On-the-wire byte map & OP_CHECKSIG diagram (knowledge donation!)

[genjix]

OK, OP_CHECKSIG pushed to libbitcoin,

https://gitorious.org/libbitcoin/libbitcoin/commit/5f5dbd3f9b307e3d343cc007036995d8f8d24958

[genjix]

Code:

01 00 00 00              version
01                       number of inputs (var_uint)

input 0:
c9 97 a5 e5 6e 10 41 02 
fa 20 9c 6a 85 2d d9 06 
60 a2 0b 2d 9c 35 24 23 

43                       size of script (var_uint)
41                       push 65 bytes to stack
04 11 db 93 e1 dc db 8a 
01 6b 49 84 0f 8c 53 bc 
1e b6 8a 38 2e 97 b1 48 
2e ca d7 b1 48 a6 90 9a 
5c b2 e0 ea dd fb 84 cc 
f9 74 44 64 f8 2e 16 0b 
fa 9b 8b 64 f9 d4 c0 3f 
99 9b 86 43 f6 56 b4 12 
a3
ac                       OP_CHECKSIG

02                       number of outputs (var_uint)

output 0:
00 ca 9a 3b 00 00 00 00  amount = 10.00000000
43                       size of script (var_uint)
script for output 0:
41                       push 65 bytes to stack
04 ae 1a 62 fe 09 c5 f5 
1b 13 90 5f 07 f0 6b 99 
a2 f7 15 9b 22 25 f3 74 
cd 37 8d 71 30 2f a2 84 
14 e7 aa b3 73 97 f5 54 
a7 df 5f 14 2c 21 c1 b7 
30 3b 8a 06 26 f1 ba de 
d5 c7 2a 70 4f 7e 6c d8 
4c 
ac                       OP_CHECKSIG

output 1:
00 28 6b ee 00 00 00 00  amount = 40.00000000
43                       size of script (var_uint)
script for output 1:
41                       push 65 bytes to stack
04 11 db 93 e1 dc db 8a 
01 6b 49 84 0f 8c 53 bc 
1e b6 8a 38 2e 97 b1 48 
2e ca d7 b1 48 a6 90 9a
5c b2 e0 ea dd fb 84 cc 
f9 74 44 64 f8 2e 16 0b 
fa 9b 8b 64 f9 d4 c0 3f 
99 9b 86 43 f6 56 b4 12 
a3                       
ac                       OP_CHECKSIG

00 00 00 00              locktime
01 00 00 00              hash_code_type (added on)

result =
01 00 00 00 01 c9 97 a5 e5 6e 10 41 02 fa 20 9c 6a 85 2d d9 06 60 a2 0b 2d 9c 35
24 23 ed ce 25 85 7f cd 37 04 00 00 00 00 01 ac 02 00 ca 9a 3b 00 00 00 00 43 41
04 ae 1a 62 fe 09 c5 f5 1b 13 90 5f 07 f0 6b 99 a2 f7 15 9b 22 25 f3 74 cd 37 8d
71 30 2f a2 84 14 e7 aa b3 73 97 f5 54 a7 df 5f 14 2c 21 c1 b7 30 3b 8a 06 26 f1
ba de d5 c7 2a 70 4f 7e 6c d8 4c ac 00 28 6b ee 00 00 00 00 43 41 04 11 db 93 e1
dc db 8a 01 6b 49 84 0f 8c 53 bc 1e b6 8a 38 2e 97 b1 48 2e ca d7 b1 48 a6 90 9a
5c b2 e0 ea dd fb 84 cc f9 74 44 64 f8 2e 16 0b fa 9b 8b 64 f9 d4 c0 3f 99 9b 86
43 f6 56 b4 12 a3 ac 00 00 00 00 01 00 00 00

Relevant file,  https://gitorious.org/libbitcoin/libbitcoin/blobs/master/src/script.cpp

See function called script::op_checksig()

Also, https://gitorious.org/libbitcoin/libbitcoin/blobs/master/tests/script-test.cpp

[etotheipi]

I finally got around to updating my code to handle test-network addresses, and so I finally had to figure out how to do the address conversion correctly.  Here are the updated diagram!



The full size image is here:  http://dl.dropbox.com/u/1139081/BitcoinImg/PubKeyToAddr.png

As before, you can still access the raw SVG data here.  I used Inkscape to create this, so there's no guarantees the file is usable unless you also use Inkscape.

[samr7]

I finally got around to updating my code to handle test-network addresses, and so I finally had to figure out how to do the address conversion correctly.  Here are the updated diagrams!

+1

Nice work etotheipi!

[etotheipi]

And now I've updated the Transaction bytemap with examples of each TxIn and TxOut type.  Once again, I've learned quite a bit about BTC since making the original illustrations, and so I thought it was a good idea to update it.



