Bitcoin Scripts Explained: P2PKH, P2SH, Properties

Bitcoin scripts
Bitcoin scripts
• How will you verify both the ownership in
transactions?
– Bitcoin Scripts
• Each transaction output doesn’t just specify a public
key rather It actually specifies a script
• Bitcoin creates two different scriptSig/scriptPubKey
pairs
– Pay-to-PubkeyHash
– Pay-to-Script-Hash
Bitcoin scripts
Pay-to-PubKey-Hash
(Pay-to-Public-Key-Hash, P2PKH)
• Pay-to-PubKey-Hash is the basic form
of making a transaction and is the
most common form of transaction on
the Bitcoin network.
• Transactions that pay to a Bitcoin
address contain P2PKH scripts,
resolved by sending the public key
and a digital signature created by the
corresponding private key.
• ScriptPubKey and ScriptSig for a
transaction is shown below:
– <ScriptPubKey=OP_DUP OP_HASH160
<PublicKeyHash> OP_EQUAL
OP_CHECKSIG
– ….ScriptSig= <Signature><Public Key>
Pay-to-Script-Hash
• To use Bitcoin a sender must specify a script exactly.
• A common consumer, wouldn't be able to specify it, if for example he is
ordering something online and a MULTISIG script is required. As a
consumer, he just want to send the money using a simple address.
• In response to that problem, there's a feature in Bitcoin that lets the
sender specify just a hash of the script that is needed to redeem the coins.
• The script acts as follows:
– The sender specifies the hash of the script and it is put on the top of the stack
– The receiver specifies as a data value, the value of the script corresponding to
the previous hash
– The algorithm checks if the hash of this data corresponds to the one specified
by the sender
– If the two hashes match, the top data value from the stack is reinterpreted as
instructions, so it's executed a second time as a script.
• This pay-to-script-hash is an alternative to make Bitcoin payments to the
standard way, which is called pay-to-public-key.
Pay-to-Script-Hash (P2SH)
• Pay to script hash (P2SH) allow transactions to be sent to a script hash
(address starting with 3) instead of a public key hash (addresses starting
with 1).
• To spend bitcoins sent via P2SH, the recipient must provide a script
matching the script hash and data which makes the script evaluate to
true.
• Using P2SH, one can send bitcoins to an address secured in various
unusual ways without knowing anything about the details of how the
security is set up.
• You just send bitcoins to the ~34-character P2SH address.
• The recipient might need the signatures of several people to spend these
bitcoins, or a password might be required, or the requirements could be
completely unique.
• Pay to script hash (P2SH) is an advanced type of transaction used in
Bitcoin and other similar cryptocurrencies.
• Unlike P2PKH, it allows sender to commit funds to a hash of an arbitrary
valid script.
Pay-to-Script-Hash (P2SH)
• Transaction scripts
– An output that pays to a P2SH scriptPubKey is spent by an input with a
scriptSig that provides the correct redeem script along with all the
data (like signatures and corresponding public keys) necessary for the
successfull script evaluation:
– scriptPubKey: OP_HASH160 <redeemScriptHash> OP_EQUAL
– scriptSig: <singatures> <publicKeys> <redeemScript>
• Example
– Transaction:
40eee3ae1760e3a8532263678cdf64569e6ad06abc133af64f735e5256
2bccc8 paid to P2SH address 3P14159f73E4gFr7JterCCQh9QjiTjiZrG.
– Redeem script in Transaction :
7edb32d4ffd7a385b763c7a8e56b6358bcd729e747290624e18acdbe6
209fc45 which spends that output, using OP_FALSE <sig> { OP_1
<pubkey> OP_1 OP_CHECKMULTISIG }
Bitcoin scripts
• Script is simple, stack-based instructions, and processed from
left to right without any loops
• Special-purpose instructions to compute hash functions and
to compute and verify signatures
• Every instruction is linearly executed exactly once with an
upper bound on time and memory
• The main properties of this language are:
– stack-based
– non Turing complete
– Two types of instructions: data instructions and OP_CODE
Bitcoin scripts properties…
• Stack
– Specifically designed for bitcoin but similar to Forth-Like
– There are no variables, no conditional statements.
– All the operations are always executed exactly once in linear manner.
– Operations are applied to the element on the top of the stack following FIFO
order.
• Non Turing Complete
– It is not possible to compute arbitrarily powerful functions.
– There are no conditional statements and no loops.
– By just looking at a script, it is possible to understand how long it might take
based on the number of instructions.
– Because the miners have to run the scripts submitted by users directly in the
transactions. So they must not have the ability to submit scripts that might
have an infinite loop and might run forever.
– The Bitcoin script will always run in a finite numbers of steps corresponding to
the number of instructions that it contains.
Non Turing complete…
• So why isn’t Bitcoin Script Turing Complete?
• Because it doesn’t need to be.
• Bitcoin Script doesn’t need to be as complicated as an Ethereum smart
contract.
• If a script was Turing Complete, it would have given malicious parties the
freedom to create complicated transactions and eat up the hash-rate of
the Bitcoin Network and slow down the entire system.
• Reverse Polish: Reverse polish notation is a system where the operators
follow the operands.
• Meaning:
• 3+4 will appear as 34+.
• So, for longer more complicated sums:
• 5*3+4 will appear as 534+*.
Bitcoin scripts properties…
• Instructions: data instructions and OP_CODE.
– Data instruction are simply containing some value and are
surrounded by angular brackets (i.e. <data>).
– OP_CODE are specific operations belonging to Bitcoin
Scripting language that acts on the value on the top of the
stack and put their result also on the top of the stack.
Script Properties
• Main properties of Bitcoin language and scripts are the
following:
– Every Bitcoin script can only produce two outcomes. It can either
execute successfully or return an error. In the Transaction validation, if
there's any error while the script is executing, the whole transaction
will be invalid and shouldn't be accepted into the blockchain
– Bitcoin scripting language is very small, 256 instructions, since each
one is given by one byte. 15 of them are currently disabled and 75 are
reserved.
– Bitcoin scripting language includes instructions to manage basic
arithmetic, basic logic, throwing errors and cryptography management
such as hash functions, signature verification.
• If the execution of script returns true then the Tx is valid and
added to blockchain else not.
https://blockgeeks.com/guides/best-bitcoin-script-guide/
OP Instructions
• Bitcoin scripting language contains
– Basic arithmetic, logic which either throws or not throws error,
– Crypto instructions
• Hashes
• Signature verification
• Multi-Signature verification
Most common script: transaction validation
• An example the most common script in Bitcoin: the one used to redeem a
transaction.
• This script is formed concatenating the scriptSig in the transaction input, with
• The scriptPubKey in the transaction output
• When a transaction has to be validated, the two scripts get

concatenated together.
– This script checks the reference to the previous transaction to see if it
can be used to transfer the money of the current transaction.
– If the resulting script runs without any errors, the transaction is
considered valid.
• First two instructions in this script are simply data
instructions:
– Signature of the sender
– Public key used to generate that signature
• This data are pushed on the stack without doing any
operations.
• Start using the OP instructions to act on these data:
– OP_DUP: Duplicate the public key on top of the stack
– OP_HASH160: Computes the cryptographic hash of the public key and puts it
on the top of the stack
• New value pushed onto the stack:
– Hash of the public key specified by the sender
• Last two operations are applied:
– OP_EQUALVERIFY: verifies if the two hashes on the top of the stack
are equals. If so they are removed. If not, an error is returned and the
transaction is not valid.
– OP_CHECKSIG: We have the public key and the signature left on the
stack. This last operation checks if the public key corresponds to the
signature, so if the signature is valid. It returns true if the signature is
valid, false otherwise.
Verification Process of Pay-to-Pubkey-Hash
Input
Verification Process
Stack Script Description
<sig> <pubKey> OP_DUP scriptSig and scriptPubKey are
Empty. OP_HASH160 <pubKeyHash>
OP_EQUALVERIFY OP_CHECKSIG combined.
<sig> <pubKey> OP_DUP OP_HASH160 <pubKeyHash> Constants are added to the stack.
OP_EQUALVERIFY OP_CHECKSIG
OP_HASH160 <pubKeyHash>
<sig> <pubKey> <pubKey> OP_EQUALVERIFY OP_CHECKSIG Top stack item is duplicated.
<sig> <pubKey> <pubKeyHash> OP_EQUALVERIFY Top stack item is hashed.

