From Bitcoin Wiki
Revision as of 03:43, 25 January 2011 by X6763 (talk | contribs) (Added to Technical and Developer categories)
Jump to: navigation, search

OP_CHECKSIG is used to verify that a signature for a tx output is valid


In addition to the script code itself, to operate OP_CHECKSIG needs to know the current transaction, the current transaction input, and the current hashtype (discussed later)

How it works

  1. the public key and the signature are popped from the stack, in that order.
  2. A new subscript is created from the instruction from the most recent OP_CODESEPARATOR to the end of the script. If there is no OP_CODESEPARATOR the entire script becomes the subscript (hereby referred to as subScript)
  3. The sig is deleted from subScript.
  4. The hashtype is removed from the last byte of the sig and stored
  5. A deep copy is made of the current transaction (hereby referred to txCopy)
  6. All OP_CODESEPARATORS are removed from subScript
  7. The scripts for all transaction inputs in txCopy are set to empty scripts
  8. The script for the current transaction input in txCopy is set to subScript

Now depending on the hashtype various things can happen to txCopy, these will be discussed individually

Hashtype SIGHASH_ALL (default)

No special handling occurs in the default case


  1. The output of txCopy is set to a vector of zero size.
  2. All other inputs aside from the current input in txCopy have their nSequence index set to zero


  1. The output of txCopy is resized to the size of the current input index+1
  2. All other txCopy outputs aside from the output that is the same as the current input index are set to a blank script and a value of (long) -1;
  3. All other txCopy inputs aside from the current input are set to have an nSequence index of zero


  1. The txCopy input vector is resized to a length of one
  2. The current input is set as the first and only member of this vector

Final signature

An array of bytes is constructed from the serialized txCopy + four bytes for the hash type. This array is sha256 hashed twice, then the public key is used to to check the supplied signature against the hash.

Return values

OP_CHECKSIG will push true to the stack if the check passed, false otherwise. OP_CHECKSIG_VERIFY leaves nothing on the stack but will cause the script eval to fail immediately if the check does not pass.