Scripts, conditions, signatures... How are bitcoins secured?

Disponible en podcast
Share article:

Bitcoin is a peer-to-peer monetary system where users can exchange value without going through a trusted intermediary. To make transactions, a receiving address is used to receive bitcoins and then the associated private key is used to spend these funds. But how do all of these elements interact in concrete terms in a transaction?

In this article, we are going to take an in-depth look at the fundamental mechanisms of Bitcoin. You will learn how BTC is represented on the system, how they are locked and unlocked, and how transactions work in detail.

How are bitcoins represented?

On Bitcoin, monetary units are not managed according to an account model as in the banking system. Instead, bitcoins are represented by UTXOs (Unspent Transaction Outputs), which are essentially outflows from transactions that have not yet been spent. Each UTXO represents a specific quantity of bitcoin from a previous transaction that is available for spending.

A UTXO can be thought of as the monetary support on Bitcoin, much like physical notes in the classical monetary system. A single UTXO can thus represent any value, ranging from a satoshi (= 0.00000001 BTC) to several bitcoins.

To better understand, let's compare it to a bank account. On your account, your transactions are directly reflected in your balance. Every purchase or withdrawal reduces your balance, and every deposit increases it. On Bitcoin, there is no account balance, but rather a series of UTXOs representing the various amounts of bitcoin available.

When you want to make a Bitcoin transaction, you use UTXOs that you own as inputs (Inputs) to generate new UTXOs in exchange for outputs (Outputs). A transaction therefore consumes UTXOs as inputs and creates new UTXOs as outputs.

However, it is important to note that a UTXO cannot be partially consumed: if it is used in a transaction, it must be consumed in full. It's similar to how banknotes work: if you want to spend €5 but only have a €10 bill, you can't just cut the bill in half. You are obliged to give €10 to the recipient who will give you €5 in change.

In the case of a Bitcoin transaction, it works the same way. If the value of the UTXO used exceeds the amount to be paid, the payer receives a new UTXO as an output, representing the difference between the UTXO used as input and the sum intended for the payee. This UTXO that falls to the payer is called the “exchange”.

For example, if Alice has a UTXO of 2 BTC and wants to buy a product for 0.5 BTC, she will use this UTXO as input to create 2 new UTXOs as outputs: one of 0.5 BTC for payment, and another of 1.5 BTC for the exchange that is due to her.

Understanding Bitcoin scripts

To ensure the security of UTXOs belonging to each user, we need to have a mechanism to securely lock them, while allowing the legitimate user to unlock them. This is done through scripts.

A script allows us to put conditions on UTXOs belonging to us to control their expenditure. Typically, the condition requires the user to provide a digital signature made with a private key that only the user knows. This is where the Bitcoin wallet comes in, which is used to secure all your private keys. During a transaction, the user will present the UTXO that they want to use and the signature required to satisfy the expenditure condition established by the script. The nodes of the Bitcoin network are then responsible for verifying the validity of this signature to allow the transaction to be added to the blockchain.

In each Bitcoin transaction, there are two types of scripts: the” ScriptPubKey ”, which locks the UTXO, and the” ScriptSig ”, which allows it to be unlocked.

How do I lock a UTXO?

When you receive bitcoin, the process involves the sender creating a transaction. In this one, he will input a UTXO belonging to him that will be consumed, while a new UTXO is created for you as an output. At this point, your UTXO is locked using your receiving address.

This operation is carried out using a ScriptPubKey. This script is integrated into the output of the transaction that creates the UTXO. It specifies the rules that any future user must follow to unlock and spend UTXO.

The ScriptPubKey uses a set of instructions called” Opcodes ” to define these conditions. For example, in a standard P2PKH transaction (Pay-to-pubkey-hash), the ScriptPubKey may require a valid signature corresponding to a hashed public key, i.e. a receiving address. Here is an example of ScriptPubKey Classic P2PKH:

OP_DUP OP_HASH160 OP_PUSHBYTES_20 <adresse de réception> OP_EQUALVERIFY OP_CHECKSIG

In this script:

  • OP_DUP : Duplicate the public key on the stack;
  • OP_HASH160 : Returns the public key hash (with SHA256 then RIPEMD160);
  • OP_PUSHBYTES_20 <adresse de réception>: Push the expected Bitcoin address onto the stack;
  • OP_EQUALVERIFY : Verify that the hashed public key corresponds to the received address provided;
  • OP_CHECKSIG : Verify the signature using the public key.

In this ScriptPubKey, the UTXO is locked so that only the user with the private key corresponding to the specified receiving address can unlock and spend this UTXO by providing the required signature. This means that when you provide a receiving address to a payer to receive bitcoin, the payer's wallet will create a UTXO. This UTXO is secured by a ScriptPubKey which includes the address you provided.

➤ Learn more about Bitcoin receiving addresses.

How do I unlock a UTXO?

In turn, you will be able to spend your bitcoins in a future transaction by consuming one (or more) of your UTXos as input. But to do that, you must first unlock the UTXO in question.

Unlocking a UTXO involves meeting the conditions defined by the ScriptPubKey associated with it. This operation is carried out using the unlocking script, which is also called” ScriptSig ”. The ScriptSig is therefore included in the entry of a Bitcoin transaction. It contains all the necessary elements so that when run with the ScriptPubKey Corresponding, the result is” true ”, which means that the expenditure conditions have been met.

Let's go back to our example of a standard P2PKH transaction: to unlock the UTXO, the ScriptSig would consist of the signature and the public key corresponding to the receiving address:

<signature><clé publique>

When a transaction is built, the ScriptSig associated with each trade entry is executed first, followed by the execution of the ScriptPubKey associated with the UTXO used as input. If the ScriptSig provides a valid signature that matches the public key expected by the ScriptPubKey, then the expenditure condition is met. This makes it possible to consume the UTXO concerned and to spend the bitcoins it represents.

➤ Discover how to properly manage UTXOs purchased in DCA.

Conclusion

Bitcoin operates on a UTxOS model, which are the carriers that represent the monetary units within the system. Each transaction consumes existing UTXos as inputs and creates new UTXOs as outputs. That is how money circulates.

The scripts in Bitcoin determine the conditions under which these UTXOs can be spent. The ScriptPubKey is used to lock funds, while the ScriptSig is used to satisfy the ScriptPubKey and thus unlock the BTC. This mechanism ensures that only individuals in possession of the information necessary for unlocking (usually the private key) can spend the bitcoins.

Podcast available

Table of contents

Share article

You may also like these articles

Bitstack SAS, a company registered with the Aix-en-Provence Trade and Companies Register under number 899 125 090 and operating under the trade name Bitstack, is licenced as an agent of Xpollens — an electronic money institution authorized by the ACPR (CIB 16528 – RCS Nanterre no. 501586341, 110 Avenue de France, 75013 Paris) — with the Autorité de Contrôle Prudentiel et de Résolution (ACPR) under number 747088, and is also licensed as a Crypto-Assets Service Provider (CASP) with the French Financial Markets Authority (AMF) under number A2025-003 for the following activities: exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of orders for crypto-assets on behalf of clients, providing custody and administration of crypto-assets on behalf of clients, and providing transfer services for crypto-assets on behalf of clients, with its registered office located at 100 impasse des Houillères, 13590 Meyreuil, France.

Investing in digital assets carries a risk of partial or total loss of the invested capital.
Past performance is not indicative of future results.
DOWNLOAD BITSTACK