<pubHashA> OP_CHECKSIG
<sig> <pubKey> OP_EQUALVERIFY OP_CHECKSIG Constant added.
<pubHashA> <pubKeyHash>
Equality is checked between the top
<sig> <pubKey> OP_CHECKSIG two stack items.
Signature is checked for top two
True Empty.
stack items.
Executing a script
– Needs a stack data structure for storing the data.
– The data instructions gives the data and pushed
on top of the stack whereas the opcodes performs
some functions
More Sophisticated Bitcoin Scripts
• Checking Multiple Signatures
• Proof-of-burn
• Pay-to-script-hash
• Custom script
Checking Multiple Signatures
• With Bitcoin Scripting language it is possible to check multiple signatures
with one instruction: CHECKMULTISIG.
• It is necessary to specify n public keys and a threshold t.
• It will execute without errors if there are at least t valid signatures
belonging to these n public keys.
• A small bug regarding this instruction: it pops an extra data value off the
stack and ignores it.
• It is necessary to deal with it putting an extra dummy variable onto the
stack.
• It is considered a feature of Bitcoin language, because it is there since the
beginning of times and the costs of removing it are much higher than the
damage it causes.
Proof-of-burn
• Proof of burn is one of the several consensus mechanism algorithms
implemented by a blockchain network to ensure that all participating
nodes come to an agreement about the true and valid state of the
blockchain network thereby avoiding any possibility of cryptocoin double
spending.
• Proof of burn follows the principle of “burning” or “destroying” the coins
held by the miners that grant them mining rights.
• Proof-of-burn is actually a script that can never be redeemed.
• If you have a proof-of-burn, it's provable that those coins have been
destroyed, there's no possible way for them to be spent.
• To implement a proof-of-burn it's necessary to insert an OP_RETURN
instruction, which throws as soon as it is reached, no matter what
instructions preceded it.
• Data coming after OP_RETURN are ignored, so this is an opportunity to
specify arbitrary data in a script that will remain in the blockchain.
Proof-of-burn…
• One use of proof-of-burn is to bootstrap an alternative to
Bitcoin by forcing people to destroy Bitcoin in order to gain
coins in the new system.
• This kind of script has mainly two purposes:
– Insert arbitrary data into blockchain, for example timestamp a
document and prove that you knew some data at a specific time.
– In this case it is possible to create a very low value Bitcoin transaction
that's proof-of-burn.
– Can destroy a very small amount of currency, and in exchange write
something into the blockchain, which should be kept forever.
– Some alternate coins systems, can promote their new currencies
forcing people to destroy Bitcoin in order to gain coins in the new
system.
Should senders specify scripts?
?
I’m ready to pay for my Big Box
purchases!
Cool! Well we’re using MULTISIG

now, so include a script requiring
2 of our 3 account managers to
approve. Don’t get any of those
details wrong. Thanks for
shopping at Big Box!
Idea
use the hash of redemption script
<signature>
<<pubkey> OP_CHECKSIG> <signature>
OP_HASH160 <pubkey>
<hash of redemption script> OP_CHECKSIG
OP_EQUAL
“Pay to Script Hash”

Pay to script hash
I’m ready to pay for my Big Box
purchases!
Great! Here’s our address:

0x3454
Verification process of Pay-to-Script-Hash
Applications of Bitcoin Scripts
Narayanan, Arvind, et al. "Bitcoin and

cryptocurrency technologies."
• Escrow Transactions
– An escrow is a financial arrangement where a third party holds and regulates payment of
the funds required for two parties involved in a given transaction.
– It helps make transactions more secure by keeping the payment in a secure escrow
account which is only released when all of the terms of an agreement are met as
overseen by the escrow company
• How does Escrow Work?
1. Escrow.com reduces the risk of fraud by acting as a trusted third-party that collects,
holds and only disburses funds when both Buyers and Sellers are satisfied.
2. Buyer and Seller agree to terms - Either the Buyer or Seller begins a transaction. After
registering at Escrow.com, all parties agree to the terms of the transaction.
3. Buyer pays Escrow.com - The Buyer submits a payment by approved payment method
to our secure Escrow Account, Escrow.com verifies the payment, the Seller is notified
that funds have been secured 'In Escrow'.
4. Seller ships merchandise to Buyer - Upon payment verification, the Seller is authorised
to send the merchandise and submit tracking information. Escrow.com verifies that the
Buyer receives the merchandise.
5. Buyer accepts merchandise - The Buyer has a set number of days to inspect the
merchandise and the option to accept or reject it. The Buyer accepts the merchandise
6. Escrow.com pays the Seller - Escrow.com releases funds to the Seller from the Escrow
Account.
Bitcoin purchase example using Escrow
Escrow transactions
• What are the advantages of having a scripting
language, since it's more complicated than just using
public keys?
• One is to do escrow transactions, that could be
useful in the following situation:
– Alice wants to buy some things from Bob
– She wants to pay with Bitcoins and Bob has to send
physical goods to Alice
– Alice doesn't want to pay until she receives it. And Bob
doesn't want to send it, until he has received the payment
Escrow transactions
• Solution in Bitcoin system:
– Alice creates a MULTISIG transaction that requires two or three people to sign in order
to redeem the coins. These people are Alice, Bob and Judy. Judy is a judge, who will
come into play only if there's any dispute.
– Alice signs the transaction redeeming some coins that she owns. These coins are held in
escrow between Alice, Bob, and Judy. Any two of them can specify where the coin
should go.
– Bob can safely send the goods to Alice and sign the transaction that releases money to
him.
– If the goods arrive and corresponds to what Alice expected, she can release the money
towards Bob signing the transaction. The money will be sent to Bob without the need of
Judy's intervention. This happens if both are honest.
– Otherwise Alice could ask for her money back. And maybe Bob doesn't agree to sign the
transactions that releases the money towards Alice.
– Now it's Judy's turn to decide who's right and sign the transaction that releases money
either towards Alice or Bob.
• In both cases, since only two signatures are required, the money will be
sent towards one of them.
Escrow transactions
Green addresses
• Imagine that Alice wants to pay Bob, who's offline.
• Bob can't check the blockchain to see if the transaction that Alice is
sending is valid. This can happen for any reason.
• For example if Bob doesn't have time to connect and check or doesn't
have a connection.
• Normally a transaction is valid when its block is followed by other six
blocks. This can take up to an hour.
• To solve the problem of the recipient not being able to access the
blockchain, it is necessary to introduce a third party: the bank.
• Alice can ask her bank to transfer money to Bob. They will deduct some
money from Alice account and make a transaction to Bob from one of
their green addresses.
Green addresses
• The money to Bob will come directly from a bank controlled address, with
a guarantee of no double spending.
• If Bob trusts the bank, he can accept the transaction as soon as he
receives it.
• The money will eventually be his when it's confirmed in the blockchain.
• This feature isn't based on Bitcoin system, but is a real world guarantee, so
the bank must be trustable.
• If the bank ever does double spending, its system is going to collapse
quickly.
• It happened to 2 famous services that implemented green address:
– Instawallet
– Mt. Gox
• For this reasons, green addresses aren't used as much in Bitcoin as when
they were first proposed.
• It is necessary to put too much trust in the bank.
Green addresses
Efficient micro-payments
• Suppose that Alice is a customer who wants to pay Bob a low
amount of money for some service.
• So maybe Bob is Alice's wireless service provider, and Alice
wants to pay a small amount of money for every minute she
uses it.
• It would be very inefficient to create a Bitcoin transaction for
every minute of conversation, there will be too many
transactions with low value and too many fees.
• A nice solution would be to combine all these small payments
into one big payment at the end.
• Start with a MULTISIG transaction that pays the maximum amount Alice would
ever need to spend, that requires both Alice and Bob signatures to release the
coins
• After the first minute of conversation, Alice signs the transaction sending one coin
to Bob and returning the rest to herself.
• After another minute, Alice signs another transaction, paying two coins to Bob and
the rest to herself. At this point Bob hasn't signed anything, yet.
• Alice repeats this procedure every minutes of usage. These transactions aren't
published on the blockchain, since Bob signature is missing.
• When Bob wants to get his money, he can sign the last transaction and publish it
on the blockchain. He will receive the money he deserves, and the remaining will
be sent back to Alice. The other transactions will never be inserted into the
blockchain.
• It is impossible to redeem two different transactions generated by Alice, since they
are all technically double spends of the same beginning transaction. If both parties
are operating normally, Bob will never sign any transaction but the last one, so the
blockchain won't actually see any attempt of double-spending.
Lock time
• A problem of the micro-payments protocol could be that Bob will never signs any
of the transactions, so all the money that Alice first sent to the multisign address
remains blocked.
• How can Alice have her money back? Uses a feature called Lock Time.
• Before the micro-payment protocol starts, Alice and Bob will both sign a
transaction which refunds all of Alice's money back to her, but is locked until some
time in the future.
• So before Alice signs the first transaction for the first minute of service, she
requires this refund transaction from Bob.
• If a certain time T is reached and Bob hasn't signed any of the small transactions
that Alice sent, she can publish this transaction which refunds all of the money
directly to her.
• To do this, LOCK_TIME parameter is used in the metadata of Bitcoin transactions.
• It is possible to specify a value different from 0 for the lock time, which tells the
miners not to publish the transaction until some point in time, based on the
timestamps that are put into blocks.
• Alice knows that she can get her money back if Bob never signs the transactions.
Lock time
Task of Bitcoin Mining
Task of Bitcoin Miners
• We already know that Bitcoin relies crucially on
mining.
• But who are the miners?
• How did they get into this?
• How do they operate?
• What's the business model like for miners?
• What impact do they have on the environment?
Task of Bitcoin Miners
• Until now we have seen that Bitcoin depends on
miners to:
– store and broadcast the blockchain
– validate the transactions
– depending on their hash power they will be able to insert
new blocks and earn some reward
Task of the Bitcoin miners
• Steps necessary to become a miner:
1. join the network, listen for Bitcoin transactions and validate the correct ones
2. listen for new blocks, maintain the blockchain. When a new block is
proposed, validate it.
3. start assembling new valid blocks with new transactions.
4. Find a nonce suitable to win the mathematical competition against other
miners. It is necessary to work really hard to find a nonce that will make the
block valid. This is the step which is more difficult from the computational
point of view.
5. Hope that the new block is accepted by the other miners. It is necessary that
the following blocks are attached to the new one in order to be considered
valid.
6. Get profit! If the block is accepted the profit will correspond to the Bitcoin
released during block creation and the transaction fees
• So, miners useful activity is to validate the transactions and blocks. The
race for block creation and the consequent reward are just an incentive
for miners to do this validation.
Bitcoin Block Construction
• Add high priority transactions:
– Every transaction transmitted in the Bitcoin network is sent to as many
nodes as possible.
– The nodes validate each transaction and add it to a transaction pool.
– Each transaction is then prioritized depending on the size of the
transaction(in kb), its age (the amount of time a transaction has not
been picked up by any block) and the value of the input (in simple
terms it is the amount of bitcoins as input).
– The first 50 kb (out of a total 1 MB) are reserved for high priority
transactions.
– This ensures that eventually every transaction is picked up by the
network and is part of a block.
– Transactions do not have a time-out and hence eventually the
transaction is ‘old-enough’ that it becomes part of a valid block.
An Example for Proof of Work
• Need to find out the hash value such that it starts with one ‘0’ and our
data is the string ‘Make America Great Again’.
• Apply an incremental approach of adding nonce by the value 1.
• We start by initializing the nonce to 1.
• The SHA-256 ( nonce + input string) = SHA-256 (1Make America Great
Again) does not start with zero.
• So increment the nonce by 1. Finally, 20th attempt we find the hash value
such that it starts with zero.
• The SHA-256 input is ‘20Make America Great Again’.
• The number of zeroes that the output has to start with is known as the
‘Difficulty’.
• Now the goal is readjusted such that it is to find hash starting with 2
leading zeros.
• It is achieved when nonce is 120.
• By adding one unit of difficulty (i.e one additional zero) the
time taken is increased exponentially.
• If the goal is to have 4 leading zeros then the first such
occurrence is only when nonce = 69817.
• This is called as the Proof of Work.
• Once the solution is found out then the node immediately
sends the information (data + nonce) to all nodes and each
can immediately verify and in a distributed consensus agree
that it was the winning node and hence award it with the
newly created Bitcoins.
Proof of Work — Steps
• Collect transactions from the transaction pool and build a complete block
such that its size does not exceed 1 MB.
• Calculate the hash by applying SHA-256 twice to the Block header
(Version + Previous Block Hash + Merkle Root + Timestamp + Difficulty
Bits + Nonce)
• Compare the result of Step # 2 with the expected number of zeros. If not
matched then increment the nonce by 1 and go back to Step # 1.
• Technically speaking the hash value is compared with a target.
• The target is a very large number and known to every bitcoin client. For
the block to be accepted, the hash value has to be less than the target.
• Keep comparing the result such that the hash is less than target i.e. the
hash has the expected number of leading zeros.
• Once miner finds a winning block then send it to all participating nodes.
• Once all agree then the node which calculated the winning block is
rewarded with newly created Bitcoins.
• Winning block is first checked by each node individually for a long
checklist of items.
• If a miner is adding, 10,000 bitcoins in coinbase transaction, immediately
rejected by all.
• As time progresses, more high computational nodes join (or may even
drop out of) the network.
• Puzzle can be solved much faster and block creation time is reduced.
• Block creation time is set to 10 minutes and this can never change.
• After a fixed time approximately 2 weeks or exactly 2016 blocks the
difficulty is re-adjusted.
• Increase in difficulty means target decreases.
• If nodes receive 2 blocks at the same time then the one for which more
computation power was used (i.e. had higher difficulty) is selected.
• Ever since the difficulty has been increasing, the current difficulty of
the Bitcoin network can be found here.
• The hash of the genesis block (Block height = 0) has 10 leading
zeros, the block with height = 32,000 has 9 and it further reduces to
8 leading zeros for block with height = 32,256.
• However these were the initial days with very few users.
• Since last 3 years, the difficulty has been increasing constantly and
dip in difficulty is very minor.
• The current difficulty is between 17 to 19 zeros.
• It takes a huge computing power to calculate the nonce.
• If nodes receive 2 blocks at the same time then the one for which
more computation power was used (i.e had higher difficulty) is
selected.
Genesis Block
Number Of Transactions 1
Output Total 50 BTC
Estimated Transaction Volume 0 BTC
Transaction Fees 0 BTC
Height 0 (Main Chain)
The very first block is Timestamp 2009-01-03 18:15:05
called as genesis block Received Time 2009-01-03 18:15:05
and its contents are Relayed By Unknown
always hardcoded. Difficulty 1

