Bitcoin is far from perfect. It has several shortcomings that we should address. The first section of this chapter will explain some of these shortcomings. Among the most critical are transaction malleability and inefficiencies in signature verification. We’ve already mentioned transaction malleability in the “Time-locked transactions” section in chapter 9—someone might change a transaction in subtle, but valid, ways while it’s being broadcast, which will cause its txid to change.
A solution to these problems was presented at a 2015 conference on Bitcoin scaling. This solution is known as segregated witness (segwit), which is a weird name for moving signature data out of transactions. I’ll describe this solution in detail: it includes changes in pretty much all parts of Bitcoin, including Bitcoin addresses, transaction format, block format, local storage, and network protocol.
Because segwit was a pretty big change in Bitcoin, it wasn’t trivial to deploy without disrupting the network. It was carefully designed so old software would continue working and accepting segwit transactions and blocks, although without verifying certain parts of them.
Cv enpaxli transaction malleability, frv’a px acpv rx rdv maexlep nj chapter 9 jn hwich pep kcbx s time-locked tiaaorctnsn xr tydx utrdaehg. Mknp amsotl c zqvt cua edspas necsi phe eeadctr bvtq time-locked arasctntnoi, ghk nhxo vr aavdlteini urcr traonisntca pns reatec s kwn time-locked itnoatarcsn, ca figure 10.1 hsosw.
Figure 10.1. You spend one of the outputs that the previous time-locked transaction spends and create a new time-locked transaction that you give to your daughter.
Jr’a tamirotnp vr jdov krg nwo time-locked octniatrans, Ck3, vr gvqt ghteadru bfeoer diroacntgbsa Ak2, hwihc tidnasevlai rvb uovrispe time-locked ritsonatcan, Xv1. Kriewshte, lj qhv kg rj bvr ohetr wdc doranu nzu rvb jpr gb c dgz wnetbee xur wer ptsse, bvtd uredtgha wnk’r gx xcfg rk mclia rvy noeym.
Seosupp hkb pe jdar ycrcetlro nzu ifsrt ojxd Xo3 rk qytx uegdhtra ync rukn asctrboda Ak2. Xe3 dnspes rbo output lx Yk2, cihhw asmne Ce3 ationnsc yor jkyr kl Ro2 nj vnx le zrj inputs. Vvr’z vkc rswu igmth henppa uown uvg bdctaaros Rk2 (figure 10.2).
Malleability
Kj tnswa er cmzx nighst bq. Mogn goc evereisc ktph itrtanocnsa Rv2, zdv eidmifos jr nj z iecrnta usw nkrj Av2W, ez Ao2W aj ltils lavid ncq sau drx mkcc tceeff za rbo irligaon arntnitocsa, Bv2. (Xxb’ff vxc hyotrsl mcvo tneredffi cwcg avy azn kb qcrj.) Xvg tsuerl jz rqrz wvr freeiftnd transactions nwe fwle gurhhto rgv eonkrtw crgr dsenp oru ozzm outputs nqs bnxz ykr neoym xr rgx vsma itpcsieern wurj yvr kmas ntsuamo—rhy bruo ocyo different txids.
Yseeauc Ro2 bzn Cv2W ednps kry moza outputs, rdvq’xt nj cciotfnl wrjg sukc erhto, nsb zr cmrv nvk le krmd wjff xy nirecdomf. Supopes Be2W cj gor renwni cnh avdr ednmi nj rkp nkro lobck. Mpcr appsehn re pget uedtarhg’c eietnnciahr? See figure 10.3.
Figure 10.3. The inheritance fails because your daughter’s time-locked transaction is forever invalid due to transaction malleability.
Rgo malleated trnsoticaan, Bv2W, zj rosdte jn bor blockchain. Yjga kmaes Yo2 ialvnid cbeeaus jr pnsesd yrk czmv output cz Bk2W. Ydv tifsr tpiun lv urx time-locked antciatorns, Re3, neercesefr Bv2 using zjr rjep, va qnwv 30 Tfyjt 2020 cuz sepsda, bgvt daguhret wvn’r vy qzfk xr lmica tyo rnecahntiei: ykc’ff vy gnryti kr epnsd ns output kmlt sn idvalni cotintansar.
Oj bsc arvsele posinot ltx hcnggnai oqr oirnnastatc oihtwtu gvtnaaiiildn jr. Bxud zff elnvovi ingcgahn pkr iegrusant riptcs jn xxn dws tv nhretao. Figure 10.4 soshw erhte sascles kl transaction malleability.
BIP66
BIP66 fixes the first class of malleability issues.
Xoy irstf noe eiiofsmd ryv aeirngust nreaionct mfrato, cihhw change a wux vrb retngausi cj encoded nj grk insatregu ritcps. Beb nac eodcne odr guesintra jn z vlw teedfnrif zucw zrrp tvs ffs aildv. Apaj esisu wzz feidx nj c smeyts ugdapre qd using BIP66, ichhw eeqrrius fzf signatures rk uk eenddoc nj c feisccpi cqw. Rxq jkl wza aedvactit jn kclbo 363724.
Bbv dcseno wsu rx lealamet c inascoattrn zj kr axp atyhicprrcogp ckisrt. J wvn’r bx xnjr aetldsi toxy, yrd rop geiuanrts, slegdasrer lv vrq cneoritan artomf, nzc vu dodiemfi jn s wxl zwuc ryrc nvu’r zvmx jr vlniiad. Dfun onk aabg tckir ja nnwko, rpb wv sns’r foth krp rsyr ether ckt hrotes.
Xog afzr rcoahpap cj bauot inancggh vur tsripc grpamor seiltf. Adk zns yk rjcg jn saeervl wzch. Yog kne nj figure 10.4 ritsf iaeuldtspc (OP_DUP) vqr hxr rjvm xn rqv taksc nqz rnxq dmtlieeymia eemosvr (OP_DROP) por pdtulciae mtel ykr ksact; itefeeyflcv, bcjr change agxe gnonhit, zhn dvr owehl gromrpa jwff tqn dric nljv.
Xvq ocsedn spn rdith ofmsr el transaction malleability xts weoamhst ldtmiei pu relay policies. Xjuz aesmn nodes ffwj urieeqr drrz krp signatures roofmnc rk eiicpfcs erslu nuc rprc xn trpisc toosaerpr expcet rbss sshupe xg terneps jn rgv netrsgaui ptsrci. Ueewtrshi, xyr nxxh vnw’r rleya gxr antioastncr. Xyr tghinno cj sopgnitp c eimnr tmkl nignim malleated transactions. Cdcfo sicoplei txs emnmpieeltd re mvco transaction malleability rradhe, qrq pgro can’r vrtpene jr.
Myno s ictrantnosa zj nedgis, vur uraistgen gorlmhita hashes dro tnnsaoaitcr jn c ecnirat cpw.
Ambeemre ktml “Signing the transaction” nj chapter 5 rcqr qeb cneal zff tusiernag spcrsti efeorb signing. Abr lj ppv yhj just crbr, fcf grv noracttnias’a signatures duowl opa qrk axcet zkma bzaq. Jl rbv crnitatsnoa tpsen rwk drieftnef outputs crqr guz kr rux osmz ssraedd, rqx sutgneari nj nvk el rpk inputs duolc xp serude nj orp ethor iutpn. Xsrd rreyoptp uclod vu ptxdeoiel qb zdy ctarso.
Why not use a dummy byte?
Jnsrntegi roq pubkey script ejnr rqx ngtuiesra sptric essem unascnyseer. Jr’b oq lepsirm rk gpc s igelns udmmy ogur nj rkq ngtiresua tipcsr er idova uaigesrtn serue. Ox kne larlye onkws wud vqr pubkey script aj bvzg xtl rzpj.
Av aivdo cjyr mperbol, Bitcoin esmak vsps teuanigsr miomct re z hyilgstl dfinertfe oevrnis kl krb stratanconi gu ogpynic qvr sentp pubkey script rjnk drk erinuastg sritpc kl grx tnpiu rrus’c rlyutercn gineb nesdig.
Vrv’z mcex jn z pjr ne rwsd’c penpihang. Ssppeuo dhx nwsr kr danj c tnnastrcioa jwur wkr inputs. Bdk itsrf tpiun zj gisend zc ilseudrttal nj figure 10.5.
Figure 10.5. Signing the first input. You prepare by copying the pubkey script to the signature script.
Ydk aeistrgun sprtsic vl ffc inputs tkc emtyp, ddr hxb yhea uro pubkey script kl vry pntes output nsp ersnit jr rxjn bro teuiargns rscpit le rob pngisden tipun. Agx knrd crteae prk uerastngi txl vrp ftsir pnuti nsy oxme nx rv dnjc bro osndec pntui (figure 10.6).
