How Bitcoin transactions work

Transactions in Bitcoin are made up of inputs and outputs. Inputs are bitcoins that have been assigned to a wallet. An example would be getting paid for your work. Outputs are bitcoins being transferred to another wallet and an example would be paying for coffee.

Forming a transaction by combining inputs and outputs

It is important to understand that inputs are no different than the various denominations of your local currency in your physical wallet. You may hold a $1 coin, a $2 coin, and maybe a $5 bill in your wallet which brings the total amount you hold to $8. These three separate values can be considered as the inputs of your wallet.

Now let’s say you’d like to make a purchase of 2.5 BTC. Your wallet holds a total of 3 BTC in the form of 1 BTC and 2 BTC. Since you don’t have an exact amount of 2.5 BTC required for the purchase, your wallet will put forward a total of 3 BTC in the form of a 1 BTC input and a 2 BTC input.

Much like a real world transaction where if you provide more than the required amount for a purchase and you receive the difference back as change, a Bitcoin wallet will generate similar output transactions. That is, the outputs will be 2.5 BTC for the purchase being made, and 0.5 BTC that will be generated as change.

Requirements to spend

Before you can spend bitcoins, you are required to prove your ownership of those funds. This is done by the use of locking and unlocking scripts. Every input in your wallet was an output from another wallet. Before the other wallet transferred those funds to you, it placed a requirement using the hash of your public key (also known as your bitcoin address), that is, only the public key that can produce the aforementioned hash can have access to the funds. In other words, since the hash can only be produced by you, the funds are locked to you.

Locking and unlocking scripts

There are two types of scripts involved in this process. The locking script and the unlocking script. The locking script is provided by the wallet whose outputs are the inputs to your wallet. The steps run by the locking script are:
OP_DUP OP_HASH160 <PublicKeyHash> OP_EQUALVERIFY OP_CHECKSIG

There are two types of steps in the script. Each step is either an operation or something that puts data in for the next operation to act on. To elaborate, here is what the steps of the locking script do:

• OP_DUP: An operation that creates a duplicate of a value.
• OP_HASH160: An operation that creates a hash of a value.
• <PublicKeyHash>: Data that represents the hash of your public key.
• OP_EQUALVERIFY: An operation that aborts the script if it fails.
• OP_CHECKSIG: An operation that attempts to verify a digital signature and generates either true or false.

The requirement placed by the wallet that sent you bitcoins was actually for you to complete the locking script in a way that the end result of the script is the value “true”. In other words, what data would have to be given to the locking script so the end result is the value “true”? This is where the unlocking script comes in.

Unlocking script + OP_DUP OP_HASH160 <PublicKeyHash> OP_EQUALVERIFY OP_CHECKSIG

The unlocking script is provided by your wallet which is trying to unlock the inputs for use. This script provides the data that, when put together with the locking script, will result in the value “true”. The steps run by the unlocking script are:
<signature> <PublicKey>

• <signature>: Data that represents the digital signature generated using your private key.
• <PublicKey>: Data that represents your public key.

Generating the digital signature

When put together, the complete script is:
<signature> <PublicKey> OP_DUP OP_HASH160 <PublicKeyHash> OP_EQUALVERIFY OP_CHECKSIG

The script runs as a stack based execution, meaning, results of each step are added to the top of a stack and any operations run by the scripts use the data from the top of the stack as parameters. Processing starts with two pieces of data: the digital signature (created using your private key) and your public key. These two values are added to the stack. The digital signature is created by hashing the contents of the transaction twice and then encrypting the resulting hash using your private key.

Stack based script execution

The first operation executed by this script is OP_DUP. This creates a duplicate of the value at the top of the stack, that is, the public key. The next operation is OP_HASH160 which takes the top value, which is the public key, and hashes it. Next, the public key hash included in the locking script is added to the stack. Then, OP_EQUALVERIFY is executed which compares the two public key hashes. If the two hashes are not equal, then execution of the script fails and access to the inputs is denied. Comparison of the hashes can fail in the case where anyone other than the intended recipient of the funds tries to access them. If the hash comparison passes, then we are left with only two values: the public key and the signature. Finally, the last operation to run is OP_CHECKSIG. This operation will attempt to verify the digital signature using the public key provided.

Verifying the digital signature

Digital signature verification

Since the digital signature was created by your private key, it can only be decrypted using your public key. This public key was provided through your unlocking script. Decryption will result in a hash. If this hash matches the hash of the hash of the transaction (yes, hashed twice as mentioned earlier), then the result of the locking script is true and you are granted access to the inputs to be spent.