Davide De Rosa

The Bitcoin Script language (pt. 2)

See on Github

In the first part I introduced the Script opcodes for constants and push data. We’re slowly approaching the scripts you’ll include in real transactions. Specifically, we’re bound to deal with hashes and ECDSA signatures at some point, that’s why Script has even opcodes for crypto functions.


Look at some of the many arithmetic opcodes:

opcode encoding

Both are totally stack-based operations, meaning that they take no explicit argument. OP_ADD (OP_SUB) pops the top two items of the stack and adds (substracts) them. The result of the operation is then pushed on top again.


55 59 93 56 94



Here’s how the stack evolves:

[5, 9]
[14, 6]

The script returns 8.


Again, scripts are used for transaction validation, and comparisons are a primary need for a validator:

opcode encoding

OP_EQUAL pops and compares the top two items on the stack, then pushes OP_TRUE if they’re equal or OP_FALSE otherwise.


02 c3 72 02 03 72 01 c0 93 87


[c3 72] [03 72] [c0] OP_ADD OP_EQUAL

Here’s how the stack evolves:

[c3 72]
[c3 72, 03 72]
[c3 72, 03 72, c0]
[c3 72, c3 72]

It’s worth noting that the script eventually “succeeds”, because it returns OP_TRUE.

Stack manipulation

This is the only opcode you’re going to use for stack manipulation:

opcode encoding

OP_DUP takes no arguments, it just duplicates the top stack item.


04 b9 0c a2 fe 76 87


[b9 0c a2 fe] OP_DUP OP_EQUAL

Here’s how the stack evolves:

[b9 0c a2 fe]
[b9 0c a2 fe, b9 0c a2 fe]

Obviously, the script succeeds, since OP_EQUAL would never fail after OP_DUP!


These opcodes are certainly the most interesting:

opcode encoding
OP_HASH160 a9

OP_HASH160 pops the top stack item, performs hash160 on it and then pushes the result back. Basically, this opcode computes the Bitcoin P2PKH address from an ECDSA public key.

OP_CHECKSIG pops the top two stack items, the first being an ECDSA public key and the second being a DER-encoded ECDSA signature. After that, it pushes OP_TRUE if the signature is valid for that public key or OP_FALSE otherwise. It’s the Script version of OpenSSL’s ECDSA_verify.

Both opcodes will be described in the next post.

Where’s the code?

There are no code examples in this chapter. In the end a script is an array of data where your only contribution is mapping opcodes names to raw bytes. We could have developed a tiny Script interpreter, but it’s way beyond our goals. Typical Bitcoin clients don’t run scripts as it’s a mining task, so our concern is just writing well-formed scripts that miners would accept.

Next block in chain?

You learned some more Script opcodes, including crypto functions essential to ECDSA verifications.

In the next article we’ll examine the role of keys and addresses in standard scripts. Please share this post if you enjoyed it and use the form below for questions and comments!