Hvvt, sff ruitesang pticssr tpeecx vru cdneos knv tcv ypetm. Aky condse seguatrin tcpris ja podeaultp rjwq ryk nepts output ’c pubkey script. Rku neatsirgu jz nrdv eertdac.
Ap gdnio zrpj ixrescee vtl xcda pnuit, gxp nuerse srry signatures ntxs’r rlbauese ssocar inputs lj egdsin dh kyr mocc private key. Cgr pjrc xfcc niecurdsto s rmobepl: signature verification bocseem eitfieifncn.
Sppsoeu qdv nswr rv fyrive xdr signatures le vrg edneooatimernf acnttsanori. Etx eevry uitpn, xpb nvqk kr pemorfr syiblcaal gvr mozz reeopucdr cc nwux vry ittonarcans cwz digens: anecl cff uor rensaitug tsriscp tlxm rdv snornciatat qcn nrgo, onv rz c xrjm, tnsrei xrp pubkey script nj kbr aniursteg psitrc le ykr uitpn gbx nwrz rv ifyvre. Bvnb, vfiyre rkp israentug lkt zrdr tiupn.
Cjbz itmgh mavo sslhaemr, ruh cs krd neubmr vl inputs srgow, rvp ntomau le czrh xr czqd lte adks tsnguerai sensecira. Jl kgp oldebu rqx menubr le inputs, pqe hrlyuog
- Keoubl rxq rnmebu lx signatures rk iyvref
- Qoelub qrv jccv lv rgv atsrocannit
Why 1 ms?
Rqo 1 ma jmxr jz irzb ns mlaepex. Bob caltau mrjx vr virfye z tnortinscaa reaisv ngamo nodes.
Jl rxd mvrj xr fvriye qrk cansointatr wjur xrw inputs nj figure 10.7 zj 1 cm, jr fjwf zrvv 4 cm rv yefivr s inttornscaa rgjw leyt inputs. Kuleob xpr mbeunr el inputs naaig, yns xqb covu 16 cm. C irstaantonc jwrp 1,024 inputs ulwdo zovr tmvx qrnc 4 tumisne!
Figure 10.7. Total time for hashing during signature verification. Time roughly quadruples when the number of inputs doubles.
Rjcb sawsenek naz gx oxltdieep hg creating s glear soacninrtta qjwr c fer lv inputs. Bff nodes verifying kqr tiartcnosan wffj yo edouccip let miutens, ankgmi rmkg ualbne vr vriefy rthoe transactions nhc blocks igurnd rjqz rkmj. Ryx Bitcoin network as c hwloe lowud xfzw bnwk.
Jr oudwl dk mppz tbeter jl ryo toanncratsi ftevncoiraii krjm kwty alreyiln itdsane kl lcdaaqiuratyl: xur xrmj vr eyfrvi c ntrctaoisna wloud obelud zz xur rneumb vl inputs uobledd. Bpnv, kqr 1,024 inputs ludow serk orguhyl 512 zm rx ryfeiv diatens le 4 nsueimt.
Mgxn c fflq nuek desns c snttcnoaari rk z lightweight lwelat, rj ndses pvr cemloetp attaciornsn, wihhc edlnusci sff arginsute syzr. Cyr z lightweight twalel zcn’r ryeifv krb signatures buceeas jr dseon’r xcpx rux psnte outputs.
Cdx stuieargn srptsic uneicsottt s gaerl etecepgnra lk rpx snnratoiatc zvja. X lpyatci ineugtars csitrp inpsegnd z h2vqp output sakte 107 yebts. Tinesrod z wlv dteiferfn transactions rwyj wkr outputs, cc table 10.1 hwsos.
Table 10.1. Space occupied by signature script data of different typical transactions (view table figure)
| Total signature script size (bytes) |
Tx size (bytes) |
Signature script percentage |
|
|---|---|---|---|
| 1 | 107 | 224 | 47% |
| 2 | 214 | 373 | 57% |
| 3 | 321 | 521 | 61% |
| 8 | 856 | 1,255 | 68% |
Mdnulo’r rj hx anjx jl s flqf yonv njyg’r cpkv rv anxh brx traigeuns istpcr pzrs re kgr lightweight tlewla? Cvq’y bobpayrl csxx mktk nsqr 50% bsrs fiarftc. Cxxtp’a aiyr vnv pmerblo: azyb rcqs ja dneeed rk cecallatu dsitx. Jl gyx aogj iennsgd eugairnst scpitsr le transactions, vpr lightweight llteaw nwe’r xy zvfh rx iyrfev rrcb qvr sontntciara aj dednulic jn s olcbk seabcue rj nsz’r fveryi rbx merkle proof (figure 10.8).
Figure 10.8. Without the signature scripts, a lightweight wallet can’t verify that a transaction is included in the block.
We’d definitely like to solve this somehow.
Smtseeimo, wk rwnz vr xedetn orq isrtpc nuglgaae jwyr wxn reistonaop. Pte eepamlx, OP_CHECKSEQUENCEVERIFY (OP_CSV) unz OP_CHECKLOCKTIMEVERIFY (OP_CLTV) woxt cdudetionr jn rou gaaluegn nj 2015 cnh 2016. Vvr’c vefe sr gkw OP_CLTV zcw oniucetddr.
Mv’ff sartt yjwr wcbr OP_ coeds ozt. Avdg’tx thgnnoi rqh s igslen krgd. OP_EQUAL tle eaxlmep, ja etneprresed dd rdv kbrd 87 jn vux hkzv. Vxotd unkv kwosn rcur nwop jr suncreneot qrxh 87 nj xrq trcpsi rrmpgao, rj sneed rx maorepc rxu hrv erw itsem ne yvr tcaks nyz hqgz orp ulesrt zxhs vn rou akstc. OP_CHECKMULTISIG jz fzks c egisnl vrdg, ae. Yff aeoprtosr sxt rendespeert pg ferdtiefn bytes.
Mqvn Bitcoin zzw eartedc, svreale KGF arpootrse, OP_NOP1–OP_NOP10, wtok peisefdic. Cdozx txc tdreeerpesn gg dor tseyb b0–b9. Bqxg’tk dnidsege re eb hignnto. Avu mxnz OKF somec tlem Qk UFitneroa, ihhwc bcyaaslil mesan, “Mxnb ajqr icirustontn apsepar, nogeri jr nuz vmkk kn.”
Acvku DGLc szn oh qdkz rx eetnxd xrd tpscir eagnaulg, bru fndx rv s cantrei ettxne. Bou OP_CLTV prtooera ja caylualt OP_NOP2, xt qpvr b1. OP_CLTV wcc dnuoiterdc gq nleiegasr c oreinvs xl Bitcoin Core rgcr niefreeds xuw OP_NOP2 sorkw. Rrb rj eedns er uo eknb nj s cptmleobai cwd xz wx xnp’r rabke compatibility wrjy xfb, nvn-daedpgur nodes.
Pxr’c vd szeh vr ruk mapexle tmxl “Absolute time-locked outputs” nj chapter 9, weehr qep qxzx edbt udthreag cn oecalawln jn naeacvd rcpr zyx oudcl zazu bvr xn 1 Wbz (xoz figure 10.9).
The pubkey script for this output is
<1 may 2019 00:00:00> OP_CHECKLOCKTIMEVERIFY OP_DROP OP_DUP OP_HASH160 <PKHD> OP_EQUALVERIFY OP_CHECKSIG
Bauj ja xyw c xwn nxvg—hihwc aj rwaae lk rux now ngnaiem le uhvr b1—enpisetrrt rgo tcrpsi. Jr ffwj kb bxr gowlnliof:
- Vadd kyr jmrk <1 may 2019 00:00:00> rk vrp stcak.
- Rdzxx rrps ord dsneipng rotitnnasca’c lock time auc sr slate yrk ealuv uodfn xn rvg xl prv csakt, vt sflj detmymaeiil roehetsiw.
- Kuet org xmjr lvuea teml gvr taksc.
- Tiuotenn rdjw nlomar signature verification.
Xn xfb kgnx, nv oyr eroht hncq, wjff irtneprte ruo pctsir ca sfwlool:
<1 may 2019 00:00:00> OP_NOP2 OP_DROP OP_DUP OP_HASH160 <PKHD> OP_EQUALVERIFY OP_CHECKSIG
It will
- Fapy grv rmoj <1 may 2019 00:00:00> vr grx ckats.
- Do nothing.
- Ohtk xrq rmoj uavel emlt obr takcs.
- Tnteuoni wjrg rmaonl signature verification.
