The opcodes used throughout the pubkey scripts of unusual transactions are:
- Quite a few info pushing opcodes from 0x00 to 0x4e (1-78). These aren’t normally confirmed in examples, nonetheless they need to be used to push signatures and public keys onto the stack. See the hyperlink beneath this itemizing for a top level view.
- OP_TRUE/OP_1 (0x51) and OP_2 by OP_16 (0x52-0x60), which push the values 1 by 16 to the stack.
- “OP_CHECKSIG” consumes a signature and a full public key, and pushes true onto the stack if the transaction info specified by the SIGHASH flag was remodeled into the signature using the similar ECDSA private key that generated most of the people key. In another case, it pushes false onto the stack.
- “OP_DUP” pushes a replica of the topmost stack merchandise on to the stack.
- “OP_HASH160” consumes the topmost merchandise on the stack, computes the RIPEMD160(SHA256()) hash of that merchandise, and pushes that hash onto the stack.
- “OP_EQUAL” consumes the best two objects on the stack, compares them, and pushes true onto the stack in the event that they’re the similar, false if not.
- “OP_VERIFY” consumes the topmost merchandise on the stack. If that merchandise is zero (false) it terminates the script in failure.
- “OP_EQUALVERIFY” runs “OP_EQUAL” after which “OP_VERIFY” in sequence.
- “OP_CHECKMULTISIG” consumes the price (n) on the prime of the stack, consumes that a lot of the subsequent stack ranges (public keys), consumes the price (m) now on the prime of the stack, and consumes that a lot of the subsequent values (signatures) plus one extra value.
The “one extra value” it consumes is the outcomes of an off-by-one error throughout the Bitcoin Core implementation. This value is not used, so signature scripts prefix the itemizing of secp256k1 signatures with a single OP_0 (0x00).
“OP_CHECKMULTISIG” compares the first signature in opposition to each public key until it finds an ECDSA match. Starting with the following public key, it compares the second signature in opposition to each remaining public key until it finds an ECDSA match. The strategy is repeated until all signatures have been checked or not adequate public keys keep to provide a worthwhile consequence.
Because of public keys normally usually are not checked as soon as extra within the occasion that they fail any signature comparability, signatures needs to be positioned throughout the signature script using the similar order as their corresponding public keys had been positioned throughout the pubkey script or redeem script. See the “OP_CHECKMULTISIG” warning beneath for further particulars.
- “OP_RETURN” terminates the script in failure when executed.
A complete itemizing of opcodes will probably be found on the Bitcoin Wiki Script Net web page, with an authoritative itemizing throughout the opcodetype enum of the Bitcoin Core script header file
Signature script modification warning: Signature scripts normally usually are not signed, so anyone can modify them. This means signature scripts should solely comprise info and data-pushing opcodes which could’t be modified with out inflicting the pubkey script to fail. Placing non-data-pushing opcodes throughout the signature script for the time being makes a transaction non-standard, and future consensus tips might forbid such transactions altogether. (Non-data-pushing opcodes are already forbidden in signature scripts when spending a P2SH pubkey script.)
“OP_CHECKMULTISIG”warning: The multisig verification course of described above requires that signatures throughout the signature script be equipped within the similar order as their corresponding public keys throughout the pubkey script or redeem script. As an example, the following blended signature and pubkey script will produce the stack and comparisons confirmed:
Nonetheless reversing the order of the signatures with the whole thing else the similar will fail, as confirmed beneath: