minium / bitcoin-spec Goto Github PK

Can I firstly say how grateful I am for this document - I can't express my gratitude enough. It is so well written and comprehensive that it is a breeze to read, follow and absorb the information. I struggled with other documentation on Bitcoin for developers until I found this. Thank you thank you thank you.

I did wonder about this sentence near the top of page 23, section 4.3.4, whether it was incomplete? "In a Multisig transaction the sender transfers Bitcoins to the owner of m-of-n public keys." For the other transaction types the specific name for the Bitcoin address type is given.

So just a hunch from my side and an excuse to say thanks :)

Krzysztof,

First of all - THANKS YOU A LOT for your guide!!!
This is the best guide and explanation of the Bitcoin in the whole internet!
The other guides like wiki or the developer guide at bitcoin.org do not get even close to the clarity of your work!
I mean it.

I'd like to help with / participate in the Bitcoin documentation.

1. Can you please post original image files (e.g., in SVG format) - so, I can possibly reuse them for new images?

2. Did you consider to further your guide to include, for example:

• Practical stuff like:
  • Source code design
  • Source code explanation
  • RPC usage examples
• Theoretical stuff like:
  • Assurance contracts
  • Bitcoin 2.0 explanation (Colored coins, Mastercoins, Counterparty, etc.)
  • Explanation of other popular coins (Litecoin, Dodgecoin, Darkcoin, etc.)

Thanks a bunch,
--- Kosta

Thanks for your reference. It would be great to move it to more user-friendly gitbook format.

Here are a few minor confusions I found on a quick read-through of the whole document:

Likely typo:

In the sentence (emphasis added):

It is therefore possible to create e.g. a 1-of-12 P2SH Multisig trans-
action with compressed public keys or a 4-of-5 P2SH Multisig transaction with
compressed public keys.

I think that second "compressed" is supposed to be "uncompressed".

op_return is unspendable; satoshis sent to it are lost

This paragraph is confusing, and possibly wrong:

Unlike all other standard transaction types, a Nulldata transaction does not specify any particular recipient. The Bitcoin amount associated with a Nulldata transaction can be claimed by miners on a first-come first-served basis, the same way transaction fees are claimed.

It's confusing because it seems to conflate a nulldata transaction with an op_return output. A null-data transaction is a transaction containing an op_return output---but that same transaction will also likely include a P2PKH change output which, of course, does "specify a particular recipient".

It's possibly wrong because it seems to imply that the value spent to an op_return output can be claimed as an additional miner fee. That's not correct: an op_return in the scriptPubKey makes the output unspendable[*], so if that output has a value > 0, those satoshis are lost forever. The idea behind nulldata is that the transaction fee will have to be large enough to cover the additional bytes of the op_return output---so the amount claimed is a transaction fee, not "claimed ... the same way transaction fees are claimed."

Source: I made this mistake in our docs and Peter Todd and Greg Maxwell reported it: petertodd/bitcoin.org@28a584c

[*] nulldata is a standard transaction type with a specific template; however, you may want to note that for non-standard transactions, op_return can be used in a code branch of a scriptPubKey, allowing a scriptSig to spend that output if it can provide data that prevents execution of that code branch.

P2PKH addresses can be created from both uncompressed and compressed pubkeys

The illustration on page 27 seems to imply that P2PKH addresses can only be created from uncompressed public keys. They can be built from compressed public keys also, meaning a single key can have at least two different addresses.

Source: here's a random txid from the most recent block: 168e10abd5f335fe4a9696ec69c8c02792ab300da2826170e690595d527f7c42

Here's its scriptSig:

47 ... push 71 bytes (signature)
3044022049ffb0607de529254022cdf41297426ab135e79e0aa27a69602803068458da0f02207d34978cc26fcd9c52928576cdff7e8d1529a86256b0fc9828620f0e5e0a43d001
21 ... push 33 bytes (compressed pubkey)
038e3455a70a222f477227e4f068ce47a7c1c1f970f61b88c738ae274bbad91fef

As always, the doc was great. I especially like the section on sighash types---yours is by far the best treatment of that subject I've seen. Thanks!

