)
• Pay to Script Hash (P2SH)
• Null Data

20 / 59
Pay to Public Key
Digital Signatures
Message

Decision on
Signer (Message, Signature) Verifier Signature Validity

Signer’s Signer’s
Private Key Public Key

Easy

Private Key Public Key

Hard

22 / 59
Pay to Public Key
• Challenge script: 0x21 <Public Key> OP_CHECKSIG
• Response script: <Signature>
Remaining Script Stack State

<Signature> <Public Key> OP_CHECKSIG

<Signature>
<Public Key> OP_CHECKSIG

<Public Key>
OP_CHECKSIG <Signature>

True/False

23 / 59
Signatures Protect Transactions
Message for
Regular Transaction Input 0 signatures

nVersion nVersion
0x02 0x02
hash0 hash0
n0 n0 Input 0
Input 0
scriptSigLen0 prevScriptPubkeyLen0 Fields
scriptSig0 prevScriptPubkey0
nSequence0 nSequence0
hash1 hash1
n1 n1 Input 1
Input 1 scriptSigLen1 0x00 Fields
scriptSig1 nSequence1
nSequence1 0x02
0x02 nValue0
Output 0
nValue0 scriptPubkeyLen0
Fields
Output 0 scriptPubkeyLen0 scriptPubkey0
scriptPubkey0 nValue1
nValue1 scriptPubkeyLen1 Output 1
Fields
Output 1 scriptPubkeyLen1 scriptPubkey1
scriptPubkey1 nLockTime
nLockTime nHashType

24 / 59
Pay to Public Key Hash
Pay to Public Key Hash Address
• To receive bitcoins, a challenge script needs to be specified
• P2PKH addresses encode P2PKH challenge scripts
• Example: 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm

26 / 59
Base58 Encoding

1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm
l
0091B24BF9F5288532960AC687ABB035127B1D28A50074FFE0

• Alphanumeric representation of bytestrings


• From 62 alphanumeric characters 0, O, I, l are excluded
Ch Int Ch Int Ch Int Ch Int Ch Int Ch Int Ch Int
1 0 A 9 K 18 U 27 d 36 n 45 w 54
2 1 B 10 L 19 V 28 e 37 o 46 x 55
3 2 C 11 M 20 W 29 f 38 p 47 y 56
4 3 D 12 N 21 X 30 g 39 q 48 z 57
5 4 E 13 P 22 Y 31 h 40 r 49
6 5 F 14 Q 23 Z 32 i 41 s 50
7 6 G 15 R 24 a 33 j 42 t 51
8 7 H 16 S 25 b 34 k 43 u 53
9 8 J 17 T 26 c 35 m 44 v 53

• Given a bytestring bn bn−1 · · · b0


• Encode each leading P zero byte as a 1
• Get integer N = n−m i
i=0 bi 256 P
• Get ak ak −1 · · · a0 where N = ki=0 ai 58i
• Map each integer ai to a Base58 character
27 / 59
Pay to Public Key Hash Address
Public Key SHA-256

RIPEMD-160

Prefix address
version byte

BkR
Double
SHA-256

Extract first C4
k
four bytes
BkRkC4

Base58
Encoding P2PKH Address

28 / 59
Why Hash the Public Key?
Point Addition

Private Key Public Key

ECDLP

• ECDLP = Elliptic Curve Discrete Logarithm Problem


• ECDLP currently hard but no future guarantees
• Hashing the public key gives extra protection

P2PK Solve
Private key
Address ECDLP

Find Find
P2PKH Solve
RIPEMD-160 SHA-256 Private key
Address ECDLP
preimage preimage

29 / 59
P2PKH Transaction
• Challenge script
OP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY
OP_CHECKSIG
Base58
P2PKH Address Decoding