Bits 486604799
Size 0.285 kB
Weight 0.896 kWU
Version 1
Nonce 2083236893
Block Reward 50 BTC
https://docs.blockcollider.org/docs/the-genesis-block
Process to find a new valid block
• Recall that there are two hash-based data structures:
– Blockchain: each block header points to the previous block
header.
– Merkle tree: inside every block there are transactions
organized within this binary hash tree
Process to find a valid block
(Miners need to…)
• Assemble some new transactions heard from the network in a Merkle Tree
• Create a block with the right header pointing to the last valid block
inserted
• Start searching over the nonce field and try to find a block header with a
hash that starts with the required number of zeros.
• The miners try to change this 32-bit nonce every time to obtain hashes
that don't satisfy the desired condition. If a miner tries every possible 32-
bit nonce doesn't obtain an hash with the required format, he can try to
modify the extra-nonce. This corresponds to the output index of the
coinbase transaction.
• Since this transaction creates new coins, doesn't refer to an output of a
previous transaction. When this parameter is changed, the hash of the
entire Merkle Tree changes, too. So, changing the extra-nonce is more
computationally expensive than changing the nonce itself.
• Eventually, the miner is able to find the correct nonce before the others
competitors, and can broadcast the block on the network.
Block hashing algorithm…
• Bitcoin mining uses the hashcash proof of work function
• Hashcash algorithm requires a service string, a nonce, and a counter.
• In bitcoin the service string is encoded in the block header data structure,
and includes a version field, the hash of the previous block, the root hash
of the merkle tree of all transactions in the block, the current time, and
the difficulty.
• Bitcoin stores the nonce in the extraNonce field which is part of the
coinbase transaction, which is stored as the left most leaf node in the
merkle tree.
• The counter parameter is small at 32-bits so each time it wraps the
extraNonce field must be incremented (or otherwise changed) to avoid
repeating work.
• When mining bitcoin, the hashcash algorithm repeatedly hashes the
block header while incrementing the counter & extraNonce fields.
• Incrementing the extraNonce field entails recomputing the merkle tree,
as the coinbase transaction is the left most leaf node.
• The block is also occasionally updated as you are working on it.
Extra nonce
Extra nonce
Difficulty
• Difficulty depends on the number of zeros that the hash must begin with
to be considered valid.
• E.g., the 256-hash must begin with at least 64 bits of zeros.
• Current difficulty is equal to 266.2, which is an incredibly higher number.
• Difficulty is changed every two weeks based on how efficient the miners
were over the previous two weeks.
• To compute the new difficulty simply compute the ratio between two
weeks and the amount of time that it took the miners to find the previous
2016 blocks.
• Then the ratio is multiplied by the previous difficulty.
Difficulty
• This is a scaling to keep valid a constant property. The constant property is
the amount of time needed to find a new block, which is 10 minutes.
• Over time the mining difficulty keeps increasing. It's not a steady linear
increase or an exponential increase.
• How many new miners are getting into the game, which may be affected
by the current exchange rate of Bitcoin.
• But generally more and more hash power comes online.
• More people are hashing, blocks are found faster, and the difficulty is
adjusted up, so that it again takes ten minutes to find blocks.
Difficulty
A step function of difficulty over two months
Mining hardware
• Hash function details: Hash function used for Bitcoin
is SHA-256:
– it's a general purpose cryptographic hash function, part of
a bigger family of functions that was standardized in 2001
– it was designed by the NSA
– it's a fairly strong hash function.
– It's not broken cryptographically, although there are some
theoretical weaknesses that are starting to show up.
– As a result, the SHA-3 family it's the new standard, but was
not available when Bitcoin was designed.
SHA-256
• A high level overview of SHA-256 to understand the problem that needs to
be solved by the miners.
– 256-bit state is split up in eight 32-bit words
– In each round some of these words are taken.
– There are four different tweaks applied on them at bit-level that
correspond to logic operations (bit shift, permutation, addition, ...).
– Then a number of words in the state are taken and added together
mod 32.
– The result of all these additions is wired over to the first word of the
state and the entire state shifts over
– The steps 1-4 correspond to one round of SHA-256, the operation is
repeated for 80 iterations.
– In each iteration slightly different constants are applied, so that every
reiteration isn't exactly the same as the previous ones.
SHA-256
Mining hardware in the early days
• Task of miners is to compute specific SHA-256 function as fast
as possible.
• Able to deal with 32-bits words, 32-bit addition and some
bitwise logic.
• Hardware used for mining has changed over the years:
– First generation of mining - CPU
– Second generation of mining - GPU
Mining hardware
• CPU:
– When Bitcoin was proposed, general purpose computers
where used.
– With a high-end desktop PC, it is possible to compute
around 224 hashes per second (139,461 years), which
correspond to around 20 MegaHertz.
– With the actual difficulty it would take over a hundred
thousand years to find a block.
– Miners simply searched over nonces in a linear fashion,
computed SHA 256 in software and checked if the result
was a valid block.
• CPU mining pseudocode.
TARGET = (65535 << 208) / DIFFICULTY;
coinbase_nonce = 0;
while (1) {
header = makeBlockHeader(transactions, coinbase_nonce);
for (header_nonce = 0; header_nonce < (1 << 32); header_nonce++){
if (SHA256(SHA256(makeBlock(header, header_nonce))) <
TARGET)
break; //block found!
}
coinbase_nonce++;
}
• Notice in the code that as we mentioned, SHA‐256 is applied twice.
Mining hardware
• How fast will this run on a general purpose computer?
– On a high‐end desktop PC you might expect to compute about 20
million hashes per second (MH/s).
– At that speed, it would take you several hundred thousand years on
average at the early‐2015 difficulty level (267 ) to find a valid block.
– We weren’t kidding when we said mining was going to be a difficult
slog!
– If you're mining on a general purpose PC today, CPU mining is no
longer profitable with the current difficulty.
– For the last few years, anyone trying to mine on a CPU probably
doesn’t understand how Bitcoin works and was probably pretty
disappointed that they never made any money doing it.
Mining hardware (GPU)
• Every modern PC has a GPU built‐in to support high performance graphics.
• Designed to have high throughput and also high parallelism.
• Bitcoin mining can be parallelized by computing multiple hashes at the same time
with different nonces.
• In 2010, a language called Open Computing Language(OpenCL) was released.
• OpenCL (2010) is a general purpose language, paved the way for mining on GPUs.
• It's a high level‐language and over time people have used it to run many types of
computation more quickly on graphics cards.
• Mining with graphics cards had several attractive properties at the time.
• Most accessible high‐end hardware available to the general public.
• They have some properties that make them specifically good for Bitcoin mining.
• Designed for parallelism so they have many Arithmetic Logic Units (ALUs) that can
be used for simultaneous SHA‐256 computations.
• Some GPUs also have specific instructions to do bitwise operations that are quite
useful for SHA‐256.
• Most graphics cards can also be overclocked – can run them faster than they're
actually designed for if one might want to take on the risk that they might
overheat or malfunction, a property gamers have demanded for years.
• With Bitcoin mining, it might be profitable to run the chip much faster than it was
designed for even if you induce a few errors by doing so.
• E.g., one can run a graphics card 50 percent faster but doing so will cause errors in
the SHA‐256 computation to 30 percent of the time.
• If an invalid solution is erroneously declared valid by the graphics card —
something that would happen rarely — always double‐check it on your CPU.
• Speed increase from overclocking can overcome the decrease in output due to
errors.
• In the above example, the throughput is 1.5x compared to not overclocking,
whereas the success rate is 0.7x.
• The product is 1.05, which means overclocking increases your expected profits by
5%.
• People have spent considerable time optimizing exactly how much they should
overclock a given chip to maximize profits.
Advanced mining hardware
• After 2011, miners started to use more specific and advanced
hardware: FPGA (Field Programmable Gate Arrays)
– FPGA have hardware like performances, but let the owner of the
card customize it.
– So they are faster than GPU and it's easier to set up FPGA racks
since less cooling is necessary.
– But Bitcoin mining requires to make FPGAs work harder than
what they were designed for.
– So there was a lot of malfunctioning and they were less
accessible for common people.
– Best solutions using FPGA let the miners reach 1 GigaHertz.
– With today difficulty, it would still take around 25 years to find a
new block.
Advanced mining hardware
• ASIC (Application Specific Integrated Circuits): Chips designed and build
from scratch to do nothing except mining Bitcoins.
• In the last few years many companies started to produce ASICs and there
are a lot of choices when a miner decides to buy one.
• There are models with different cost, computing power, energy
consumption and shipping times.
• An ASIC as the one below is able to compute 2 TeraHash per second.
• So it's 1000 times faster than an hypothetical array of 100 really good
FPGA. It now costs around 3000$.
• Even with this incredible performances are still necessary 14 months to
find a new block.
• Due to the cost and the dynamics to buy them, it is very difficult for a
small miner to go online in a profitable way.
Today : Professional mining
• Today mining has mostly moved away from individuals and
toward professional mining centers.
• Exact details about how these centers operate are not very
well known because companies want to protect their setups
to maintain a competitive advantage.
• Presumably, these operations maintain profitability by buying
slightly newer and more efficient ASICs than are available for
general sale at a bulk discount.
• Next slide, we see a picture of a professional mining center in
the Republic of Georgia.
BitFury mining center - a professional
mining center in the republic of Georgia
Future???
• So a couple of questions for the future are:
– Are small miners out of BitCoin mining forever?
– Is there any way to start as a small miner in this game?
– Does the existence of these ASICs and these large mining
centers go against the original vision of Satoshi Nakamoto,
which was to have every individual in the network being a
miner running on their own computer?
Bitcoin block size
Block Size
• The size of a block equals the amount of data it stores.
• The largest amount of data a block can hold is called the block
size limit.
• Blockchain size limits are small by modern data storage
standards, but crypto transactions are very lightweight, when
it comes to data storage.
• Bitcoin’s block size is limited to 1 MB, but this small amount
of data is enough to store over 2000 transactions.
• A larger block size limit enables a higher transaction-per-
second rate, but may result in stales and temporary chain
splits.
• Different blockchains have different block size limits.
• Ethereum does not have a block size limit but a gas limit.
A brief history of block size
• When Satoshi Nakamoto mined Bitcoin’s genesis block in
2009, there was no explicit block size limit.
• He introduced the block size limit a year later, when he
realized it was the only way to prevent crypto miners from
creating blocks larger than other miners could accept.
• A piece of code is incorporated to limit the block size to 1 MB.
– Some people believe that Nakamoto’s limit was unwise.
– Bitcoin’s block size limit should be increased to enable a
higher transactions-per-second rate.
• Bitcoin has often faced criticism for its transaction rate, which
is currently around 4 transactions per second (on the base
chain).
• At this speed, not all transactions make it into a block during
busy periods and have to wait in queue for the next block.
• Actual block sizes at the time were much smaller than 1 MB.
• Not anticipated that blocks would ever become overcrowded
with data.
• If the limit were higher, nodes would need a faster internet
connection.
• If one node wanted to upload a large block to its peers, the
potential delays in block transfers could cause the system to
go out of sync.
• This would result in temporary chain splits (called forks),
before everyone got back on track.
• The debate about increasing Bitcoin’s block size limit started
troubling the cryptocurrency world in 2015.
• It finally came to an end in mid-2017 when a group of miners,
investors and activists forked the Bitcoin blockchain.
• The block size limit of the newly-created fork was increased
from 1 to 8 MB, and this is essentially how Bitcoin Cash came
to be.
• Bitcoin Cash continued on a path where they would regularly
increase block size to cater to their user’s needs.
• Bitcoin’s block size may actually be greater than 1
MB, and many blocks published nowadays are larger
than that.
• An upgrade to the Bitcoin protocol called Segregated
Witness, or SegWit for short.
• SegWit replaced the concept of block size with block
weight and virtually increased the size by four times.
Bitcoin 1/4 MB
Major protocols Bitcoin Cash 32 MB*
and their block size limits Litecoin