The full size image can be downloaded here:  http://dl.dropbox.com/u/1139081/BitcoinImg/TxBinaryMap.png

The only thing I'm not 100% sure about is the script field on a coinbase generation TxIn.  I'm pretty sure I read that mining pools use that field as an extra nonce, so that they can have all the connected workers hashing different things and avoid redundant computations (different script --> different Tx hash --> different merkle tree --> different merkle root).

[jackjack]

In TxOut 0, it's hash160(recipientPubkey) instead of recipientAdress

[etotheipi]

I originally decided not to go into byte-level detail on the TxOut scripts, but I have no idea why.  I've updated it to be a complete byte map now.  Also changed constants like "30" to "0x30" for clarification.  If it's not perfect, it's damned close! 

[jackjack]

Indeed, it was close: length(hash160) = 20 = 0x14 (not 0x16)
It should be perfect now

[bcforum]

Second, here's another diagram.  It's not nearly as complicated as OP_CHECKSIG, but once I had it mapped out like this, I was able to do a ton of address magic in my code and get it right on the first try.  Not having to guess endianness at every step is a big help!  Remembering the extra bytes that have to be added here and there helps, too.

IXCoin is using the same leading byte as Bitcoin (yet another example of the laziness of the "developer")

[Nasakioto]

IXCoin is using the same leading byte as Bitcoin (yet another example of the laziness of the "developer")

That's being addressed in the upcoming update.

[Red Emerald]

Awesome diagrams! I am really getting interested in scripts.  This cleared up some grey areas for me on the "basic" transactions. Thanks!

[crispy]

Thanks for the hard work.  Usually the work of documenting software can teach you better than almost any other way how it actually works.

[etotheipi]

Awesome diagrams! I am really getting interested in scripts.  This cleared up some grey areas for me on the "basic" transactions. Thanks!

If you're interested in scripts, you might find the following links interesting.  The first one is literally every non-std script from the testnet.  I was looking for non-standard transactions for testing my scripting code in PyBtcEngine -- and it turns out there's quite a few on the testnet:

https://github.com/etotheipi/PyBtcEngine/blob/master/testnetNonStdScript.txt
https://github.com/etotheipi/PyBtcEngine/blob/master/scriptEvalStackState.txt

The second link is a few multi-sig transactions, with the stack state at every step of script evaluation (as produced by my code once I finally got it working).  It is a variety of scripts not currently considered "standard" but may become standard in the near future.  Seeing the script-evaluation chain for complicated transactions is quite educational (and critical for debugging!).

Thanks for the hard work.  Usually the work of documenting software can teach you better than almost any other way how it actually works.

Thanks crispy.  It was actually the act of implementing all this stuff in code that really taught me about it, and the documentation was my way of giving back for all the knowledge I gained from for the forums.  I wish I had documentation like this when I first started down this development path 4 months ago.

P.S. - if you found any of this useful, please consider donating.  This stuff took a lot of time!

[marcus_of_augustus]

tagging

[Realpra]

Forgive me for being a noob and doing a necro here, but what is "VI"/"scriptlen", it does not say on the wiki either?

[MatthewLM]

The VI stands for VarInt and is described here: https://en.bitcoin.it/wiki/Protocol_specification#Variable_length_integer

It's an integer representation for the length of the scripts and I implemented the encoding and decoding of them here: https://github.com/MatthewLM/cbitcoin/blob/master/src/CBVarInt.c

[etotheipi]

Speaking of VAR_INTs, smtp just pointed out that my OP_CHECKSIG diagram was not showing the VAR_INTs that represent script length in the TxCopy (with blanked scripts).  While I think that your Tx class in whatever language you're using should handle that detail for you, the graphic was definitely inconsistent.  So I fixed it and re-uploaded it to the wiki, too.

https://en.bitcoin.it/wiki/OP_CHECKSIG
https://bitcointalk.org/index.php?topic=29416.msg370321#msg370321

[CompNsci]

Can we get the .svg files posted for the OP_CHECKSIG diagram somewhere? The png available at the wiki is quite small and difficult to read.

[etotheipi]

It's actually on the first page:

https://bitcointalk.org/index.php?topic=29416.msg384034#msg384034

Though please doublec-check that's up to date.  It's been updated a couple times and it's possible I updated a copy of that svg.

[etotheipi]

This is good.  But I'll call you on the length of the pre-base58 address: it's 25 bytes long, not 24, but the upper byte is always 0 for regular bitcoin addresses.  Also, the base58 encoding procedure will prepend a 1 for each preceding \x00 byte in the pre-encoded address, not just a single 1.

Whoops, I was trying to update the diagrams and accidentally replied instead of editing.  Sorry for the spam.... but enjoy the pics!