You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: bip-0141.mediawiki
+22-4Lines changed: 22 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -128,8 +128,8 @@ The following example is a version 0 pay-to-witness-public-key-hash (P2WPKH) wit
128
128
129
129
witness: <signature> <pubkey>
130
130
scriptSig: (empty)
131
-
scriptPubKey: 0 <20-byte-hash>
132
-
(0x0014{20-byte-hash})
131
+
scriptPubKey: 0 <20-byte-key-hash>
132
+
(0x0014{20-byte-key-hash})
133
133
134
134
The '0' in scriptPubKey indicates the following push is a version 0 witness program. The length of the witness program indicates that it is a P2WPKH type. The witness must consist of exactly 2 items. The HASH160 of the pubkey in witness must match the witness program.
135
135
@@ -139,6 +139,24 @@ The signature is verified as
139
139
140
140
Comparing with a traditional P2PKH output, the P2WPKH equivalent occupies 3 less bytes in the scriptPubKey, and moves the signature and public key from scriptSig to witness.
141
141
142
+
=== P2WPKH nested in BIP16 P2SH ===
143
+
144
+
The following example is the same P2WPKH witness program, but nested in a BIP16 P2SH output.
145
+
146
+
witness: <signature> <pubkey>
147
+
scriptSig: <0 <20-byte-key-hash>>
148
+
(0x160014{20-byte-key-hash})
149
+
scriptPubKey: HASH160 <20-byte-script-hash> EQUAL
150
+
(0xA914{20-byte-script-hash}87)
151
+
152
+
The only item in scriptSig is hashed with HASH160, compared against the 20-byte-script-hash in scriptPubKey, and interpreted as:
153
+
154
+
0 <20-byte-key-hash>
155
+
156
+
The P2WPKH witness program is then executed as described in the previous example.
157
+
158
+
Comparing with the previous example, the scriptPubKey is 1 byte bigger and the scriptSig is 23 bytes bigger. Although a nested witness program is less efficient, its payment address is fully transparent and backward compatible for all Bitcoin reference client since version 0.6.0.
159
+
142
160
=== P2WSH witness program ===
143
161
144
162
The following example is an 1-of-2 multi-signature version 0 pay-to-witness-script-hash (P2WSH) witness program.
@@ -160,7 +178,7 @@ A P2WSH witness program allows arbitrarily large script as the 520-byte push lim
160
178
161
179
The scriptPubKey occupies 34 bytes, as opposed to 23 bytes of BIP16 P2SH. The increased size improves security against possible collision attacks, as 2<sup>80</sup> work is not infeasible anymore (By the end of 2015, 2<sup>84</sup> hashes have been calculated in Bitcoin mining since the creation of Bitcoin). The spending script is same as the one for an equivalent BIP16 P2SH output but is moved to witness.
162
180
163
-
===Witness program nested in BIP16 P2SH ===
181
+
===P2WSH nested in BIP16 P2SH ===
164
182
165
183
The following example is the same 1-of-2 multi-signature P2WSH witness program, but nested in a BIP16 P2SH output.
166
184
@@ -176,7 +194,7 @@ The only item in scriptSig is hashed with HASH160, compared against the 20-byte-
176
194
177
195
The P2WSH witness program is then executed as described in the previous example.
178
196
179
-
Comparing with the previous example, the scriptPubKey is 11 bytes smaller (with reduced security) while witness is the same. However, it also requires 35 bytes in scriptSig, which is not prunable in transmission. Although a nested witness program is less efficient in many ways, its payment address is fully transparent and backward compatible for all Bitcoin reference client since version 0.6.0.
197
+
Comparing with the previous example, the scriptPubKey is 11 bytes smaller (with reduced security) while witness is the same. However, it also requires 35 bytes in scriptSig.
0 commit comments