Ethereum
1 MB
/
• Bitcoin’s block size limit of 1 MB is shared by the Litecoin protocol.

• Litecoin’s mean block time is four times shorter, its transaction-per-
second rate is four times higher than that of Bitcoin.
• Bitcoin Cash has the largest block size of the networks.
• Ethereum - the largest size of a block is not determined by a block
size limit, rather called as gas limit.
• When there is a lot of traffic on a blockchain network, blocks
sometimes get filled to their limit.
– Some transactions can’t be included in one block and have to
wait for the next one.
– It is addressed by various blockchain scaling solutions.
What is blockchain scaling?
• Blockchains might have been intended to replace the
traditional banking system, few of the early
developers anticipated their astronomical growth.
• For that reason (and because the process is really,
really difficult), no mechanisms were put in place
that would enable them to be scaled, or simply put,
grow bigger and faster.
• That is exactly what their exponential, grand-scale
adoption across the globe is calling for right now.
What is blockchain scaling?
• If they are to compete with major payment systems around
the globe – e.g. Visa and Mastercard – cryptocurrencies need
to step up their game.
• While Visa and Mastercard reportedly reach thousands of
transactions per second, cryptos are lagging far behind.
• Ethereum, for instance, caps at 20 transactions per second,
Bitcoin at 7, and Litecoin at 56, while some claim Bitcoin Cash
could potentially reach three digits.
• To address this issue, the developers of major blockchains
have come up with a variety of solutions.
BLOCKCHAIN SCALING ESSENTIALS
• Scaling is necessary to increase the number of transactions
per second.
• Solution is either to increase block size or reduce block time.
• Bitcoin’s solutions include SegWit, which virtually increases
the block size and facilitates the implementation of layer 2
solutions.
• Ethereum’s solutions include proof of stake.
https://medium.com/@alephium/block-time-and-block-size-16e37292444f
Bitcoin’s scaling solutions
• Increasing block size and reducing block time
– Bitcoin’s block size limit was set a year after its conception.
– At the time, the new block size limit of 1 MB was not
problematic.
– The network was not as busy, and transactions were never
large or numerous enough to fill up the 1 MB blocks.
– But as Bitcoin’s popularity grew, it became clear that a 1
MB block size limit was not enough for the ever-growing
community of Bitcoin users.
– A block size increase from 1 MB to 8 MB was proposed.
Bitcoin’s scaling solutions
(Increase block size & reduce block time)
• Community couldn’t reach an agreement, the blockchain was
forked.
• One part of the community stuck with the original Bitcoin Core
blockchain and its 1 MB block size limit.
• Other part opted for the Bitcoin Cash fork and increased the block
size limit first to 8 MB, and later to 32 MB.
• With blocks currently 32 times as large, Bitcoin Cash can process
more transactions in the same time.
• To increase the network throughput, reduce block time.
– Litecoin blockchain, which began as a copy of Bitcoin’s source code.
– Key difference is block time, 2.5 minutes - 4 times faster than Bitcoin’s.
– It process transactions more quickly, achieving a peak throughput of
56 transactions per second.
SegWit
• Scaling across Bitcoin and its altcoins is addressed by
Segregated Witness (SegWit).
• SegWit was aimed at addressing transaction malleability.
– Prior to implementation, it was possible to change the
transaction ID and trick the sender into sending coins
twice.
– Its implementation has made any feature that relied on
unconfirmed transactions less risky.
• But its potential is far greater than that, as it introduces a new
concept called block weight.
• Block weight is a mashup of block size with and without the
signature data, which has a limit of four times higher than
before.
SegWit
• SegWit virtually increases the block size from 1 MB to 4 MB.
• It enables a transaction throughput that is four times as high.
• Sounds promising in theory, experts believe that the
network’s condition will not allow for a block size greater
than 2.1 MB.
• In reality, the average block size is larger than 1 MB.
• SegWit enables the implementation of layer 2 solutions.
• Blockchain scaling solutions, such as the Lightning Network,
aim to move bulky chunks of data from blockchains to side
chains.
Ethereum’s scaling solutions
• Proof of Stake
– To enable a higher throughput, Ethereum’s devs have come up with
proof of stake.
– This protocol changes the block validation process by replacing
miners with validators.
– As a validator,
• Lock some of the ether in the blockchain as a stake or security.
• Start validating blocks that can be added to the blockchain (more
like bet).
– The higher your stake, the greater the likelihood that your block will
be chosen, and for you to get the block reward.
– If you bet on the wrong block, the invested stake might get lost.
Ethereum’s scaling solutions
• Proof of stake
– To implement proof of stake, Ethereum developers introduced the
Casper protocol.
– They have started the transformation of Ethereum to proof of stake, a
process known as Ethereum 2.0.
– This is currently a hybrid system between PoW and PoS.
– A number of Ethereum users have locked some of their ETH in the
blockchain for a two year period to be eligible to earn staking rewards.
– Ethereum developers will continue developing Ethereum 2.0 until it
reaches a state where PoW is no longer necessary.
What is Bitcoin Cash? (BCH)
• Bitcoin Cash is one of the largest cryptocurrencies on the market.
• It is intended to be used as digital cash for everyday purchases, like PayPal
or credit cards.
• It is the result of a hard fork from the original Bitcoin blockchain.
• Bitcoin Cash increased Bitcoin’s block size from 1 MB to 8 MB.
• Increased the number of transactions can be processed in each block.
• But large blocks make it more expensive to operate full nodes and more
difficult for small miners to compete with the larger-scale operators.
• On May 15, 2018, Bitcoin Cash raised its block size further, to 32 MB, and
added the potential to run smart contracts similar to Ethereum.
• This major update to the protocol is meant to help Bitcoin Cash scale more
effectively in the future.
• It also increased the differences between Bitcoin Cash and Bitcoin.
BITCOIN CASH ESSENTIALS
• The result of a hard fork from the Bitcoin blockchain.
• Main difference is bigger block size.
• Peer-to-peer digital cash intended for everyday
purchases.
• Decentralized currency with a limited supply and
irreversible transactions.
Why was Bitcoin Cash created?
• In 2010, Bitcoin’s block size was limited to 1 MB.
• the limitation is most likely to prevent transaction spamming.
• Block size constraints became more and more noticeable.
• By 2015, the average block size got to the point of
bottlenecking and transaction delays became a real possibility.
• Bitcoin community proposed several scaling solutions to
prevent this from happening.
• A possible step forward was to introduce slight modifications
to the code in the form of Segregated Witness.
• Segregated Witness (or SegWit) is a piece of code that
virtually increases block size by separating transactions into
two segments.
• Not all core developers agreed with the introduction of SegWit.
• The developers who opposed SegWit proposed a different solution. They
wanted to increase block size from 1 MB to 8 MB.
• This would permit more transactions to be processed in each block, but it
would also be harder to coordinate mining, giving the miners connected to
many nodes an advantage over the rest.
• Since the development community could not agree on a single solution, a
hard fork was introduced.
• It resulted in the creation of Bitcoin Cash. But for the new cryptocurrency
to really come to life, it had to amass a following.
• The community had to choose which chain to follow – original Bitcoin or
Bitcoin Cash.
• Once the fork was finalized, the two currencies continued independently
of one another.
• Bitcoin Cash further deviated from Bitcoin on May 15, 2018.
• Developers implemented a hard fork to increase the block size
to 32 MB.
• They also made it possible to start developing smart contract
technology for Bitcoin Cash.
• But this didn’t bring an end to changes in BCH.
• It has undergone another fork and split into Bitcoin Cash ABC
and Bitcoin SV in November 2018.
• The former is a continuation of BCH, while the latter, named
Satoshi’s Vision, is a new cryptocurrency intended to mimic
Bitcoin as it was in the beginning, before forks and updates.
What is the Bitcoin Block Size Limit?
• The Bitcoin block size limit is a parameter in the Bitcoin
protocol that limits the size of Bitcoin blocks.
• The number of transactions that can be confirmed on the
network approximately every 10 minutes.
• Satoshi Nakamoto added a 1 megabyte block size limit back.
• This translated into about three to seven transactions per
second, depending on the size of transactions.
What is the Bitcoin Block Size Limit?
• In 2017, Bitcoin’s block size limit was replaced by a block
weight limit of 4 million “weight units.”
• This changed how data in blocks is “counted”: some data
weighs more than other data.
• It also represented an effective block size limit increase:
Bitcoin blocks now have a theoretical maximum size of 4
megabytes and a more realistic maximum size of 2
megabytes.
• The exact size depends on the types of transactions included.
Why is the Block Size Limit Controversial?
• There is disagreement over whether or not such a limit “should be” part of
the Bitcoin protocol.
• Block size limit is to prevent an attacker from overloading the Bitcoin
network with artificially large Bitcoin blocks full of bogus transactions.
• Intended for it to be a temporary measure, but it is unclear how
temporary or under what conditions foresaw the block size limit being
increased or lifted.
• The code itself that enforces the block size limit certainly wasn’t
temporary.
• Block size limit represents a vital security parameter of the protocol and
believed it should not be lifted — or at least, it should be lifted more
conservatively.
• 1 megabyte was actually too large and advocated for a block size limit
decrease.
Why is the Block Size Limit Controversial?
• Adding more complications, since Bitcoin is decentralized, no
particular group or person is in charge of decisions like
increasing or decreasing the block size.
• Disagreements on how such decisions should be made, by
whom, or if they should be made at all, has probably led to at
least as much controversy as the block size limit itself.
Why shouldn’t Bitcoin Blocks Be Too Small?
• Note: Almost anything about Bitcoin’s block size limit and the
risks of it being too big or too small is contested, but these are
some of the more general arguments.
• If Bitcoin blocks are too small, not many transactions can be
processed by the Bitcoin network. Broadly speaking,
proponents of a block size limit increase (“big blockers”) argue