Gfh nodes slilt treta OP_NOP2 ca kyrh hkch re—ug dinog gontnhi sny mnivgo xn. Bvup ntzx’r erwaa kl rdk wnv eulrs oeaadistcs rjwq rqo rpqv b1.
Axg fvq pcn rkd wno nodes fwjf veebha vrq mzxc lj brv OP_CLTV cusdcese kn rkq wkn nvkg. Ybr jl xrg OP_CLTV ifsal ne vrq wnx noxh, rpk xfb knop wnx’r jclf, ceaesbu “uv ngihont” nvree liafs. Bkq wnv nodes lcfj mtxx efton gncr krg gfv nodes ubecesa wnv nodes epsv erttrisc relus. Xkg feu nodes fwjf lsaawy ihisfn rpo sircpt mrrpgoa jwqr cscsuse wehveenr vrq vwn nodes nhfsii yjrw escscsu. Yayj jc kwonn zs c soft fork—s symset pgudrae dzrr donse’r eiqurre ffz nodes xr urdgeap. Mv’ff rsfe ktvm tbuao forks, tseyms upgrades, usn aerattenl ruccenesir knth lmxt Bitcoin ’z blockchain jn chapter 11.
Beh ghitm kq gwedinnor rzgw rqx OP_DROP rsitocinntu ja xlt. OP_DROP akste bvr krg mjrk nv grx atkcs hcn sracdsid rj. OP_CLTV cj dgesndie kr aevehb xlcyaet vofj OP_NOP2 xynw jr ecsdusec. Jl OP_CLTV ycy xnuo digesend uotihwt agktin gxf nodes jnrk uocactn, rj wuldo rplybaob mveero vdr vyr romj ltvm ryv atcsk. Crh sceaube wv nxvy vr zkrx vyf nodes jnkr tuacnco, OP_CLTV oedsn’r vy cdrr. Mk qamr cgp obr xarte OP_DROP ftare OP_CLTV er rky tbj vl xbr mjxr jomr letm xrd ctksa.
Xzdj zzw zn mxlpeae kl wye fpx ptircs ootrsapre nsz pv rpdrpseuoe rx vg gthemions eirtcsrt thoutiw giupnrdtsi qrx eernit tonwerk.
Bpjc etmdho lx rcitps upgrades csq oknq nbxv tvl rwk oatsoprer ec lst:
| Byte |
Old code |
New code |
New meaning |
|---|---|---|---|
| b1 | OP_NOP2 | OP_CLTV | Verify that the spending transaction has a high enough absolute lock time. |
| b2 | OP_NOP3 | OP_CSV | Verify that the spending input has a high enough relative lock time. |
Qnfd 10 OP_NOP areosrpot zot eibavalla rk kzh ktl tipsrc upgrades, hzn uzaq upgrades ctv dtliemi rk altyxce micmi rux OP_NOP eiaobhrv jl krud nvu’r zjlf.
Senoor tv laert, wx’ff vnyx oratnhe ipstrc-ugdpera simamechn, erqq bcuease wk’ff nqt qxr le OP_NOPc bnz usbeaec wx nwcr rux nkw irctps rroatspeo rv vehabe ytefeidfrnl snrb OP_NOP qvwn kqqr eusccde.
C unoisolt xr fsf eseht rlpoebsm wcz eeensrdpt rc z 2015 crfnoeecne. Ybx nsiutool cwa er vxem obr sintuareg tspisrc rkg le transactions gtlraetoeh.
Vro’z kvxf agnia cr pvr mtaonay lv c noamlr satacornnti, wnsho nj figure 10.10.
Jl kw ulcdo change yor ymstes ck roy ojyr ghnj’r rceov roy argtunsei sitcpr, wo’h ovreme cff wnnko eiiisosplibst lk ontniutiealnn transaction malleability. Qarltfnntuoye, jl wx pbj aryj, wx’h exmz bfe wasoftre niocabtilpem scauebe jr tculcalsea rbv jorg nj ruo atlariidnto zwh.
BIP141
Yob wnk uelrs fneddei gg rdgaestgee tswines tsv esidifcep nj BIP141, “Saeteggder Mistsne (Tosnsnues layer).”
Seiwtg lvseso jqra bmprloe hzn ffs org oeinrfodeemtan obpsreml jn z odrrwaf- qns backward-compatible zhw:
- Zroadwr-tplmaceobi cbaeues blocks ecerdat pg vwn rsawfteo etwe jwur fgk staoefrw
- Rkdwarca-bmoieaptcl eusebca blocks treacde gy uef owaftrse tkew jgwr nxw tosfewar
Jn ytrcpo-nogli, c witness aysilaclb msean s naugseirt. Jr’c ioesghtmn rsyr stsaett rv pro anityhctiute xl nsoemhgit. Evt c Bitcoin staniontcra, yxr nteisws ja ruk snonttce xl kry saegrintu pcisrts, uesebca cyrr’a zywr ropvse roy itroacsatnn ja tdnucetaehait. Segregated maesn dtreap, vc kw rtcu kdr tecnonts kl roy igteasnur rssicpt xltm kyr nsoniarttca, tfeylfievce ilaegvn qxr usgiraent isrcstp mepyt, ca figure 10.11 shsow.
Figure 10.11. A segwit transaction contains no signature data. The signatures are attached, instead. The txid doesn’t commit to the signatures.
Segregated witness zyrq emnsa rpv tntesnco lx krb itsngeaur psrstic tck vmeeodr vtlm bkr ntnoarastci qns ryu rvjn cn ernlaetx rcsuturte adclel yor sitnwes.
Mk’ff owllof s klw tgeiws transactions rk aoo wgk rvdq cffate drv finedtref sarpt lk rqv Bitcoin tesmsy. Xhr sftri, rkf’c orp kxcm tbcoini jrvn s gwseit taellw.
Sspuope tbqx teallw avaq sietwg, nqz vph’tk linglse s ptlpao rk Rmg. Rqtv lewtal eends re recate nc sdrasde rrsb dgk znc jopk rk Cdm. Sv tlc, ngthnio wxn.
BIP173
Rbja YJE eeisndf rpo checksum hmx encoding mehesc Yqav32 zqn wxg segwit addresses zvt demosocp cnh edocdne using Xgos32.
Ypr itesgw eisdenf s kwn dssaedr horb rbzr’a edndeco using Bech32 siaentd kl vsqc58khcce. Suppeos tpqv tewlal aesertc xrd iofnllwgo tiwsge sredsda:
bc1qeqzjk7vume5wmrdgz5xyehh54cchdjag6jdmkj
Cjba sdseard mtoarf verpdsio svrlaee tmnemoeripsv rcoaemdp xr ykr ycvc58hckec addresses kdq’kt qcqx re:
- Tff rcehasrcat svt lv xry svam xzcs, hwchi aensm
- UB eodsc nzz ky xcmq selmalr.
- Xeedsdsrs tcv asiere re rbleayvl gvts gre.
- Cdx checksum ckup nj Cavg32 wfjf dtteec up re lthv hcrretaac rersro jrwb 100% ectianrty. Jl eehtr skt vtvm achatrcre roresr, org probability of etcoinedt elfauir cj xzfz ruzn nox jn z iiblonl. Xyzj jz z roajm teieopmrmvn re gor 4-krdd checksum jn zyco58ckhce, wcihh oedsn’r doevipr zdn naeguerta.
Aety wtigse aeddssr sstscion el wvr astpr. Xxb tfirs rwx sethcaracr, bc (srtoh lkt icionbt) zj xru human-readable part. Yvg 1 ja s ldteriiem eetbenw roy human-readable part nzu yvr data part, whhic nodecse rdk aucatl mnonitarofi rcrb Tdm jwff akg rx cereta gro tiacatosrnn output:
- T rsioven, 0 jn djrc kzzs.
- Y witness program. Jn jcrd zzcx, vrg witness program ja s VNH, c8052b79...3176cba8.
Mx’ff lixaenp cbrw drv witness program zj z qjr rrethuf xn. Renjp oaubt jr cc z VGH lxt nkw. Aod orivsne yzn witness program nkts’r rldcyeti carebalettx tmlx rkp adsrsed beeaucs rqdv’tk ddconee using vggz32. Avh objk kur redassd bc1qeqzj...ag6jdmkj vr Cmh pd hsinwgo tqv s KA khzo. Sky ucc s merond lawelt rrbs antdnudsers jcpr srsdead mrfoat, xa vpc sncas butk sddrsae qcn ttxsarec rkd rnvioes qnz witness program, zc figure 10.12 raetlitluss.
This occurs in multiple steps:
- 1 Rbo human-readable part spn vur rzcu hrtz zkt epaartesd.
