You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: bip-0143.mediawiki
+28-22Lines changed: 28 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,35 +24,41 @@ Deploying the aforementioned fixes in the original script system is not a simple
24
24
== Specification ==
25
25
A new transaction digest algorithm is defined, but only applicable to sigops in version 0 witness program:
26
26
Double SHA256 of the serialization of:
27
-
1. nVersion of the transaction
28
-
2. hashPrevouts
29
-
3. hashSequence
30
-
4. transaction id and output index of the output spent by this input
31
-
5. subscript of the input
32
-
6. value of the output spent by this input
33
-
7. nSequence of the input
34
-
8. hashOutputs
35
-
9. nLocktime of the transaction
36
-
10. sighash type of the signature
37
-
38
-
The items 1, 4, 5, 7, 9, 10 have the same meaning as the original algorithm. <refname=wiki></ref>
27
+
1. nVersion of the transaction (4-byte little endian)
28
+
2. hashPrevouts (32-byte hash)
29
+
3. hashSequence (32-byte hash)
30
+
4. outpoint (32-byte hash + 4-byte little endian)
31
+
5. scriptCode of the input (varInt for the length + script)
32
+
6. value of the output spent by this input (8-byte little endian)
33
+
7. nSequence of the input (4-byte little endian)
34
+
8. hashOutputs (32-byte hash)
35
+
9. nLocktime of the transaction (4-byte little endian)
36
+
10. sighash type of the signature (4-byte little endian)
37
+
38
+
The items 1, 4, 7, 9, 10 have the same meaning as the original algorithm. <refname=wiki></ref>
39
+
40
+
The item 5:
41
+
*For P2WPKH witness program, the scriptCode is <code>0x1976a914{20-byte-pubkey-hash}88ac</code>.
42
+
*For P2WSH witness program,
43
+
**if the <code>witnessScript</code> does not contain any <code>OP_CODESEPERATOR</code>, the <code>scriptCode</code> is a <code>varInt</code> for the length of the <code>witnessScript</code>, followed by the <code>witnessScript</code>.
44
+
**if the <code>witnessScript</code> contains any <code>OP_CODESEPERATOR</code>, the <code>scriptCode</code> is the evaluated script, with all <code>OP_CODESEPARATOR</code> and everything up to the last <code>OP_CODESEPARATOR</code> before the signature checking opcode being executed removed, and prepended by a <code>varInt</code> for the length of the trancated script.
39
45
40
46
The item 6 is a 8-byte value of the amount of bitcoin spent in this input.
41
47
42
-
hashPrevouts:
43
-
*If the ANYONECANPAY flag is not set, hashPrevouts is the double SHA256 of the serialization of all transaction ids and output indexes involved in this transaction;
44
-
*Otherwise, hashPrevouts is a uint256 of 0x0000......0000.
48
+
<code>hashPrevouts</code>:
49
+
*If the ANYONECANPAY flag is not set, hashPrevouts is the double SHA256 of the serialization of all input outpoints;
50
+
*Otherwise, <code>hashPrevouts</code> is a <code>uint256</code> of <code>0x0000......0000</code>.
45
51
46
-
hashSequence:
52
+
<code>hashSequence</code>:
47
53
*If none of the ANYONECANPAY, SINGLE, NONE sighash type is set, hashSequence is the double SHA256 of the serialization of nSequence of all inputs;
48
-
*Otherwise, hashSequence is a uint256 of 0x0000......0000.
54
+
*Otherwise, <code>hashSequence</code> is a <code>uint256</code> of <code>0x0000......0000</code>.
49
55
50
-
hashOutputs:
51
-
*If the sighash type is neither SINGLE nor NONE, hashOutputs is the double SHA256 of the serialization of all output scriptPubKey with value;
52
-
*If sighash type is SINGLE and the input index is not greater than the number of outputs, hashOutputs is the double SHA256 of the output scriptPubKey with value of the same index as the input;
53
-
*Otherwise, hashOutputs is a uint256 of 0x0000......0000.
56
+
<code>hashOutputs</code>:
57
+
*If the sighash type is neither SINGLE nor NONE, hashOutputs is the double SHA256 of the serialization of all output value (8-byte little endian) with scriptPubKey (<code>varInt</code> for the length + script);
58
+
*If sighash type is SINGLE and the input index is not greater than the number of outputs, <code>hashOutputs</code> is the double SHA256 of the output value with <code>scriptPubKey</code> of the same index as the input;
59
+
*Otherwise, <code>hashOutputs</code> is a <code>uint256</code> of <code>0x0000......0000</code>.
54
60
55
-
The hashPrevouts, hashSequence, and hashOutputs calculated in an earlier verification may be reused in other inputs of the same transaction, so that the time complexity of the whole hashing process reduces from O(n<sup>2</sup>) to O(n).
61
+
The <code>hashPrevouts</code>, <code>hashSequence</code>, and <code>hashOutputs</code> calculated in an earlier verification may be reused in other inputs of the same transaction, so that the time complexity of the whole hashing process reduces from O(n<sup>2</sup>) to O(n).
56
62
57
63
Refer to the reference implementation, reproduced below, for the precise algorithm:
0 commit comments