this can have two negative consequences.
https://originstamp.com/blog/block-rewards-vs-transaction-fees-why-we-need-both/
Not Enough Space?
• Smaller bitcoin blocks mean that there isn’t enough space to
include everyone’s transactions in these blocks, and the
transaction fee “bidding war” to get transactions confirmed
would price most people out of using bitcoin at all.
• Instead, it could lead to a future where only bank-like
institutions make transactions with one another, while
regular users hold accounts with these institutions.
• This would, in turn, open the door to fractional reserve
banking, transaction censorship and more of the problems
with traditional finance that many bitcoiners hoped to get
away from.
Deterrent to Adoption
• Probably what many “big blockers” consider to be a
more pressing concern — users would simply give up
on Bitcoin altogether because blocks are too small.
• Perhaps users would switch to a competing
cryptocurrency or they would give up on this type of
technology altogether.
Increased Cost for Bitcoin Nodes
• The first of these risks is that bigger blocks increase the cost
of operating a Bitcoin node.
• It increases the cost in four ways:
– It increases the cost of storing the blockchain, as the blockchain would
grow faster.
– It increases bandwidth costs to download (and upload) all transactions
and blocks.
– It increases CPU costs required to validate all transactions and blocks.
– The bigger the total blockchain is, the longer it takes to bootstrap a
new node on the network: It has to download and validate all past
transactions and blocks.
Increased Cost For Bitcoin Nodes
• If the cost to operate a Bitcoin node becomes too high, and
users have to (or choose to) use lightweight clients instead,
they can no longer verify that the transactions they receive
are valid.
– E.g. receive a transaction from an attacker that created coins out of
thin air; without knowing the entire history of the Bitcoin blockchain,
there is no way to tell the difference.
– Users would only find out that their coins are fake once they try to
spend them later on.
– Even if users do validate that the block that includes the transaction
was mined sufficiently (which is common), miners could be colluding
with the attacker.
Increased Cost For Bitcoin Nodes
• Few users choose to run Bitcoin nodes that the fraudulent
coins are noticed too late or not at all.
• The Bitcoin protocol itself effectively becomes subject to
changes imposed by miners.
• Miners could go as far as to increase the coin supply or spend
coins they do not own.
• Only a healthy ecosystem with a significant share of users
validating their own transactions prevents this.
• The Light clients could be made secure through a technical
solution called “fraud proofs.”
MINING CENTRALIZATION
• The second risk of bigger blocks is that they could lead to mining
centralization.
• Whenever a miner finds a new block, it sends this block to the rest of the
network, and, in normal circumstances, bigger blocks take longer to find
their way to all other miners.
• While the block is finding its way, the miner that found it can immediately
start mining on top of the new block himself, giving him a head start on
finding the next block.
• Bigger miners (or pools) find more blocks than smaller miners, thereby
gaining more head starts.
• Smaller miners will be less profitable and will eventually be
outcompeted, leading to a more centralized mining ecosystem.
• If mining becomes too centralized, some miners could end up in a position
where they can 51 attack the network.
MINING CENTRALIZATION
• The most complex and nuanced argument against smaller
blocks.
• For one, even big miners have an incentive against creating
blocks that are too big:
– They can benefit from a head start, too much delay can work to their
detriment as a competing block may find its way through the network
faster, and other miners will mine on that block instead.
• There are technical solutions to speed up block relay, as well
as technical solutions to limit the damage from mining
centralization itself, but these solutions come with trade-offs
of their own.
Lower Block subsidies could Lead to Less
Network Security
• The third and final risk of big blocks is that they could disincentives users
from adding fees to their transactions.
• As long as block space is limited, users must outbid each other to have
their transactions included in blocks, and as Bitcoin’s block subsidy
diminishes, this will have to become a more significant part of the block
reward to support Bitcoin’s security model.
• Without a block size limit, this incentive is taken away.
• (While individual miners can still choose to only include fees with a
minimum fee, other miners would still have an incentive to include
transactions below that threshold - thereby diminishing the fee incentive.)
• While “big blockers” see high fees as a problem as it would make Bitcoin
less attractive, “small blockers” see high fees as a positive as it would
benefit Bitcoin’s security.
Will Bitcoin Core Developers ever increase
the Block Size Limit?
• Bitcoin Core is the predominant — though not only — Bitcoin
implementation in use on the Bitcoin network today.
• Many “big blockers” have been looking at Bitcoin Core developers to
implement an increase.
• Bitcoin Core developers did indeed increase the block size limit, through
the Segregated Witness (SegWit) protocol upgrade.
• By replacing it for a block weight limit, blocks now have a theoretical limit
of 4 megabytes and a more realistic limit of 2 megabytes.
• This was a backwards-compatible soft fork protocol upgrade, which meant
that users could opt into the change without splitting the network.
• Because this was a soft fork, and not a hard fork as many “big blockers”
preferred, they sometimes do not “count” this increase as a block size
limit increase at all.
• Indeed, Bitcoin Core developers have not deployed a block
size limit increase through a hard fork, which is a backwards-
incompatible protocol upgrade.
• This would either require consensus from all of Bitcoin’s users
or possibly split the Bitcoin network in two: a version of
Bitcoin with the current block weight limit and a version of
Bitcoin with the increased block size/weight limit.
• Users of the version of Bitcoin with the current block weight
limit would probably not even consider the hard-forked
version of Bitcoin to be “Bitcoin” at all; they might refer to it
as “Bitcoin Core coin” or something along these lines.
• Perhaps more importantly, the current group of Bitcoin Core
contributors seem to have no desire to dictate Bitcoin’s
protocol rules, nor do they want to split the network.
• Therefore, they are unlikely to deploy a hard fork (for the
block size limit or otherwise) without broad consensus
throughout Bitcoin’s user base for such a protocol upgrade.
• Given the controversial nature of the block size/weight
parameter, it’s unlikely that such consensus will form anytime
soon, but it could happen down the road.
Alternative Solutions
• There are some alternative solutions to increase
Bitcoin’s block size limit, like Extension Blocks, as well
as solutions that could achieve something similar,
such as “big block” sidechains.
• It’s not clear that any of these solutions will see the
light of day anytime soon either, however; current
focus seems more directed toward “layer two”
scaling solutions like the Lightning Network.
Is Bitcoin Block Size Limit Discussion
Censored?
• The answer is NO.
• During the heat of the block size limit debate, one of the most
popular Bitcoin discussion platforms on the internet, the Bitcoin-
focused subreddit r/bitcoin, imposed heavy-handed moderation.
• This moderation was intended to stop forum users from promoting
consensus-breaking software before the greater user base had
actually come to a consensus on the best way forward.
• At the time, it was not obvious to everyone that using such software
could lead to a split (a non-backwards-compatible hard fork) of the
network, and it was often advertised as if it couldn’t.
• Arguing in favor of a block size limit increase and/or hard fork
without directly promoting consensus-breaking software was
always allowed.
Censored?
• Whether this constituted a form of “censorship” is perhaps in the eye of
the beholder, but what’s certain is that anyone who disagreed with this
policy was free to start or contribute to competing Bitcoin subreddits, and
this is exactly what happened.
• The r/btc subreddit in particular become a popular discussion platform for
those who favored a block size limit increase hard fork.
• Reddit is only a relatively small part of the internet and an even smaller
part of the entire world.
• While there are some other platforms that have been accused of similar
censorship (such as the Bitcointalk forum and the Bitcoin-development
mailing list), it is hard to deny that the debate took place loud and clear
across social media, news sites, conferences, chat groups and far beyond.
Censored?
• Anyone interested in hearing about the different
arguments had every chance to inform themselves
and even those who didn’t care had a hard time
escaping the fallout from the debate.
• Those who favored a block size limit increase hard
fork were unable to convince enough people of their
case, and it seems as if some of them have
channeled their frustration about this
disappointment into anger toward a particular
subreddit and its moderators.
BITCOIN CASH & BITCOIN SV
• Bitcoin would increase its block size limit (among other things) through
the SegWit soft fork protocol upgrade, some “big blockers” decided to
move forward with a block size limit increase hard fork, even knowing that
they would be in a minority and split off into their own network to
become a new cryptocurrency.
• This new network and the resulting cryptocurrency is called Bitcoin Cash.
• Since Bitcoin Cash split off from Bitcoin, it has itself implemented several
more hard fork upgrades, some of which, in turn, led to even more splits
in the network and new cryptocurrencies.
• The most notable of these is Bitcoin SV, loosely centered around Craig
Wright, one of the men who (almost certainly fraudulently) claims to have
been behind the pseudonym Satoshi Nakamoto.
• It has an even bigger block size limit than Bitcoin Cash does.
References
• https://www.bitstamp.net/learn/crypto-101/what-is-block-size/
• https://bitcoinmagazine.com/guides/what-is-the-bitcoin-block-size-limit
• https://supplychaingamechanger.com/what-is-the-maximum-size-of-a-
bitcoin-block/
Smart contract design patterns
Smart Contracts
• Programmers use smart contract design patterns for the same
reasons they use code patterns in other projects.
• The patterns are reliable coding paradigms (e.g. scripts,
formats or segments) that have performed routine functions
well in other programs.
• Rather than reinvent the wheel for every smart contract,
programmers use these patterns to avoid errors and reduce
costs.
• Smart contract design patterns provide four main functions:
– security patterns,
– efficiency patterns,
– access control patterns and
– contract management patterns.