BkRkC4

Discard last
four bytes

BkR

Discard address R
PubKeyHash
version prefix byte

• Response script: <Signature> <Public Key>

30 / 59
P2PKH Script Execution (1/2)
Remaining Script Stack State

<Signature> <Public Key> OP_DUP OP_HASH160


<PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

<Public Key> OP_DUP OP_HASH160 <Signature>


<PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

<Public Key>
OP_DUP OP_HASH160
<Signature>
<PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

<Public Key>
OP_HASH160 <Public Key>
<PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG <Signature>

31 / 59
P2PKH Script Execution (2/2)
Remaining Script Stack State

<PubKeyHashCalc>
<Public Key>
<Signature>
<PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

<PubKeyHash>
<PubKeyHashCalc>
<Public Key>
OP_EQUALVERIFY OP_CHECKSIG
<Signature>

<Public Key>
<Signature>
OP_CHECKSIG

True/False

32 / 59
Multi-Signature
m-of-n Multi-Signature Scripts
• m-of-n multisig challenge script specifies n public keys

m <Public Key 1> · · · <Public Key n> n OP_CHECKMULTISIG

• Response script provides signatures created using any m out of


the n private keys

OP_0 <Signature 1> · · · <Signature m>.

• Example: m = 2 and n = 3
• Challenge script

OP_2 <PubKey1> <PubKey2> <PubKey3> OP_3 OP_CHECKMULTISIG

• Response script
OP_0 <Sig1> <Sig2>

34 / 59
2-of-3 Multisig Script Execution
Remaining Script Stack State

OP_0 <Sig1> <Sig2> OP_2 <PubKey1>


<PubKey2> <PubKey3> OP_3 OP_CHECKMULTISIG

<Sig2>
OP_2 <PubKey1> <Sig1>
<PubKey2> <PubKey3> OP_3 OP_CHECKMULTISIG <Empty Array>

3
<PubKey3>
<PubKey2>
<PubKey1>
2
OP_CHECKMULTISIG
<Sig2>
<Sig1>
<Empty Array>

True/False

35 / 59
Pay to Script Hash
Pay to Script Hash Script
• Allows specification of arbitrary scripts as payment destinations
• Challenge script

OP_HASH160 <RedeemScriptHash> OP_EQUAL


• Response script

<Response To Redeem Script> <Redeem Script>


• Example
• 1-of-2 Multisig Challenge Script
OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG
• 1-of-2 Multisig Response Script
OP_0 <Sig1>
• P2SH Multisig challenge script
OP_HASH160 <RedeemScriptHash> OP_EQUAL
• P2SH Multisig response script
OP_0 <Sig1> OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG
| {z } | {z }
Response to Redeem Script
Redeem Script

37 / 59
P2SH Multisig Script Execution (1/2)
Remaining Script Stack State
OP_0 <Sig1>
<OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG>
OP_HASH160 <RedeemScriptHash> OP_EQUAL

<Sig1>
<OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG> <Empty Array>
OP_HASH160 <RedeemScriptHash> OP_EQUAL

OP_1 <PubKey1> <PubKey2>


OP_2 OP_CHECKMULTISIG
<Sig1>
OP_HASH160 <RedeemScriptHash> OP_EQUAL <Empty Array>

<RedeemScriptHashCalc>
<Sig1>
<Empty Array>
<RedeemScriptHash> OP_EQUAL

<RedeemScriptHash>
<RedeemScriptHashCalc>
<Sig1>
OP_EQUAL <Empty Array>

38 / 59
P2SH Multisig Script Execution (2/2)
Remaining Script Stack State

<Sig1>
<Empty Array>
OP_1 <PubKey1> <PubKey2> OP_2 OP_CHECKMULTISIG

2
<PubKey2>
<PubKey1>
1
OP_CHECKMULTISIG
<Sig1>
<Empty Array>

True/False

39 / 59
Pay to Script Hash Address
Redeem Script SHA-256

RIPEMD-160

Prefix address
version byte

BkR
Double
SHA-256

Extract first C4
k
four bytes
BkRkC4

Base58
Encoding P2SH Address

40 / 59
Null Data
Null Data Script
• Challenge script
OP_RETURN <Data>
Length(<Data>) ≤ 80 bytes
• OP_RETURN terminates script execution immediately
• No valid response script exists
• Null data outputs are unspendable
• Any bitcoins locked by a null data challenge script are lost forever
• Mainly used to timestamp data

