P2PK - Pay To Public Key
The first payment on the Bitcoin network was a P2PK transaction in block 170, where Satoshi Nakamoto sent 10 BTC to Hal Finney
We will explore this transaction in detail to understand how P2PK works, from its creation to its validation. (Understanding P2PK serves as an ideal foundation for more complex scripts)
TLDR: P2PK allows bitcoins to be sent directly to a public key. To spend the bitcoins, the recipient must provide a valid signature.
NOTE
Despite being simple, P2PK is not as widely used as P2PKH. We'll cover why this is the case later on.
How does it work ?
The ability to lock and unlock coins is the mechanism by which we transfer bitcoin.
Locking is giving bitcoins to someone.
Unlocking is spending bitcoins that you have received.
1- Locking (ScriptPubKey):
When creating this P2PK transaction, Satoshi specifies Finney's public key in the ScriptPubKey.
This script specifies the conditions that must be met to spend the bitcoins in the future, and it's placed within the output of a transaction.
ScriptPubKey: A P2PK locking script looks like this:
<Public key Finney> OP_CHECKSIG
Click on Output 1 of the transaction below to view the scriptPubKey that Satoshi used to lock 10 BTC to Finney's public key and see this in action.
- OP_PUSHBYTES_65: (41 in Hex) Length of the uncompressed public key (65 bytes)
- 04ae1a ... 6cd84c: Represents Hal Finney's uncompressed public key
- OP_CHECKSIG: (0xac in Hex) Verifies the signature for the provided public key. It returns TRUE (1) if valid, otherwise FALSE (0)
Why Satoshi used Uncompressed pub key (65 bytes) ?
Some have speculated that Satoshi was unaware of public key compression.
2- Unlocking (ScriptSig)
To spend bitcoin that Satoshi sent, Finney must provide a valid signature corresponding to the public key.
This signature proves that Finney has the private key corresponding to the public key specified in the ScriptPubKey.
ScriptSig: A P2PK Unlocking script looks like this:
<Signature Finney>
Click on Input 1 of this transaction to view the scriptSig created by Hal Finney.
- OP_PUSHBYTES_71: (47 in Hex) Length of the signature (71 bytes).
- 30442 ... 914f01: Signature followed by SigHash byte
3- Validation
Bitcoin uses Script, a stack-based scripting language, to validate transactions.
It processes commands from left to right and is intentionally designed to be non-Turing complete, lacking features like loops.
When validating a transaction, the ScriptSig and ScriptPubKey are combined. This concatenated script looks something like this:
<signature Finney> <public key Finney> OP_CHECKSIG
The combined script will validate if the signature is valid, but fail if the signature is invalid.
The ScriptSig will only unlock the ScriptPubKey if the signature is valid for that public key. In other words, only someone with knowledge of the private key can produce a valid ScriptSig.
NOTE
For the script to be valid, the top element of the stack must be non-zero after evaluation
You can play with this tool below to see step by step how we evaluate P2PK the stack
Element VS Operation (Optional)
In the previous example, Signature and Public Key are elements, while OP_CHECKSIG is an operation. To understand the difference between an Element and an Operation, read this.