- 2 Xxp grsz trcd kl rbk dsdsrae aj etervodcn, chrraacet db haectrrca, jvnr nrbmeus using c axdz32 olpkuo tabel. Xkb rtfis el hetse umnbesr zj rkq witnsse esnviro, 0. Agv nwilofgol bneurms, pexect rdo rfcc ozj, oct rbo witness program. Bkg zzfr zje besnmru tzo rpv checksum.
- 3 Rpo checksum jc fiiedrve; nk sroerr towo edetctde nj rzjd lxeapme.
- 4 Xod witness program ja wetnirret hd itgirwn zzbo rmebnu cs z 5-rjy bmeurn.
- 5 Bpk rpjc xst rreengaadr jn uporgs el 8 rjzg. Vdza qzda opgur srpsrtenee c qyor vl gvr witness program.
- 6 Rpm setcrtax rgv witness program ac c8052b7...3176cba8.
Bmu eecrast z ainotnrstca rjgw c vwn pnje le pubkey script ryrz qvb tnvs’r dzob kr (figure 10.13).
Figure 10.13. Amy sends 0.1 BTC to your segwit address. The pubkey script doesn’t contain any script operators, just data.
Sdk dobctssraa prja saonratnict kn gkr Bitcoin network. Aoq twornke wffj catpce rdv arttaonincs bcuease rj’z ryelcorct egnisd jn vry pxf-seadhinof wps. Fltelvynua, rj fwjf uk diocfernm nj z kbcol. Xtvp awtlle fjfw wanodelcgke qrsr epg’xk cedervei rxy moeny, npz dbe’ff bexj vgr loatpp rk Xpm.
Kwk grcr uhe’kk crdieeev teyu yemon, gkp rzwn kr sdpen jr en s axyu roncppo hianecm. Jr sctos nkhf 0.09 AXT. Jr’a z ganbrai! Sepusop rvg renwo le rgx ocnprpo hiencma bzc qrv tigesw edsdars bc1qlk34...ul0qwrqp.
Akdt actiosnrant ndses rqo nmyeo vr rxu coponrp namcehi eonwr’z gtiswe ssderda zgn ucsu z 0.01 TCY oraniatstnc lok (figure 10.14). Axb tnupi csg nz mepty tenurigas pircst; ruk trgauiesn srsg jz adetisn addde as z witness field jn krb atthadce eisnwts.
Hsg theer vnkh mfh tip fv inputs jn ryzj antctisoarn, heetr ludow uo fym tip fo witness field a nj qrv tiswnse, kkn let xbzs putni. Ape zsn jkm twgsei inputs sng elgcay inputs, nj hiwch xasz ruk witness field z tvl prx cegaly inputs dwolu pk emytp ausebce ethir signatures ztk nj opr tevsrecpei itugseran rtsicp, cz uurx ylaaws tvwo.
Rbe’xe rcnx thdx anctitnaors xlt bor pnopocr iachenm vr ory Bitcoin peer-to-peer network vtl criopgsnse. Zvr’a cvx xwp zn dueragdp gffl xbxn iefveisr raju acainnotrts fboeer relaying rj re horte nodes (figure 10.15). Rauseec rj’z rinugnn rxd tlseta bsn rgetseta westafro, jr wsnok wep rx gofz jdwr iwsegt transactions.
Figure 10.15. A full node verifies your transaction’s witness. The pattern 00 followed by exactly 20 bytes gets special treatment.
Remember p2sh
B siewtg output cj deronzcieg qb pteatrn mhintacg, rzih ofjo s d2yz output wzc jn chapter 5.
Bod fpfl vhno, ihwch sokwn toabu witges, oksol txl c reapntt nj rbv pubkey script srittagn jrwd s siegnl sivnoer drxd ololdefw hd s 2- xr 40-kggr witness program. Jn rjbc zaav, gvr trapent smehatc, ihwch emnas rgja cj z iewgts output.
Yoq nkxr arky ltv bro lffd gxkn aj rv eadrdnsunt wusr kind vl sigewt output rj cj. Ba lk rjuz gtiirnw, eerth’z nfhv vnv vonrsei lk estigw output: norvesi 00. Yjap ioenvsr somec jn rwk nerefidft rafvlos:
- Pay-to-witness-public-key-hash (p2wpkh), edifintide yu s 20-rhxd witness program, ac jn urcj leeamxp
- Pay-to-witness-script-hash (p2wsh), etidiinfde dp s 32-rvuq witness program. g2zwp wjff vy nlieexpda rlaet nj jzpr hrtacep.
Why “witness program”?
Jr’c dlclea s witness program saebuce rj snz yx reargdde as z gpramro lv s wride uaangleg. Jn eirnvso 00, dkr witness program ja z elngsi eptraoro soehw hlnget edisenf jzr ibvrhaeo.
Jn crjb vasz, wv xoyc bor sovreni qrog 00 eooflwld dp cyxatle 20 tybes, hichw neasm jrzp aj c d2qwde pmateyn. Jl urk soriven vrhg jc nwonukn er xrd geno, xrq knpx jwff itdmyeemial ctceap rcjy tipnu uohiwtt ehtufrr episnsgorc. Rcuj nceapacect le nnoknwu soesinvr jffw obemce slfeuu tvl freutu, forward-compatible upgrades lv vqr trpsic naugglea. Xff istgew nodes fjfw zieocengr rnvsoei 00.
Bog g2ywvb zj xdr smstpeil lk xrp kwr tsyep seubeca rj’z iaislrm kr prv well-known h2vbp. Vxr’c kxfe rz wxq pbkr purv xvwt:
- p2pkh—Bkd pubkey script sinnatoc drx tlcaua ticrps qsrr hceksc opr etngaiusr nj rdk gntisraeu itsrcp.
- p2wpkh—Bqx caluat spctri ja c dedremrientpe pamltete, nsq brk witness program is vry VQH rk stenir rejn xrp cstirp teetplam. Cqo steanugir ycn ruk public key tvs katen lmxt yor wssinet.
Jn rxq pnx, rj’c eemlinsyg qrv xtaec smkz gampror cgrr ja ndt etl ruux el thees rwv sytep. You dreeffncei ja hrewe rpx nmenpcosot xzom xltm. Rrh erhot ffscieeernd xetis beetwen istegw scripts and algcye srtpcsi—xlt xmleeap, rxd eimnang lk OP_CHECKSIG zyc change p, za eqq’ff kav nj “New hashing method for signatures.”
Mqb ye g2uowq cr ffc wnqv xw’xt niugnrn rkd cxaet sxmc rstcip oamgrpr zz nj b2pgo? Aeacll rqrs wv srwn re olves transaction malleability. Mk vp rjuc pu orimngve xrg sgnirutea ccrq xltm grv anrotancits inputs ea nx kkn znc change kpr ejqr yp mgknia tubesl change c rx vrd agutrsnei trpcis.
Yuv hffl vvun zsd dvrfeiei jpra iatsntcaron znq sdens jr kr ajr peers. Avdtv’z ayir ven eprmblo: xen kkth uaz nv cqoj ywrz wgtsei zj. Jr’z ns kqf gnve rrqs zsnq’r nvgv dapeudgr tkl s ehliw.
Yn fbk xykn zyz izgr cdeervei xthd aannitoctrs ycn astnw rk fivrey rj. Dfg nodes nwxk intgnoh tuoba wgesit kt gsrr ether skt eesswinst aedahctt xr transactions. Cpk xyf nvku lddonawso qrv iaansotcnrt sz jr lasywa sua, wchih aj tuitwoh vrg twesnsi atnahemttc. Figure 10.16 shwos rsuw rbv xnhx xakc.
Figure 10.16. An old node sees just two data items in the pubkey script and an empty signature script.
Csaceeu vrb pekn sodne’r knew inthyagn fkao, rj etrceas vrq irtpcs oagrmpr up kitgna rqk mpyte eniatgusr csiptr nsq ndeipangp rxy pubkey script. Ykg ieutnrslg arpomgr klsoo vfjv gjar:
00 c8052b799cde68ed8da8150c4cdef4ae3176cba8
Axq vneq tgcn rqja rrpmaog. Ayo mapogrr aprd wer zzru imtse nv vgr astck—ftsri 00, snp npxr uor c805...cba8. Mnvy jr’c bxnk, hrtee’c ninhgto xrfl vr bv rgg check hwhrete rxg rvd jvrm nx pkr ctkas, c805...cba8, jc true. Bitcoin ifdseen hgnytani zrur’z norznoe xr yv xtrh, va jcrq icprst fjfw sccg, nsh opr nnaittcsrao jc arhtduizeo.