42 / 59
Smart Contracts
Smart Contracts
• Computer protocols which help execution/enforcement of regular
contracts
• Minimize trust between interacting parties
• Hypothetical example: Automatic fine for noise pollution
• Campus community hall parties use loudspeakers
• Party organizers pay bitcoin security deposit
• If noise rules violated, deposit distributed to nearby residents
• Two actual examples
• Escrow
• Micropayments

44 / 59
Smart Contracts
Escrow
Problem Setup
• Alice wants to buy a rare book from Bob
• Alice and Bob live in different cities
• Bob promises to ship the book upon receiving Bitcoin payment
• Alice does not trust Bob
• Alice proposes an escrow contract involving a third party Carol

46 / 59
Escrow Contract
• Alice requests public keys from Bob and Carol
• Alice pays x bitcoins to a 2-of-3 multisig output
OP_2 <PubKeyA> <PubKeyB> <PubKeyC> OP_3 OP_CHECKMULTISIG

• Bob ships book once Alice’s transaction is confirmed


• Bitcoins can be spent if any two of the three provide signatures
• Any of the following scenarios can occur
• Alice receives book.
Alice and Bob sign.
• Alice receives the book but refuses to sign.
Bob provides proof of shipment to Carol.
Bob and Carol sign.
• Bob does not ship the book to Alice.
Bob refuses to sign refund transaction.
Alice and Carol sign.
• Escrow contract fails if Carol colludes with Alice or Bob
• Also proof of shipment is not proof of contents

47 / 59
Smart Contracts
Micropayments
Problem Setup
• Bitcoin transaction fees make small payments expensive
• Micropayments contract can aggregate small payments
• Alice offers proofreading and editing services online
• She accepts bitcoins as payments
• Clients email documents to Alice
• Alice replies with typos and grammatical errors
• Alice charges a fixed amount of bitcoins per edited page
• To avoid clients refusing payment, Alice uses micropayments
contract
• Suppose Bob wants a 100 page document edited
• Alice charges 0.0001 BTC per page
• Bob expects to pay a maximum of 0.01 BTC to Alice

49 / 59
Micropayments Contract (1/3)
Creating Refund Transaction

• Bob requests a public key from Alice Alice Bob

• Bob creates a transaction t1 which


transfers 0.01 bitcoins to a 2-of-2 Request public key

multisig output Send PubKeyA


Create PubKeyB
• Bob does not broadcast t1 on the Create t1
Create t2
network
Send t2 with B’s sig
• Bob creates a refund transaction t2
Send t2 with A’s sig
which refunds the 0.01 BTC
• A relative lock time of n days is set on t2
• Bob includes his signature in t2 and
sends it to Alice
• If Alice refuses to sign, Bob terminates
the contract
• If Alice signs t2 and gives it Bob, he has
the refund transaction

50 / 59
Micropayments Contract (2/3)
Getting Paid for First Page Edits

• Bob broadcasts t1 on the network Alice Bob Network

• Once t1 is confirmed, he sends Alice


his document Request public key

• Alice edits only the first page of the Send PubKeyA


Create PubKeyB
document Create t1
Create t2
• She creates a transaction e1 which Send t2 with B’s sig

unlocks t1 and pays her 0.0001 BTC


Send t2 with A’s sig Broadcast
and 0.0099 BTC to Bob t1
ation
t1 confirm
• Alice signs e1 and sends it to Bob Send document
along with the first page edits Send e1 with A’s
sig and page 1 edits
• If Bob refuses to sign e1 , then
sig
Send e1 with B’s
• Alice terminates the contract.
• Bob broadcasts t2 after lock
time expires
• If Bob signs e1 and returns it to Alice,
then Alice is guaranteed 0.0001
bitcoins if she broadcasts e1 before
lock time on t2 expires.

