What is scriptPubKey? (Locking Scripts)

When a transaction output (UTXO) is created, it is secured by a cryptographic lock. This lock is not a simple public key or address; it is a computer script.

In Bitcoin, this locking script is called the scriptPubKey.

---

💻 The Language of Locking: Bitcoin Script

The scriptPubKey is written in Script, Bitcoin’s native, assembly-like programming language. * Execution Model: Script is a stack-based language, executed from left to right. * Design Goal: To create flexible, programmable smart contracts (like multisig locks, timelocks, and escrows) while maintaining absolute network safety.

Each output on the blockchain has its own scriptPubKey serialized directly into its transaction bytes.

---

🔍 Structure of Common scriptPubKey Patterns

Different types of Bitcoin addresses result in different scriptPubKey configurations:

1. P2PKH (Pay-to-Public-Key-Hash) — Legacy Address (starts with "1")

This is the standard legacy lock. Instead of locking the coins directly to a large public key, it locks them to a shorter, more secure hash of the public key. * The Locking Script: OP_DUP OP_HASH160 <20-Byte-PublicKey-Hash> OP_EQUALVERIFY OP_CHECKSIG * The Breakdown: * OP_DUP: Duplicates the top item on the stack. * OP_HASH160: Hashes the top stack item using SHA-256 followed by RIPEMD-160. * <20-Byte-PublicKey-Hash>: The hashed representation of the owner's public key. * OP_EQUALVERIFY: Compares the top two items on the stack; if they aren't equal, the transaction instantly fails. * OP_CHECKSIG: Evaluates a signature against the public key to authorize the spend.

2. P2SH (Pay-to-Script-Hash) — Nested/Multisig (starts with "3")

Rather than writing a complex, multi-key script inside the output (which is large and expensive for the sender), P2SH locks the output to the hash of a script. * The Locking Script: OP_HASH160 <20-Byte-RedeemScript-Hash> OP_EQUAL * The Breakdown: * OP_HASH160: Hashes the spending script presented by the receiver. * OP_EQUAL: Confirms that the hash of the script presented matches the hash defined in the lock.

3. P2WPKH (Pay-to-Witness-Public-Key-Hash) — Native SegWit (starts with "bc1q")

SegWit locks are incredibly simple and lightweight because they move the heavy verification logic to the "witness" field of the transaction. * The Locking Script: OP_0 <20-Byte-PublicKey-Hash> * The Breakdown: * OP_0: Acts as a version byte (Version 0 SegWit). * <20-Byte-PublicKey-Hash>: The key hash. * Consensus Rule: Modern SegWit-compatible nodes recognize this 2-byte starting sequence as a special instruction to look for the signature and public key in the separate Witness data block, saving fee weight.

---

🚪 The Key and Lock Concept

Every transaction input must reference a previous transaction output's scriptPubKey and supply a corresponding scriptSig (the key) to open the lock:

┌──────────────────────────────────────┐
│           PREVIOUS OUTPUT            │
│ scriptPubKey: [The Cryptographic Lock]│
└──────────────────▲───────────────────┘
                   │
                   │ (Unlocked By)
                   │
┌──────────────────┴───────────────────┐
│            CURRENT INPUT             │
│   scriptSig: [The Unlocking Proof]   │
└──────────────────────────────────────┘