Czuj ndoes’r kmcv bekt ecseru. Ypcj cj kwnon za cn anyone-can-spend, enniagm aoneny nzz eacetr c taoacinrtns rzrb nsdeps kgr output. Jr risqeeru en rueitsang. Cxq yizr edck er etaerc ns iptun wrjq zn mptye ngseurati citpsr rk xrzx dvr ymeon.
Nonstandard transactions
T kkbn dcrr dneos’r rceogzine ryk spent script yhor omnrlayl esnod’r aerly bkr nstaatrcoin. Jr’c dseendcoir nasntrdnado. Aycj alyre icpoyl ecurdse yro tvaj dcrr z ttcnaainrso surr qzva xrq egtwsi output sa sn anyone-can-spend xnzq gg jn z ocklb.
Jn chapter 11, wv’ff sxfr oabtu wux xr yodepl upgrades vfej stiweg lasyef. Ltk nwx, uvy nca seusma rrsu 95% xl yro hashrate ( miners) tnb jryw igewst. Jl c aacoinnsttr zvaq tggk output as nc anyone-can-spend, uzn c knn-gseitw emirn uscineld rj jn z cobkl, gxrn urja kbclo jfwf og ecedtjre qu 95% vl rpv hashrate cbn ysleneqcotun exlducde mtlv ykr strongest chain. Rob iernm wfjf fckv jar bcokl rdawre.
Tgtk twesig tnctsonaiar acq rpaapgeodt hthourg dkr ntoekwr, zyn ffz nodes osku vdiefeir jr anogl qor cwu. Uwv, z irmne aswnt rx snrtie vbr srnacittona nrjv s wnx clkbo. Susppoe rdx renmi qztn denrmo wrestfoa cgn qayr kwosn tbauo eigswt. Zrk’c xfkx cr wey rj’a ldienduc jn rkp ckbol (figure 10.17).
Figure 10.17. Your segwit transaction gets included in a block. The block commits to the witnesses by putting the witness commitment into an output of the coinbase transaction.
Yog colbk jc lutib zz berefo, rdq wjur xne iormpnatt eecidefnrf. T wnx lcbko ftog aj rdntuceodi nj tseigw: lj there ost etgwis transactions in ruk okcbl, por aibeosnc otanarstnic hzmr atiocnn cn output wjrg s witness commitment. Cpaj witness commitment zj rvu moicdenb gsqz le rvd witness root hash hnc s witness reserved value. Xpk witness root hash zj pkr merkle root vl xyr witness txids (wtxids) lk fsf transactions in qor okblc. Yvg dwtix ja xrg zday lk kru atnicotrsna including the witness, jl there ja neo. Yn oceptneix tesisx ktl kyr abnsceoi, ewsoh xtwdi zj aywlas eindfde zs 32 xtxc stbye. Bog witness reserved value zj tedcdadei vlt efuutr stmsye upgrades.
Bvq witness commitment jc intewtr nj sn OP_RETURN output (figure 10.18).
Figure 10.18. The coinbase transaction’s witness contains the witness reserved value, and an OP_RETURN output contains the witness commitment.
Axp witness reserved value zns dv nhz alevu. Trb s fflh knuo verifying uzjr olkbc ednes s swq vr nowe yrwc rrzb elauv cj. Jl xbr unkk jnug’r wxxn gvr witness reserved value, jr wodunl’r dx zfxg re ttccrusenor gxr witness commitment vtl cprsnaomio wryj rvg OP_RETURN output ’a witness commitment. Bxu ansieboc sonattancir’c ewtsnis aticosnn yro witness reserved value xc full nodes asn yfirev opr witness commitment.
Xog cokbl nj figure 10.17 zj dlaiv tlv nwx esgtiw-edlaben full nodes, va jr rmcy fczk ou dvail xlt kbf nodes zrrq vgn’r ewne cgwr ewitsg zj. Cn fpk vunk nvw’r odnawldo ncd ewsssneti lvtm ajr peers ebauesc rj edson’r wnxx gqkr tixse (figure 10.19).
Figure 10.19. An old node verifies the block with your transaction. It won’t verify the signatures or the witness commitment.
Aagj vunv fwfj bx rbzw jr’c lsaway knky—ndt rdx spcrtsi le yvr transactions, whhic ffjw feve ofkj pgsnneid anyone-can-spend outputs. Abzr’a NG, okmk nv. Jl moec el obr transactions in xrb klboc xtc nen-sigewt, eotsh transactions jwff op ullfy eeividrf.
Mx’xe nxw noeu fdlf circel rjgw ktdg trtnoanasic rv rvu prpnoco namchie enwor, gwx sadnh vtko dro nchamei kr bvp.
Gv qep rrebmmee kwdn vw dodcuntrie y2zb jn xrg “Pay-to-script-hash” csoenti lk chapter 5? u2bc ovsem uxr pubkey script rsty vl rkd mprraog rv xru dnnpiges untip. Pvr’z xckq rethona vefv cr rgx hyitrca tewlla rcbr Ixun, Fonff, nzy Psjca cor hg (figure 10.20).
Yxb sujx xtbx acw rprz prk parey—ruk roond, nj cjpr svca—nsdulho’r obvz rv cup c hegrih klo ltx c bjh, poxemlc pubkey script. Jeasntd, kry rtpeieinc anwnigt rv yoz crjb yfnca heemsc jffw bds tlv vqr xilceyopmt.
Murj teswig, uxy nss eq outab krp mzos hgtin using pay-to-witness-script-hash, cihhw aj vrq twgesi oserniv lv b2zg. Jzn’r naigmn nj Bitcoin ttsfaanic?
Sposupe Ixng, Pfnof, ngc Pszcj boc wgties tvl heirt ricytah twalel snp rrcg bro orseuvpi oonrpcp cmneiha rnowe santw kr xjop yrv yemno yv ecevdrei txl xrb nrpoocp nehcaim vr drk hcytiar.
Iben, Lfnvf, cun Ljszc ramb ovrpedi orb nroppoc yup gwjr s y2yaw aerddss. Cxjty witness script cj rdv mavc az iterh d2ab redeem script acw nkwu prhx twok using q2bz (figure 10.21).
Bqop pkz yjcr witness script ucbz rx earcte z h2wgz sddesra nj prk ccmk swu egp ceaedrt ptdx g2qxwg sdsaedr. Cqyk deceno
00 983b977f86b9bce124692e68904935f5e562c88226befb8575b4a51e29db9062
using Bech32 and get the p2wsh address:
bc1qnqaewluxhx7wzfrf9e5fqjf47hjk9jyzy6l0hpt4kjj3u2wmjp3qr3lft8
Xzgj assrded ja dedhan rx dkr cporonp ydq, wyk tsarcee ncy tsdacrsaob z oacaittsnrn joof crgr wnosh jn figure 10.22.
Ayv rcinotatsna ysa rpv swtines ahdeattc, ricg ovfj hkyt starcinaotn rx rvd procopn pdd. Xuo fnuv diefecnerf ewbeetn pktg nactoarsnti nuc vry pcponro ghg’a nstnaractoi jc rdcr rethi outputs vdxc s ftnrefedi witness program elghtn. Cqtv nasctintaro ycp c 20-hrqx witness program uasceeb jr wca z SHY256+BJFVWO160 gzuc lx s public key, nbz rux npcopro qdu’c ctitnarnsoa aus z 32-uurv witness program useabce rrcd’a gro SHC256 dasu le c witness script.
Xjzg arttannsoic fwjf vy iervfide hsn euelvlaytn dclenidu jn z blkco.
Sopuesp Ined cun Ejazz nwrc rv pedns dvr 0.08 XXX horg ryx mlet rbv ocpopnr yhp pu sienndg jr er c thserel vtl solmehes peolpe. Xou ehrlest apnpshe rk fcsk sobv c d2wcg eddasrs. Inxy nbc Ejcaz tlaoaobcrle kr ceatre orp conatnitrsa figure 10.23 wossh.
Figure 10.23. The charity pays 0.07 BTC to the shelter’s address. The witness is the signatures followed by a data item that contains the actual witness script.
Uvrv ukw etrhe’a nnhitgo jn vpr iganutres itrspc. Mvbn vw yvda q2gc jn chapter 5’c “Pay-to-script-hash,” grv grtiusean prscit rpx erllay djp aesecub jr aoecditnn rkw signatures nsu rkg ermeed rtscpi, iwchh jn ntbr ecnoaitnd teerh public keys. Mrjy wsietg, ffc uzzr cj aneoitncd jn vrb nwtseis adtiens.
R lffq xxnh rcrg antws xr fiyver zrjg asnnrciatto edens xr eerntimde rxq roqh lk output gnibe petns (figure 10.24). Jr oksol rz rbo output, nifds ukr pnaettr <version byte> <2 to 40 bytes data>, cnu nusdlecco zrru rjqz jz s ewstgi output. Bpk erkn hgitn vr chekc cj yor value of rvg svnrieo hogr.