51 / 59
Micropayments Contract (3/3)
Getting Paid for Second Page, Third Page . . .

• Alice edits the second page of the Alice Bob Network

document
Request public key
• She creates a transaction e2 which
unlocks t1 and pays her 0.0002 BTC Send PubKeyA
Create PubKeyB
and 0.0098 BTC to Bob Create t1
Create t2
Send t2 with B’s sig
• Alice signs e2 and sends it to Bob
Send t2 with A’s sig
along with the second page edits Broadcast
t1
n
t1 confirmatio
• If Bob refuses to sign e2 , then Alice
Send document
terminates the contract.
Alice broadcasts e1 and receives Send e1 with A’s
sig and page 1 edits
0.0001 BTC.
sig
• If Bob signs e2 and returns it to Alice, Send e1 with B’s
Send e2 with A’s
sig and page
then Alice is guaranteed 0.0002 2 edits

bitcoins if she broadcasts e2 before Send e2 with B’s


sig

lock time on t2 expires. ..


.
• Alice continues sending edited pages
Send e100 with A’s
along with transactions requesting sig and page 100 edits

cumulative payments Send e100 with B’s


sig

Broadcast e
• She has to finish before the refund 100

confirmation
transaction lock time expires e100

52 / 59
Key Takeaways
• Smart contracts reduce the need for trust
• Bitcoin’s scripting language enables some smart contracts
• Not powerful enough to express complex contracts

53 / 59
What about SegWit?
Transaction ID
Regular Transaction

nVersion
Number of Inputs N
hash
n
Input 0 scriptSigLen
scriptSig
nSequence
..
.
hash
n
Double
Input N − 1 scriptSigLen
SHA-256 Tx ID
scriptSig
Hash
nSequence
Number of Outputs M
nValue
Output 0 scriptPubkeyLen
scriptPubkey
..
.
nValue
Output M − 1 scriptPubkeyLen
scriptPubkey
nLockTime

55 / 59
Refund Protocol
• Alice wants to teach Bob about transactions
• Bob does not own any bitcoins
• Alice decides to transfer some bitcoins to Bob
• Alice does not trust Bob
• She wants to ensure refund

56 / 59
Refund Protocol
Transaction t1
with TXID i1
Transaction t2
Input unlocking
Input 0 Input with hash = i1 and
x bitcoins from Input 0
n = 0 unlocking the
Alice’s UTXO
2-of-2 multisig output in t1

Output locked by
Output returning
Output 0 2-of-2 multisig Output 0
funds to Alice
challenge script

Bob Alice Network

1. Create t1
2. Create t2
th A’s sig
3. Send t2 wi

4. Send t wi
2 th B’s sig 5. Broadcas
t t1
ion
t1 confirmat

6. Broadcas
t t2
ion
t2 confirmat
57 / 59
Exploiting Transaction Malleability
Bob Alice Network

1. Create t1
2. Create t2
th A’s sig
3. Send t2 wi

4. Send t wi
2 th B’s sig 5. Broadcast t
1
tt
5. Broadcas 1
6. Broadca
st t10
ion
t 10 confirmat

• If (r , s) is a valid ECDSA signature, so is (r , n − s)


• The t10 transaction cannot be spent by t2
• SegWit = Segregated Witness
• Solves problems arising from transaction malleability

58 / 59
Bitcoin Script Learning Resources
• Code https://github.com/bitcoin/bitcoin/
(src/script directory)
• Stackoverflow https://bitcoin.stackexchange.com/
• Forum https://bitcointalk.org/
• IRC https://en.bitcoin.it/wiki/IRC_channels
• Books
• Princeton book http://bitcoinbook.cs.princeton.edu/
• Mastering Bitcoin, Andreas Antonopoulos
• Notes
• https://www.ee.iitb.ac.in/~sarva/bitcoin.html

Thanks for your attention


Questions/Comments?

59 / 59

You might also like