Smart Contracts
• The world of blockchain has grown from a niche interest to a
universe of possibilities, and the use of smart contract design
patterns has been an important part of that growth.
• According to Verified Market Research, the smart contract
market is projected to reach $770 million in value by 2028, up
from its $145 million dollar value in 2020.
• These contracts add tremendously to the utility,
enforceability, and possibility of a web3 world.
• For example, decentralized applications, or dApps, are
applications that run on a blockchain network using the
technology of smart contracts to complete transactions.
How smart contracts are designed?
• Smart contracts are self-executing digital contracts that define
the terms of a blockchain transaction using code.
• This code makes it possible to, among other things, exchange
massive amounts of money within set input parameters.
• Smart contracts are written with a variety of coding
languages, and the most popular one is Solidity.
• Developers created this programming language specifically to
run smart contracts on the Ethereum network, but it’s used
on other networks, including Hedera.
• A few design patterns have emerged over the years for smart
contracts.
How smart contracts are designed
• The secure, efficient design of smart contracts is imperative given that
millions of dollars are tied up in smart contracts and dApp functions.
• Large security breaches can mean millions of dollars in theft, such as high-
profile "rug pull" thefts of contracts that use tokens.
• According to the 2022 Crypto Crime Report by Chainalysis, cybercriminals
netted about $14 billion in cryptocurrency in 2021, setting a dubious
record.
• To avoid costly errors, it’s a good idea to rely on proven smart contract
design patterns.
• Many online articles on the subject will include a code sample or two for
programmers to review.
• Smart contract design patterns are reusable, repeatable
solutions in writing code.
• They serve a wide range of purposes by offering four main
functions:
– Security patterns – To protect your contract against breaches.
– Efficiency patterns – To reduce the cost of executing your
contract.
– Access control patterns – To manage who can execute the
functions of your contract.
– Contract management patterns – To organize the contracts and
their interactions.
• While these categories capture the main functions of all smart
contract patterns, it’s important to note that patterns are
used across all blockchains, on and off-chain, in domain-based
chains, and in data management.
• E.g., To build a smart contract that will have a few evolutions
during its life cycle.
• Called as state machine pattern, which falls under the multi-
domain feature pattern.
• A state machine pattern allows you to manage smart contract
transitions through different “state” transitions over time.
• This pattern is used in many scenarios, including your basic
smart contract implementation.
Security patterns
• Security patterns are designed to maximize the level of security of a smart
contract against any risk.
• They are used to ward off reentrancy attacks, overflow attacks, or the
flawed behavior of the actual smart contracts.
• Given the number of assets tied to smart contracts, it’s no surprise that
there are several kinds of commonly-used security patterns.
• Many of these patterns, like circuit breakers and exit strategies, are
designed to protect contracts against failure just in case the worst
happens.
• These patterns might have a built-in panic button, such as the emergency
stop pattern, which gives an option to disable contract functionality if
necessary.
• Or a pattern might use rate limiters to control how often a task can be
executed within a specified period.
• The check effect interaction pattern minimizes potential attack surfaces to
reduce the risk of malicious contracts taking over.
Security patterns
• Other examples of security design patterns are:
– Balance limit pattern
– Pull over push payments
– Secure ether transfer
– Fork check
– Termination
– Math pattern
– Time constraint
– Mutex pattern
– Auto deprecation design pattern
– Withdrawal pattern
https://fravoll.github.io/solidity-patterns/pull_over_push.html
Efficiency Patterns
• Efficiency patterns optimize the operation of a smart
contract or reduce the costs associated with using
one.
• Using these patterns can save time and money for
operators and users.
• For instance, a fewer functions pattern can reduce
the overhead associated with your contract to save
you storage and gas costs.
• These kinds of patterns are used commonly in smart
contracts on public blockchains as well as in more
involved tasks like data refreshing.
Examples for efficiency patterns
• Use libraries • Publisher-subscriber
• Incentive execution • Avoid redundant
• Tight variable packing operations
• Limit storage • Short constant strings
• Challenge response • Fail early and fail loud
• Write values • Limit modifiers
• Pull payments • Minimize on-chain data
• Low contract footprint
Upgradeability Patterns
• Proxy Delegate: Introduce the possibility to
upgrade smart contracts without breaking any
dependencies.
• Eternal Storage: Keep contract storage after a
smart contract upgrade.
Economic Patterns
• String Equality Comparison: Check for the equality
of two provided strings in a way that minimizes
average gas consumption for a large number of
different inputs.
• Tight Variable Packing: Optimize gas consumption
when storing or loading statically-sized variables.
• Memory Array Building: Aggregate and retrieve
data from contract storage in a gas efficient way.
Access Control Patterns
• Access control patterns restrict who can access and execute
certain functions of the smart contract.
• Can manage permissions and authorizations for a given
function, e.g. the admin has the ability to do something.
– The ability to restrict access is particularly useful on a public
blockchain ledger, where anyone can see the contract, but you want to
control who can do what within the contract.
• The names of certain access control patterns make their
purpose clear, such as multi-authorization, and ownership and
role-based access control.
• Sound like the setup for a spy movie, like off-chain secret
enabled dynamic authorization.
Access Control Patterns
• Other examples of restricting access patterns include:
– Hash secret
– Access restriction
– Judge
– Embedded permission
– Dynamic binding
Contract Management Patterns
• Contract management patterns refer to how contract
owners organize their smart contracts and how the
contracts work together.
• This allows you to make sure your contracts work
together smoothly.
• E.g., Design a proxy smart contract that relays
function call to other contracts.
Contract Management Patterns
• Examples of design patterns in the contract
management pattern :
– Migration
– Data contract
– Contract decorator
– Inter-family communication
– Flyweight
– Contract registry
– Contract mediator
– Satellite
– Contract observer
Factory Pattern
• What is a factory pattern in Solidity?
– A factory pattern is a type of design pattern where one contract acts
as the factory in charge of churning out other contracts. The products
the pattern creates using Solidity code are called child contracts.
– Solidity smart contracts that use a factory pattern can benefit from
increased efficiency as well as security.
– If you’re looking to create multiple copies of the same contract, a
factory pattern can help you streamline management and tracking of
your deposit function, for one thing.
– Deploying only the factory and then later using it to deploy other
contracts can also save you in gas consumption.
– Acting as a defense-in-depth solution, factory patterns can also keep
your code simpler, making it more secure with less risk of bugs.
Factory Pattern
• The potential drawback of a factory pattern is that it can be
more costly in gas depending on how you set up your code.
• And while the factory pattern simplifies the management of
existing contracts, it can also inadvertently make things more
complex if your factory itself is complex.
• Overall, a factory pattern can be a very useful pattern to
streamline your smart contracts in Solidity as long as you keep
in mind your goals in using the structure and set up your
structures accordingly.
Using patterns smartly
• Smart contracts are the key to a future of decentralization
powered by the blockchain.
• One can join in on this world of potential by building dApps,
protocols, and smart contracts right on Hedera.
• The Hedera Smart Contract Service runs the EVM on the
Hedera network, written in Solidity, Viper, and other EVM
languages, which helps you run contracts in just seconds.
• With Hedera, your contract will have predictable gas fees and
a carbon-negative energy use so you can reach your goals
with hashgraph efficiency.
References
• Bartoletti, M., & Pompianu, L. (2017, April). An empirical
analysis of smart contracts: platforms, applications, and
design patterns. In International conference on financial
cryptography and data security (pp. 494-509). Springer, Cham.
• https://chainyard.com/insights/using-patterns-in-coding-
blockchain-smart-contracts/
• https://yos.io/2019/11/10/smart-contract-development-best-
practices
• https://fravoll.github.io/solidity-patterns/
• https://hedera.com/learning/smart-contracts/smart-contract-
design-patterns
Smart Contracts and Financial
Services
Smart Contracts and Financial Services
• With Ethereum, the world was brought a whole new system of smart
contracts, and they offer many benefits.
• Smart contracts are tamper-resistant, self-executing, and self-verifying.
• While Nick Szabo came up with the idea for smart contracts in 1994, they
did not come into reality until the release of Ethereum, which allowed
easy embedding of contracts into computer code with security and
transparency.
• Smart contracts are programmable contracts encoding an agreement
between two or more parties that self execute when defined criteria are
met.
• The transaction’s terms are written as a protocol on a blockchain network
which means they have neither paperwork nor a middleman for
validation.
• The compliance is made through the blockchain’s validation process,
which is autonomous when the contract’s terms are completed.
• Smart contracts are helpful for many manual banking processes like
compliance, loan eligibility validation, and claims processing.
Smart Contacts Main Features and Benefits
• Smart contracts allow two parties to interact with “if-when-then”
conditions, and they can be anonymous.
– Smart contracts have compliance and control built-in with
independence and self-execution.
– They can source from external data to make them self verifying.
– With no intermediaries, they are safer and have additional tamper
resistance.
– They provide immediate resolution with fast verification, saving both
parties time.
– Their transparency removes many trust issues.
– Their setup is very cheap, and execution is free.
– They handle sensitive data with the data remaining on the blockchain
for future use.