Hi Krzysztof,

The description of nBits should probaly mention that the high bit of the
mantissa indicates sign---otherwise implementors might accidentally
encode a different target value than they intended. For example, an
nBits of 0x01803456 would be parsed by the formula in the reference as:

## Python interactive interpreter
hex(int(0x803456 * 256**(0x01-3))) == '0x80'

But the Bitcoin Core src/test/bignum_tests.cpp file says:

num.SetCompact(0x01803456);
BOOST_CHECK_EQUAL(num.GetHex(), "0");
BOOST_CHECK_EQUAL(num.GetCompact(), 0U);

There can even be negative nBits:

num.SetCompact(0x04923456);
BOOST_CHECK_EQUAL(num.GetHex(), "-12345600");
BOOST_CHECK_EQUAL(num.GetCompact(), 0x04923456U);

I'm pasting a draft copy of some text I've written about this for the
Bitcoin.org developer docs; it provides some more background and
explains how Bitcoin Core deals with the situation based on my reading
of the code (which could be wrong, of course). It also has references to
the relevant code. Please feel free to use any text you find useful; no
credit is required.

Before I start pasting, I want to thank you for producing the excellent
reference doc. It's always one of the first places I check when I'm
trying to figure something out.

Target nBits

The target threshold is a 256-bit unsigned integer compared the 256-bit
SHA256(SHA256()) header hash (treated also as an unsigned integer).
However, the header field nBits provides only 32 bits of space, so the
target number uses a less precise format called "compact". A naïve (but
incomplete) breakdown of nBits shows it to be a sort of scientific
notation to provide an approximate value.

TK: illustration
         0x181bc330

0x1bc330     *    256**(0x18-3)
significand      base  exponent
(mantissa)

Result: 0x1bc330000000000000000000000000000000000000000000

Padded to 32 bytes: 0x00000000000000001bc330000000000000000000000000000000000000000000

As a base-256 number, nBits can be quickly parsed as bytes the same way
you might parse a decimal number in base-10 scientific notation:

TK: illustration
0x181bc330

Byte length: 0x18 (decimal 24)

bytes  1  2  3  4  5  6  7  8  9  10 11 12 13 14 15 16 17 18 19 20 21 21 23 24
     0x__ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __
MSB    1b c3 30

Most Significant Bytes (MSB): 0x1bc330

<!-- Source for paragraph below: Bitcoin Core src/tests/bignum_tests.cpp:
num.SetCompact(0x04923456);
BOOST_CHECK_EQUAL(num.GetHex(), "-12345600");
BOOST_CHECK_EQUAL(num.GetCompact(), 0x04923456U);
-->

Although the target threshold should be an unsigned integer, the nBits
header field uses a signed data type, allowing the target threshold to
be negative if the high bit of the significand is set. However, because
the header hash is treated as an unsigned number, it can never be equal
to or lower than a negative target threshold. Bitcoin Core deals with
this in two ways:

<!-- source for "Bitcoin Core converts..." src/main.h GetBlockWork() -->

• When parsing nBits, Bitcoin Core converts a negative target
  threshold into a target of zero, which the header hash can equal (in
  theory, at least).
• When creating a value for nBits, Bitcoin Core checks to see if it will
  produce an nBits which will be interpreted as negative; if so, it
  divides the significand by 256 and increases the exponent by 1 to
  produce the same number with a different encoding.

Some more examples taken from the Bitcoin Core test cases:

TK: table
Bits          Target
0x01003456 =  0x00
0x01123456 =  0x12
0x02008000 =  0x80
0x05009234 =  0x92340000
0x04923456 = -0x12345600   High bit set (0x80 in 0x92).
0x04123456 =  0x12345600   Inverse of above; no high bit.