1

I've posted questions for both script types (P2WPKH and P2SH) in the same place for consistency. An answer to any of the questions is of great help.

Let's start.

As I know, traditional scripts (which also include P2PKH and P2SH) are executed by concatenating scriptSig and the corresponding ScriptPubKey and if the top-most item after execution is non-zero, the input is considered valid.

If I understand 141 correctly, it works a bit differently for SegWit. Thus:

1. P2WPKH:

scriptPubKey: OP_0 <hash-pubkey>

scriptSig: empty

witness: <signature> <pubkey>

So, for P2WPKH there is no traditional concatenation and stack-based execution of script as OP codes like CHECKSIG, DUP, EQUALVERIFY etc. do not exist in scriptSig nor ScriptPubKey. My understanding is that it will just "out of traditional stack execution" calculate the HASH160 of <pubkey> from the witness field and compare with <hash-pubkey> from the scriptPubKey. Then, if the previous matches, it will push everything from witness field, add OP_CHECKSIG and execute it as in traditional scripts. So there is not classical stack-based execution, it goes "out of stack".

EDIT: Concatenation in the sense that op codes and data from scriptSig and scriptPubKey are executed in order (pushed onto the stack).

1.1. Am I right? Is this how it works?

Also, in BIP141 it says the following:

After normal script evaluation, the signature is verified against the public key with CHECKSIG operation. The verification must result in a single TRUE on the stack.

1.2. What does it mean "after normal script evaluation...", by my understanding normal script evaluation does not exist?

1.3. What does it mean that the result is a single TRUE on stack? Does it mean that by consensus rules for SegWit we must have only <signature> and <pubkey> for P2WPKH in witness field and if we have anything additional, like OP_1 before <signature> it will be invalid since, adding OP_CHECKSIG after OP_1 <signature> <pubkey>, more than one item will left on stack (1 TRUE)?

2. P2WPSH:

scriptPubKey: OP_0 <hash-witscript>

scriptSig: empty

witness: <data pushes> <witness script>

So again, since there are no OP codes, traditional concatenation and stack-based execution will not be performed here either. It will out of "traditional stack execution" take <witness script>, calculate SHA256 and compare it with <hash-witscript>. If that matches, then everything from the witness field (<data pushes> and <witness script>) will be pushed on the stack and execute in traditional stack-based way.

2.1. Am I right? Is this how it works?

BIP141 says the following:

The witnessScript is deserialized, and executed after normal script evaluation with the remaining witness stack (≤ 520 bytes for each stack item).

2.2. What does it mean "after normal script evaluation"? Script evaluation does not exist by my understand.

2.3. After executing <data pushes> and <witness script> (content from witness field) in traditional stack-based way it must be only one non-zero item on a stack (unlike P2SH where it can be more than one and only top-most item is important)? Right?

joke
  • 67
  • 5
  • Scripts are no longer concatenated. First the input script is executed, then the output script is executed on the stack that was left over from executing the input script. – Murch Aug 31 '23 at 01:34
  • 1.1.Your understanding is accurate. In P2WPKH, there's no direct stack-based execution of the script as in the traditional Bitcoin script model. Instead, the process involves checking the witness data. The witness is indeed used to provide the signature and public key required for transaction validation. 1.2."After normal script evaluation" in BIP141 refers to the normal scriptSig and ScriptPubKey evaluation that takes place for non-SegWit transactions. – Mani T Aug 31 '23 at 03:41
  • @Murch I used the term "concatenation" to denote a scenario where all the opcodes and data from input and UTXO script are executed in order (although I know that concatenation is no longer done). I edited my comment with this note. If we take this into consideration, what do you think about the other questions? – joke Aug 31 '23 at 08:05
  • @ManiT Yes, but they say the following: `After normal script evaluation, the signature is verified against the public key with CHECKSIG operation. The verification must result in a single TRUE on the stack.`. If they reference here with "normal script evalutaion" on non-segwit transactions, what does it have to do with segwit transaction? I don't get it. Also, what about other questions? – joke Aug 31 '23 at 08:10
  • 1
    @joke Does https://bitcoin.stackexchange.com/a/101146/208 help? – Pieter Wuille Aug 31 '23 at 12:47
  • 2
    I’m voting to close this question because it does not work well with our system. Stack Exchange is built around asking _one_ question per topic which can accumulate multiple answers. The answers can then be voted upon to rate their usefulness. A “here is my take, am I right?”-post inherently breaks this schema, because it is not feasible for most other users to determine whether an answer comprehensively evaluates the take. Please change your post to _ask a question_. You may post most of what you wrote as an _answer_ on your own question. That will allow other users to answer your _question_. – Murch Aug 31 '23 at 18:46
  • 1
    Also, I think there is too many different questions in this topic, so maybe consider splitting it up into multiple topics. —— Please feel free to edit your post to use it as the question, or create a new topic to ask there. If you choose to use this topic, please feel free to flag for reopening when you’ve finished editing it. —— You can find an overview of how our site works in our [tour]. – Murch Aug 31 '23 at 18:47
  • I am voting to close as explained above. Please (1) ask a question in your question post, (2) ask about one topic. – Murch Aug 31 '23 at 18:50

0 Answers0