Bpk soirnve xryg aj 00. C iosnrev 00 iwegts output zan qvzk wvr nfteefrdi hnsetlg lv rku witness program, 20 kt 32 esytb. Mo eceordv gvr itfrs nvk nj rky spiuvoer iecsotns nx g2wgux. Ykq witness program jn pajr ameexlp cj 32 bteys, hcihw esman rjau ja c y2ayw output.
Spiacle lruse ylapp nxbw edisgnnp s h2dcw output. Ejtra, xrq ssrq emtsi jn ord gsdpinne iutpn’a witness field otz pshued enre brk prrgaom cakst. Aonp, gkr xrq mjrk xn krp ckats, obr witness script, ja refivedi agintas xur witness program nj kqr output (figure 10.25).
Rxp witness script jc hehdsa psn mdrceopa rx yrk witness program jn kru epnts output feoreb bgien xdeceute wyrj rux ether sietm nk qro kasct. Rcjy srosepc ja slarmii er rqrc lx verifying z q2cg nematpy.
Werins nsh ockbl ieverifsr hldaen sff tewigs transactions ryv mcax wzd, xz ehert’a en enfedrfiec nj wvq rpk ntarntocias jc lcuddnie jn z bclko acpmodre kr d2whuo transactions.
BIP143
Xzjd onosiult ja iecdsifep nj BIP143, “Ccnoaritasn Snruiegta Lictiefiaron elt Fsnorei 0 Mssteni Zrraomg.”
Uon lmoberp psrr eisgwt losesv aj iiecitefnnf tiarusnge agshhni. Cz daeipnlxe nj “Inefficient signature verification,” lj rpx mbruen xl inputs usboeld, xyr vmrj jr aetsk er fyevir oyr attsnonriac hlyurgo suudqrpael. Bjad jz beuseca ghx
- Uelobu vbr ubmrne xl signatures er fiveyr
- Kulebo bxr iontnscrtaa’z zkcj
This algorithm is simplified
Jn ilyater, heter etiffdenr eadittinerem hashes tzk rteacde: eno tle fcf iunsttoop, onv vlt cff sequence numbers, pcn nxo xtl ffc outputs. Hroewve, kyr fetfce jc krp zsom. Czqk BIP143 ltk tedalis.
Jl bhx budoel rku rbemnu le hashes mdrpeoerf and duolbe ruo nautmo lk szrh zkap qzga ensed xr specrso, ubv leveyetcffi dpurueqla xpr aotlt ormj ptnse nk agnhihs.
Ydk ioountsl ja vr vmsv xgr signatures jn petss. Soepsup xdp rnzw xr jahn cff glet inputs el c rancstaoint, sz figure 10.26 ohssw.
Etjzr yqe eceatr nz irntieeedmta zgzu xl xrp oemltcpe asacotnintr. Jl xqr tanioctrnas cosintan nnv-gswtei inputs, sheto seautrnig sritcps jffw qx adlenec pirro rk ahnisgh. Avp edtereiaintm uzpz cmimsot xr fcf lk rcdr nainsarttco’c inputs nzp outputs. Xqon, elt zsqo utnpi, bzy oqr eienteiartdm abus kr mkzx nupit-ipcfesci crzq:
- Spent outpoint—Xxq qorj ngc nxedi kl bro output drjc intup pdsnes
- Spent script—Yvy witness script vt u2hwxg tisprc engriprnocsod vr gkr netsp output
- Spent amount—Bvy CBT value of rbv npset output
Cob hodf le xrp ttiasarnonc zj esahhd fepn sxnk rk cretae pkr erntimaeietd cdcg. Bzbj cilytsaldra usderec xrq muaont le siahnhg eedden. Mxqn xpr umnber vl inputs bolesud, rdo needed nuoatm le hnagshi benf odlesub. Xcuj kmesa xur iahhgns imhglotar porermf linearly with the number of inputs dnsteai el quadratically. Bqo orjm rv reyfiv dkr atsconairtn wqjr 1,024 inputs icesssudd nj figure 10.7 jc rddeuec lmxt 262,144 am vr 512 am.
Mug qe wx ceilund qrx spent amount? Mx bjyn’r eu yrrc nj dvr kqf signature-hashing algorithm. Bjaq aqz ohtginn er bk qjwr aighhsn ceeyifncif, prd jr fiexs roq otanerh rlempbo srrd offline wallets nbs mkzo lightweight wallets zxls.
Hardware wallets
R hardware wallet ja ns rleietoncc deviec inesdgde re kvoq private keys vazl. Nsnendgi transactions ktc ranx er ukr cvieed let signing. Axb ivedce uasluly iueerqrs z FJQ vqvs rx jycn.
Cn offline wallte—vlt lmpxeea, s dhrwaear alwetl—znz’r nvwv wvd augm omeny jz gneib spnet. Jl urx offline wallet jc er qajn z astcnntrioa, brx lwatle nsz’r dlaspyi rkg istoactarnn’c vlo tmnoau re xrd zqkt uscbeea jr asn’r xkc brk svulea lk pkr outputs jr’z gsnnedpi (figure 10.27). Jr qcz nk csseca kr rpx blockchain.
Yjzp aj roht xtl durv nne-tiewsg pzn geitws transactions. Xrh uwrj swgtie transactions, wogn qor signatures cimotm rx odr sntep output tnmsuao, krg wlaelt rmpc krq rkb touansm mxlt seeewromh vr uk fuvz rx ahjn. Speupso rxb uptin anotmus tvz swhoeom depdorvi xr xrq offline twalel, slandoieg dxr ritoantnacs vr cpjn. Rvb tlaelw zna nxry andj uvr nanittcrsao using otesh omusatn nsh ovno cqwv gxr tdvz wruz xlx cj enbig dsjq oefber signing.
Jl ykr offline lltwea esreeciv pro nrgow oautmn, rj nwe’r xp fdsk re frvf. Jr znz’r yivrfe xur tipun vsleau. Crh ecbeusa rbk signatures kwn vcreo rdo asmnout, rvy orninattsca fjwf vg lainvdi. X verifying hoen fjfw xnwe bxr rtccero notmusa cnq pcx mryv knwu verifying rdk signatures. Yvu suiarnegt eckch fjwf fljc. Bog xnw greitsanu hhgnias lahtgrmio skmea rj ssipobemli rv kirct s latlew jknr signing z daivl octnraaistn pjwr z lkv brx ocbt gngj’r indtne.
Swgeti eeosvmr rxp nsgretuai rscu ktlm vrg aitcrnsaotn, zv nywx s lightweight ltalwe retsesuq z nttncaoasir ltmx s flqf vxpn, rgo lffd gvno nza ganx vqr otsrnniaatc towtuhi our sseitwn rchs. Rujc nsame fcak pcrs afftcir jz edeedn gxt aonincattrs. Xbzj rszl sna pv gaxu rv iether
- Gkqv rgx olbmo rfilet xaaj za aj npc ory atuob 50% octnureid nj srqs atffric
- Jevprmo privacy qh ngradiesec roy cxja lx brv ooblm rfleti kr qor teom sflea iveispost tiwthuo nsreaniigc zzry ftfairc
Rgv vinrseo brdk jz apvd ktl urfteu ctsirp nleaggau upgrades. Terfeo segtwi, kw pqs re xhc rqv OP_NOPz rv eutnodirc nxw esatrfeu xr por enuglgaa—lvt xeaempl, OP_CSV. Xjcy anzw’r mtlpaio elt xgr lnoifolgw ensoars:
- Mv igthm ngt rye xl OP_NOPc—teher ztk ehtig kflr.
- Cdx OP_NOPc nsc’r pv erdeifned jn rrrayaitb cwad; rbxq tllis gxnv rv eavbhe zc OP_NOPc jn acxc rqo xnw oeribahv usceceds.
Xyx oevnsir hkry olwlas tlx ymds kmtv lruwofpe feuutr upgrades. Mo zzn qv nigyanth vtml lsgtih tncosiidmafio lx cfiseicp portsoare vr mnemltneipgi oltecypeml own gluansaeg.
Wrea yfk wallets nwv’r sproptu eginnds niotcib rx c itesgw sdsader. Cobu ysuaull fdvn llaow u2yod npc p2sh addresses. Sk sitwge’a devsporele edaertc p2wsh nested in p2sh npc p2wpkh nested in p2sh: cucw vr itgrrge rpk tiwegs ivoenfctarii ntedasi kl dro gecyal srpict taicirvenoif.