– Encrypted digital signatures verify contract participation, making them
ideal for high-end contracts.
Types of Smart Contracts
• There are three general types of smart contracts:
– Legal Contracts – These smart contracts are created to simplify legal processes. They
ensure adherence to regulatory guidelines and can be used for financial, real estate, and
international trade contracts. While the current legal system has an insufficient
structure to support totally autonomous blockchain-based contracts, as laws and
structures improve, more of these will be utilized.
– Decentralized Autonomous Organizations (DAOs) –Smart contracts built for blockchain
communities where the community’s participants must abide by the rules of the code.
Many crowdfunding platforms are DAOs. There are many smart contracts employed for
the management, and they are used to supervise and police the community’s
participants while ensuring support among the community.
– Application Logic Contracts (ALCs)– These contracts are behind the internet of things
(IoT). They are application-specific codes working in conjunction with other programs
that are on the same blockchain. They are used to establish and validate the
communication of IoT devices, merging IoT and blockchain technologies. Every
multifunctional smart contract will have a managing program, and under this, it will be
made up of ALCs.
Smart Contracts and the Financial Services
Industry
• Most sectors of our economy are utilizing smart contracts.
are beginning to see the – Reduced transaction costs
changes in speed and – Error-free insurance claim
transparency brought by processing
smart contracts. – Quick, cost-effective, and
advanced remittance
• Financial Services is no
– Transparent audits
exception and has become – Improved KYC processing
the leader in blockchain – Peer to Peer transactions
innovation. – Speed of automation
• Some of the ways and – Contract Accuracy
processes where banks and – Win-Win relationships
other financial institutions
Industry
• Reduced transaction costs
– Money is always a business consideration, smart contracts are
beneficial due to their lowered transaction costs for self-regulating
and record-keeping, with reduced or eliminated manual intervention.
• Error-free insurance claim processing
– The process of assessing an insurance claim’s legitimacy is a tedious
one.
– Manually counterchecking the terms of a contract and then validation
of the claim can take time.
– Smart contracts can supply automated insurance claim processes to
the finance industry.
– Automatic validation via decentralized ledgers on a blockchain
network can be done with smart contracts.
– This process will reduce the risk of fraudulent claim compensation by
insurers.
Industry
• Quick, cost-effective, and advanced remittance
– The adoption of digital payment services like PayPal and Zelle has
increased the demand for safe and speedy international remittance
services.
– Two different blockchain protocols have filled this role.
– The stellar network and the ripple network;
• one is more centralized than the other, but both have similar
international remittance services through established and newer
financial institutions allowing real-time fund transfers for pennies
rather than the high prices and multiple days that are common
with traditional remittance services.
– They are even adding smart contract functionality making advanced
remittances like Letters of Credit possible.
Industry
• Transparent audits
– Traditional contracts involve significant paperwork, and
proper record-keeping is essential for financial auditing.
– The resources needed to manage records are significant.
– Smart contracts can support advanced bookkeeping
solutions because they are tied to the distributed
incorruptible code of the blockchain network.
– Smart contract solutions can eliminate infiltration and
enhance blockchain stored record transparency.
Industry
• Improved KYC processing
– KYC is a required function of banks and financial services.
– The process of customer identification is now being
conducted by smart contract-based blockchain solutions
like KYC-chain.
– Separate parts of the KYC process, such as identification
and credit score verification, can be saved and recalled
with Blockchain records.
– Other compliance requirements such as tax returns can be
processed in real-time, which helps financial institutions
and accounting firms.
Industry
• Peer to Peer transactions
– To be service-oriented, banks looking to implement new technologies
want to be sure that the new tech will improve the outcomes for
clients.
– Smart contracts on distributed blockchains eliminate the need for
third-party mediation.
– This attribute is a cost reduction and can simplify transactions for
users, even the unbanked.
– The slow adoption of cryptos by retailers is gradually building the net
of payments.
– Smart contracts are quite beneficial for all trustless payments,
especially international trade, that involves foreign currencies,
inspections of goods, and funds in escrow, without the need for trust
while providing convenience and stability.
Industry
• Speed of automation
– Replacing manual tasks with smart contracts reduces transaction processing
times and optimizes operations.
– For example, pay stubs, W-2s, and tax returns for loan applications can be
automatically verified and then info kept on the blockchain to recall later.
• Contract Accuracy
– Smart contract transactions are self-executable and transparent.
– They eliminate errors by removing human intervention, which cultivates trust
between the parties involved in the contract even if they are anonymous.
• Win-Win relationships
– Financial institutions and their clients benefit from smart contract
implementation.
– Banks can reduce their costs and streamline their processes which ensures
regulatory compliance.
– Clients gain from simple, safe, and reduced-cost transactions.
Financial Institution Smart Contract
Opportunities
• With financial instruments and assets digitized, and the
growing use of cryptocurrencies, the uses for smart contracts
and blockchain technologies in finance are growing.
• As the levels of connectivity increase, this will advance
further.
• Process simplification
– Institutions should review their internal processes to determine where
manual procedures can be simplified with smart contracts.
– Automation of manual workflows and linking interdependent
transactions with smart contracts will have an upfront cost but, over
the long run, will be a competitive advantage.
– Trust can be built among participants of multiparty agreements
through blockchain transparency.
Opportunities
• Clearing and settlement streamlining
– F.I.s can use smart contracts to streamline their Trade Clearing and
Settlement (TCS).
– TCS is historically a labor-intensive process that, due to the
involvement of several parties whose roles are to approve, audit, and
reconcile, is prone to errors.
– Smart contracts can be utilized to create an efficient equity settlement
program that prevents discrepancies and saves costs.
– An Accenture survey of eight global banks found that clearing and
settling costs could be reduced by $10B annually through blockchain
technology.
– Wall Street has successfully tested smart contracts for clearing and
settlement, and the Australian Securities Exchange and the Depository
Trust & Clearing Corporation (DTCC) are developing a smart contract-
based clearing and settlement system.
Opportunities
• Trade finance and supply chain documentation
streamlining
– Smart contracts can reduce processing times of supply
chains and trade finance.
– While digitizing letters of credit and bills of lading means
an opportunity for forgery, blockchains can be used to
secure public receipts and transactions and ease workflow
management with digital signatures.
– Bank of America, Barclays Corporate Bank, Standard
Chartered, and the Development Bank of Singapore have
all been testing uses smart contracts to automate log
change of ownership and payment processes for their
organizations.
Opportunities
• Securities Settlement and Clearance
– Current settlement and clearance systems mean that market
participants must accept opaque methods with money trapped for
unknown durations.
– Smart contracts can make this process transparent reducing
settlement timelines to minutes or even seconds.
• Well-defined Terms and Conditions for Lending
– Traditional lending revenue is generally the difference between
interest paid to investors and that from borrowers.
– Many borrowers cannot meet traditional lending criteria.
– Smart contracts can monitor the loans to these borrowers directly
from investors, reducing the time needed to procure these loans.
– Lending can be done with cryptocurrency as collateral and
programmed interest payment terms.
Opportunities
• Lowered barriers to entry for SMBs
– Onboarding processes had multi-step verification and significant
documentation needs reduced access for SMBs.
– Smart contracts can provide blockchain solutions accelerating the
systems of traditional banking, matching the agility of small
businesses.
– Traditional finance models can be reshaped with new instruments
matched with decentralized ledgers.
• Tokenization
– Smart contracts can deliver stable and secure processes, with the
tokenization of USD and other fiat Stablecoins can prevent the
fluctuations of most cryptos and help institutions avoid risks.
Opportunities
• Online giving
– Smart contracts can improve donations with stipulation clauses
requiring specific trigger conditions must be fulfilled before funds are
released.
– These contracts can increase supporter trust and improve fund
transparency in giving.
– Donation processing, auditing, and tax reporting costs can also be
reduced with smart contracts.
What are DAOs?
• A DAO is a collectively-owned, blockchain-governed organization
working towards a shared mission.
• DAOs allow us to work with like-minded folks around the globe
without trusting a benevolent leader to manage the funds or
operations.
• There is no CEO who can spend funds on a whim or CFO who can
manipulate the books.
• Instead, blockchain-based rules baked into the code define how the
organization works and how funds are spent.
• They have built-in treasuries that no one has the authority to access
without the approval of the group.
• Decisions are governed by proposals and voting to ensure everyone
in the organization has a voice, and everything happens
transparently on-chain.
Why do we need DAOs?
• Starting an organization with someone that involves
funding and money requires a lot of trust in the
people you're working with.
• But it’s hard to trust someone you’ve only ever
interacted with on the internet.
• With DAOs you don’t need to trust anyone else in the
group, just the DAO’s code, which is 100%
transparent and verifiable by anyone.
• This opens up so many new opportunities for global
collaboration and coordination.
A comparison
DAO A traditional organization
Usually flat, and fully democratized. Usually hierarchical.
Voting required by members for any Depending on structure, changes can be