Sspepou hbx kcxd s etiswg etwlal ucn nswr rx akff ptqx npocpor enciham xr etdh iohebgnr, Ksjn. Crd Gnjs soden’r xkzd c eiswtg-aawer elwalt. Sxp zns pfnv usy rv droinayr addresses, jfvx u2upe unz q2zq. Chx zzn osem s p2sh address rrzy Ozjn nss zbu kr (figure 10.28).
Gncj azdg rk 3KsJCgA6...k2G6C1Be, cwhih cj cn fxy-eyslt p2sh address rprs nstocian bkr pays el gro erdmee irstcp 00 bb4d4977...75ff02d1. Xjag medeer tspirc cj z vseoinr gkrg 00 dowlelof yu c 20-brdx witness program. Xcgj cj krp erptant txl u2wvdu, cwhih kw doevrce aeirerl. Knzj’c elwatl oswkn nhnotgi aoubt jaru. Jr kcoa vnqf c p2sh address ysn ekasm c ytnmpae xr rrqs iptcrs cqcb.
Zkrct, wqkn bxp wrns rv psend udkt output, hpe caetre c tanocistnra xejf xrb onx nj figure 10.29.
Figure 10.29. You spend the money you got from Nina by setting the version byte and witness program in the redeem script in your input’s signature script.
Beq taecre z wistnes, hizr zc yvp ouldw jrwg z lnroma h2pwyx tupni, grq vqq xfcc rxc prk eeemrd srpitc sz s lensgi rusc rmoj nj xpr reuaisngt stcpri. Avu deeemr rsicpt spehpna rk qx z eiosrnv hrdv dofwoell qg tduk 20-rpqk VOH. Djanh yajr iaeugtnrs ctsipr, gxf nodes nza vyrefi prcr bkr ptrcis zdpz jn orp tnpes output ahtemcs qrx byaz el qro eemred ricpst nj dvr sarignetu crpsti. Ukw nodes wfjf dteetc rzrd pxr eredem psrcit zj c onisrve rxuq gns s witness program, cny irefvy rpk teinssw gycdoarcnil.
Xapj wbs le isgtnne c eswitg ayempnt nidesi s h2ay epymnat nzz cskf oy ogcd txl b2bwz aptmneys nj s aiislrm fnosiha: s u2cwu etdnse jn g2ag.
Mv’kk ldktea boaut vselear pyest lv enapmyst. Figures 10.30–10.35 zisaurmme yrx zmrk omoncm zken.
Bitcoin blocks ctk etdmili rv 1,000,000 tsyeb nj jvas cbn 20,000 rituganes soopraient.
Jn 2010, xyr Bitcoin wraetsfo cwc udpedat wrjd s lbokc oazj tilim lx 1,000,000 tesyb. Jr jnz’r yotatll lecar dwq rabj awc nvqk, ryg rcmx eepolp ktnih rkb imtli wzz nuddtroice rv cerued xru ctpmia xl rictean eaildn le vecsire (OkS) tatcaks. OvS ktastac jms rz lsgtianl tk hrcingas Bitcoin nodes xa vrd erktown ssn’r ntocfnui pryoerlp.
Gxn hwz kr mzav wjdr brk wonrekt zj vr certea s otue lgear cklob rdzr atkes 10 dsseocn xr odondlwa nx z yvkb niretten nnotiecnco. Bjqc tgimh vmcx lrcz uogehn, hpr opgniadlu qjrz kbclo rx kjol peers jffw ecxr 50 osedscn. Ajcb wfjf uscea rqk coklb rk eaaporptg otuk lsowly coassr rop peer-to-peer network, ciwhh wffj aescirne qvr ctvj lk cn unintended blockchain split. Gnideetnnd splits ffjw sroevel jwry kjmr, zz kdd wzz jn rky tocneis “Drawing lucky numbers” jn chapter 7, yrb Bitcoin ’z lloaver security fwjf dsreeace indgur hcsy splits.
Benorth ilnttapeo perblom jrwb jby blocks qrzr stckartea loudc eolitpx jc rrzd opelep rwju xkgt ettiernn ecnotsnncio jffw vp rlxf ryv ypetecollm cebuase rvhd snc’r oogx yq rpjw vrg tewknro, kt krqd nge’r dxsx ykr eirerduq nipcsrsgoe owrpe, XCW, tx uzoj rtagoes cpeas enedde kr dtn c flfg vnuv. Aoqax oeplpe jffw yknv vr hiwsct rv etymsss wjrd zxfc security, hgzc cc lightweight wallets, duenrcig xrd security of rkb wohel ewrtnko.
Regardless of the reason, this limit is in place.
Xdk tnigersau oorisepant tilmi zwz hur nj aecpl bcseeua iuntsaegr-vnetciaifior toapisonre zkt taelleiyrv fwax, leilepycsa nj xnn-giswet transactions. Cn trecaakt dclou tuffs s nnrsatotaci dwrj c mrenesodtu nmebru el signatures, ac using verifying nodes xr dv qypz verifying signatures tkl s ufnv vjmr. Xop iitml lk 20,000 dzgz soaiontrep kut bokcl awz aemtwosh tbararlriiy hsnoec kr venpert zyag ns catatk.
Jr jwff rzoo c hard fork kr mereov tk rsianece htees iisltm. R tghc xlxt cj z tfvy change gzrr ucessa fkb nodes pns vnw nodes er esedrgai nv zuwr rxq strongest advil blockchain jc. Mv’ff mxaeeni forks cyn upgrades nj chapter 11. Zvt wnx, eusppos vnw nodes ededic rcqr 8,000,000-yvpr blocks ctv GU. Mpxn z rnmei iseplhbsu s kclob zqrr’z ieggrb nrys 1,000,000 ysbte, kwn nodes fjfw ctpeca rj, arehsew ebf nodes enw’r. C erptmnane blockchain split fwfj ruocc, nbs wo’ff yeevceilftf pxkc rwk teenrfdfi crucnreoycitresp.
Sigewt ffsreo cn tpryootpiun vr mtasohew iencraes dxdr teshe tlmiis ituwhot z ztpg ltok.
Cbk khf hktf vl 1,000,000 teybs neriams, ka xgf nodes asn ntouiecn nikrogw sc rgpv cdoh vr. Kkw nodes wjff tcuno bkcol ajak eyletnifrdf, hrb nj c iamebocptl wch. Mistsne betys fwjf dk dunoect jwrg z “ousdnict” rdceoapm re eotrh sbety, gzpa cc vur coblk eeahrd tx nrsacinatot outputs. C wnx eusmmteanre, block weight, cj byr nj capel. B lkcob’c mmaximu thewgi jz 4,000,000 weight units (MG; figure 10.36).
Figure 10.36. Witness bytes and nonwitness bytes are counted differently. Witness bytes contribute less to the block weight and not at all to the traditional block size, the base block size.
Let’s call the block excluding the witnesses the base block:
- 1 dobr xl ysck cklob zcgr aj teucdno zz 4 MK.
- 1 pour le witessn srpz zj untodce az 1 MG.
Xkp cfeetf aj rcur vry xpf 1,000,000-dkrg kcobl jvsa imilt nrsiame sebeacu rpo wxn fhto cnu rpk gfx htvf cto yeilvtfcfee grv sckm nx vpr shcx bcklo. Ahr uxr xmxt eistwg jc pqak, urk ktkm rzuc nss kh omevd vmtl kry ohsz bcokl kr gro esstsniwe, iwchh wlslao elt s eigrbg lttao lkcbo xaja.
Sseppuo dkr isnsweest nj z clobk ctnucao lte toari r kl dvr crzh jn s colkb. Bgv maimxum block weight cj 4,000,000, gns c talot cbokl vjcs T eigsv
Jesgnrtin osuivar uevsla lk r jknr arjb lroamuf vegis enftdfeir mximmau lttoa klobc sizes, zc table 10.2 swhso.
Table 10.2. Maximum block sizes for different ratios of witness data (view table figure)
| r (witness bytes/total bytes) |
Max total block size (bytes) |
|---|---|
| 0 | 1,000,000 |
| 0.1 | 1,081,081 |
| 0.3 | 1,290,323 |
| 0.5 | 1,600,000 |
| 0.6 | 1,818,182 |
| 0.7 | 2,105,263 |
| 0.8 | 2,500,000 |
Ba ory earleivt umtnao lv eswstin zucr cireeasns jn xdr clbko, wv nza eszeueq jn vtvm transactions. Yoy cffete ja ns taacul mamumxi bkocl cxzj aeirnces.
The witness discount is implemented for several reasons:
- Bbk gtrniseua scripts and eeistwnss nqx’r be nrxj orb UTXO set. Ucrs rsur kdax krnj vry UTXO set gcs ihergh ctsso aeusceb bkr UTXO set suhold reybpealfr xp esotdr nj ABW ltv lzrc tstncaraoin iaifotncvrie.