demanded from a sole party, or voting
changes to be implemented.
may be offered.
Votes tallied, and outcome implemented If voting allowed, votes are tallied
automatically without trusted internally, and outcome of voting must be
intermediary. handled manually.
Services offered are handled
Requires human handling, or centrally
automatically in a decentralized manner
(for example distribution of philanthropic controlled automation, prone to
manipulation.
funds).
Activity is typically private, and limited to
All activity is transparent and fully public.
the public.
DAO examples
• To help this make more sense, here's a few examples
of how you could use a DAO:
– A charity – you could accept donations from anyone in the
world and vote on which causes to fund.
– Collective ownership – you could purchase physical or
digital assets and members can vote on how to use them.
– Ventures and grants – you could create a venture fund that
pools investment capital and votes on ventures to back.
Repaid money could later be redistributed amongst DAO-
members.
How do DAOs work?
• The backbone of a DAO is its smart contract, which defines the rules of the
organization and holds the group's treasury. Once the contract is live on
Ethereum, no one can change the rules except by a vote. If anyone tries to
do something that's not covered by the rules and logic in the code, it will
fail. And because the treasury is defined by the smart contract too that
means no one can spend the money without the group's approval either.
This means that DAOs don't need a central authority. Instead, the group
makes decisions collectively, and payments are automatically authorized
when votes pass.
• This is possible because smart contracts are tamper-proof once they go
live on Ethereum. You can't just edit the code (the DAOs rules) without
people noticing because everything is public.
Ethereum and DAOs
• Ethereum is the perfect foundation for DAOs for a number
of reasons:
– Ethereum’s own consensus is distributed and established
enough for organizations to trust the network.
– Smart contract code can’t be modified once live, even by its
owners. This allows the DAO to run by the rules it was
programmed with.
– Smart contracts can send/receive funds. Without this you'd
need a trusted intermediary to manage group funds.
– The Ethereum community has proven to be more collaborative
than competitive, allowing for best practices and support
systems to emerge quickly.
Benefits of DAOs
• Decentralized
– In a traditional organization, most important decisions are made by a
central authority. In a DAO, decisions impacting the entity are made
jointly by the community.
• Transparent
– Transparency calls for accountability of every member of the DAO.
Votes within a DAO are made via blockchain and are publicly viewable.
Anyone can look up transaction records. This motivates community
members to act in good faith and discourages acts against the
community.
• Community-based
– A DAO can bring together people from all over the world to work
toward a shared goal. Every member has the opportunity to
contribute to the project. Unlike traditional corporate structures,
everyone can express their ideas and propose courses of
organizational action via the mechanisms of decentralized governance.
Limitations of DAOs
• Legal
– The regulatory environment surrounding DAOs is still very uncertain as most
jurisdictions haven’t yet defined their approach to this novel type of entities. A
continuously uncertain legal status could become a significant barrier to the adoption of
DAOs.
• Coordinated attacks
– The desirable properties of DAOs (decentralization, immutability, trustlessness)
inherently carry some performance and security risks. The example of The DAO
demonstrated that this new organizational form can introduce novel risks that are not
present in traditional entities.
• Points of centralization
– It can be argued that decentralization isn’t a state, but rather a range, in which each
level is suitable for a different type of use case. In some cases, full autonomy or
decentralization might not even be possible or make sense.
– DAOs may allow for a wider range of participants to collaborate than ever before, but
the governance rules set in the protocol will always be a point of centralization. The
argument can be made that centralized organizations can operate at a much higher
efficiency – but abandon the benefits of open participation.

Bitcoin Scripts Explained: P2PKH, P2SH, Properties

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bitcoin Scripts Explained: P2PKH, P2SH, Properties

Uploaded by

Copyright:

Available Formats

Bitcoin scripts

• When a transaction has to be validated, the two scripts get

<sig> <pubKey> <pubKeyHash> OP_EQUALVERIFY Top stack item is hashed.

Cool! Well we’re using MULTISIG

“Pay to Script Hash”

Great! Here’s our address:

Narayanan, Arvind, et al. "Bitcoin and

The very first block is Timestamp 2009-01-03 18:15:05

called as genesis block Received Time 2009-01-03 18:15:05

and its contents are Relayed By Unknown

always hardcoded. Difficulty 1

and their block size limits Litecoin

• Bitcoin’s block size limit of 1 MB is shared by the Litecoin protocol.

Voting required by members for any Depending on structure, changes can be

You might also like