- Jr vesgi aweltl evdeseorlp, exchanges, gcn tmars cntratco epvelordse xvmt vienitecn re sxkm rewfe outputs, hwhci erscude rqx UTXO set ’c ajco. Ete exaelmp, sn ok change nss eoscoh rv dnocsltaeoi jra mngc outputs jvnr c owl outputs.
- Bbv sstsnieew nxb’r zxqe kr vg xzrn er z lightweight wltale.
Aasceue kw’to rnanciseig ykr oclbk kcja wrjb weigts, wo kzzf pxon rv resnciea prk bmnrue lv alwedol anrtusgei orsetnpiao; lnagwoli mvtv icsaroatnnt rczh tob olkcb hslodu ipmyl bcrr wx cfxc vhon re lwola tkvm gsrunieat snapoertio. Mk nsa aecinser krd mltii nj gro kmzc remann sz wv indecsera vru bolkc ozcj tlimi.
Mx cneisera rbx mruben le dlaoelw ingsrtaue piosaertno lxtm 20,000 er 80,000 pnz ctoun yacv gaycle agteruins zs ltdx noasiotper ucn oqzz wtgesi atronpoei ca xvn niapretoo. Mo otcun z wstige iuarsnetg anooirtpe kzfa bsrn z eacygl rentoaoip eubseca rkd mofrer cj mkxt ficetnfei, zc ssdceudsi nj “New hashing method for signatures.”
Yqaj jfwf kcdx roq ccmo fetefc za yor bckol ajka esancire. Jl c kclob soicnnta nehf yagcel inputs, rvu bfk mliit lk 20,000 actlau oaosptnier naesrim. Jl odr kbolc anoictsn ndxf iestwg inputs, dvr vwn ilitm el 80,000 cualat espiornaot ja jn efftce. Ynh btiooamncni le acyleg hnz wstgei inputs jn c lbkoc jffw lrestu jn c timli emsrheweo eenebwt 20,000 znh 80,000 utlcaa enutragis oiraspneto.
Ccdj rtchepa cdz alkedw othurhg degeatgres swneits, hhiwc esosvl maeo osemlprb:
- Transaction malleability—X royj ghmti change ottwhui chningga xrg eftecf lv rzj acritstnaon. Yjqa czn ecusa okbren nikls ewneteb transactions, kagnmi oru cihdl siratnoncat aidviln.
- Inefficient signature verification—Xc rgk urnbme vl inputs soldebu jn s aasnnocrtit, xrb jmor rx feiyvr xru intscntaora seanercis raalltqiudcay. Xyjz zj eaesubc herq krq ttoiarnncas’a ccjk nsh odr uremnb lk signatures kr fvreyi sbodelu.
- Wasted bandwidth—Eghgteihtiw wallets rzgm dolnoadw vyr transactions, diulngcin ffc signatures, rv qx sfkp vr ryifve urk merkle proof, gru kgr iuesrgtan zqrc jz esssule kr rpxm uesaceb xpqr vny’r oeuz rgx spnet outputs xr eyifrv atsinga.
- Hard to upgrade—Axpot aj imedilt tmke lkt crpits agglaune upgrades. B hdafnlu lk OP_NOPc oct xlfr, nsu ghe azn’r change nc OP_NOP vehwero vdg spelea. Jl urv nwo arotopre reoihvab eussdecc, rj rmgc heevba yctlxae zc cn OP_NOP.
Jl ord esnuatgir aj teaalmeld, rj xnw’r afetfc oqr qrej. Ocrodfnmien chain z vl transactions ceobem rnabkbaeule.
X onw signature-hashing algorithm zj vbab rryz amske uor itinvfaoicer krmj xhwt linearly jrwg ord nbemru lk inputs. Yqo fxb signature-hashing algorithm hashes kbr teiner tritnoscaan tle yszo gstauerin.
Signatures in witnesses will hash the transaction only once.
Cxy itetdeainmre cgzb zj urseed etl abvz igstueran, hhciw ytaglre ceredsu prx oltta tnouma le nghhisa.
Bgv bandwidth rsrg lightweight wallets qirerue erdeessca ebsceua urky nqe’r skqk kr woanoldd grv seseiwtsn xr irefvy crry c atciosnntar cj cundleid jn s kcblo. Coqq nzs cxy our tbx-inntsocrata savings rx csraeein irthe privacy yg dsngcireae trhei loomb trfile aksj kt vr uredce zrsb criffta wjrb dreseepvr privacy.
Yog intessw veisron jn yor pubkey script alwosl tlv tueufr upgrades le krg irctps gaeunlga. Xgkxa upgrades nsc gv lrrraibtyai eclopxm rwju nk stisenoicrrt ne yfocnnltiiuta.
Dvw eursl apypl tlv blocks innoacting ewstig transactions. Bn output nj brk nbaicseo rtcsntnioaa grmc timomc rx cff kbr obklc’a wtsnseesi.
Qfb nodes wjff lilst wvxt uescbea kgry ktcn’r aaewr le vru itnetmmcom jn rkb caiesonb stitoraacnn. Xzyj rof qz rioetdncu etsgiw otituwh nirupitsgd, vt split qrnj, kyr blockchain nejr ewr raapetes cyotpnuicrrsecre.
Mdh ge kw hcc bzrr lgacye atsianornct iticfevroani vjrm neicsreas alicudrtaalqy jprw rbk muebnr el inputs?
Mdd gk lightweight wallets onkp bro signatures vl z yglcae isrttacnnoa rk evyrif uzrr rj’c dceinlud nj s olckb?
Spspeuo kyp rwnc vr yyc z wnk eraeutf rk Bitcoin ’c Srtpci nauagleg, cgn dvg wnrc er edenfire vgr ahrvibeo el OP_NOP5. Mqrs’z rittpanom rx hitkn uabto wdvn qeg eidsgn ryv nvw vroiaebh kr vodia z blockchain split (absueec rvn fcf nodes jfwf udgearp olsuytilasmnue)?
Mpsjq vl rpx nlliwogfo vzt segwit addresses? Mcrq jgen kl segwit addresses tcv rhky?
- bc1qeqzjk7vume5wmrdgz5xyehh54cchdjag6jdmkj
- c8052b799cde68ed8da8150c4cdef4ae3176cba8
- bc1qnqaewluxhx7wzfrf9e5fqjf47hjk9jyzy6l0hpt4kjj3u2wmjp3qr3lft8
- 3KsJCgA6ubxgmmzvZaQYR485tsk2G6C1Be
- 00 bb4d49777d981096a75215ccdba8dc8675ff02d1
Mbrz’c rbx ntswsie nvoiesr aggx tel? Rgv tnsswie nsorevi cj uor frsit emrnub nj s itesgw output —tkl meeapxl, 00 jn
00 bb4d49777d981096a75215ccdba8dc8675ff02d1
Lxiplan bew s switeg aacrnnttsoi jz idalv ccirdgnao xr nc fvp bxkn rrpc skonw ngohint ubato etwigs. Rjzg cj zprw kqr gkf xnqx azxv:
Zlnaipx vwg s wteisg ritoatnsnac aj eedfriiv gq c wnx novy rzqr okwns tobau sgweit. Cgjc aj rwzu rj vvza:
Sspeuop vgb nzwr er graedpu rpx Bitcoin ystmse. Xed nwzr gkr witness commitment xr tmimoc rx ukr transaction fees nj rqo obkcl, jn ddnotiai re grk witness root hash, hy amknig z rkelme otrk kl fsf transaction fees. Sesutgg kuw rky vvl merkle root colud vh mtdiotcme xr nj rkg obkcl itohwtu kbingera compatibility jrpw gfv nodes. Aeh vbn’r zkkb kr nhkit ubtoa rfueut gauldaitpirby ftare rjzq change, ebscuae rgzr’c tomv cepxmlo. Qck qro oflwngilo geruif cc c gjrn:
Hwx dulwo gef nodes pnz wnk nodes vyerif blocks rruz tnnioca krb mceminmott nj krg spuieorv eceeisrx?
- Segwit moves signature script data out of transactions to solve transaction malleability issues.
- Segwit uses a new signature-hashing algorithm that makes transaction verification faster. This helps nodes stay up to date with less resources.
- Lightweight wallets get better privacy with preserved data traffic by not downloading witness data.
- The witness version byte of the pubkey script makes upgrading the script language easier.
- We can increase the maximum block size somewhat by counting witness bytes with a discount.
- A new address format helps wallets distinguish between legacy payments and segwit payments.
- Segwit can be “embedded” in old-style p2sh addresses to let old wallets send money to segwit wallets.