Bitcoin Core 31.99.0
P2P Digital Currency
verify_script.cpp
Go to the documentation of this file.
1// Copyright (c) 2016-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <addresstype.h>
6#include <bench/bench.h>
7#include <key.h>
8#include <policy/policy.h>
9#include <primitives/transaction.h>
10#include <pubkey.h>
11#include <script/interpreter.h>
12#include <script/script.h>
13#include <span.h>
14#include <test/util/transaction_utils.h>
15#include <uint256.h>
16#include <util/translation.h>
17
18#include <array>
19#include <cassert>
20#include <cstdint>
21#include <vector>
22
23enum class ScriptType {
24 P2WPKH, // segwitv0, witness-pubkey-hash (ECDSA signature)
25 P2TR_KeyPath, // segwitv1, taproot key-path spend (Schnorr signature)
26 P2TR_ScriptPath, // segwitv1, taproot script-path spend (Tapscript leaf with a single OP_CHECKSIG)
27};
28
29static size_t ExpectedWitnessStackSize(ScriptType script_type)
30{
31 switch (script_type) {
32 case ScriptType::P2WPKH: return 2; // [pubkey, signature]
33 case ScriptType::P2TR_KeyPath: return 1; // [signature]
34 case ScriptType::P2TR_ScriptPath: return 3; // [signature, tapscript, control block]
35 } // no default case, so the compiler can warn about missing cases
36 assert(false);
37}
38
39// Microbenchmark for verification of standard scripts.
40static void VerifyScriptBench(benchmark::Bench& bench, ScriptType script_type)
41{
42 ECC_Context ecc_context{};
43
44 // Create deterministic key material needed for output script creation / signing
45 CKey privkey;
46 privkey.Set(uint256::ONE.begin(), uint256::ONE.end(), /*fCompressedIn=*/true);
47 CPubKey pubkey = privkey.GetPubKey();
48 XOnlyPubKey xonly_pubkey{pubkey};
49 CKeyID key_id = pubkey.GetID();
50
51 FlatSigningProvider keystore;
52 keystore.keys.emplace(key_id, privkey);
53 keystore.pubkeys.emplace(key_id, pubkey);
54
55 // Create crediting and spending transactions with provided input type
56 const auto dest{[&]() -> CTxDestination {
57 switch (script_type) {
58 case ScriptType::P2WPKH: return WitnessV0KeyHash(pubkey);
59 case ScriptType::P2TR_KeyPath: return WitnessV1Taproot(xonly_pubkey);
60 case ScriptType::P2TR_ScriptPath:
61 TaprootBuilder builder;
62 builder.Add(0, CScript() << ToByteVector(xonly_pubkey) << OP_CHECKSIG, TAPROOT_LEAF_TAPSCRIPT);
63 builder.Finalize(XOnlyPubKey::NUMS_H); // effectively unspendable key-path
64 const auto output{builder.GetOutput()};
65 keystore.tr_trees.emplace(output, builder);
66 return output;
67 } // no default case, so the compiler can warn about missing cases
68 assert(false);
69 }()};
70 const CMutableTransaction& txCredit = BuildCreditingTransaction(GetScriptForDestination(dest), 1);
71 CMutableTransaction txSpend = BuildSpendingTransaction(/*scriptSig=*/{}, /*scriptWitness=*/{}, CTransaction(txCredit));
72
73 // Sign spending transaction, precompute transaction data
74 PrecomputedTransactionData txdata;
75 {
76 const std::map<COutPoint, Coin> coins{
77 {txSpend.vin[0].prevout, Coin(txCredit.vout[0], /*nHeightIn=*/100, /*fCoinBaseIn=*/false)}
78 };
79 std::map<int, bilingual_str> input_errors;
80 bool complete = SignTransaction(txSpend, &keystore, coins, {.sighash_type = SIGHASH_ALL}, input_errors);
81 assert(complete);
82 // Weak sanity check on witness data to ensure we produced the intended spending type
83 assert(txSpend.vin[0].scriptWitness.stack.size() == ExpectedWitnessStackSize(script_type));
84 txdata.Init(txSpend, /*spent_outputs=*/{txCredit.vout[0]});
85 }
86
87 // Benchmark.
88 bench.unit("script").run([&] {
89 ScriptError err;
90 bool success = VerifyScript(
91 txSpend.vin[0].scriptSig,
92 txCredit.vout[0].scriptPubKey,
93 &txSpend.vin[0].scriptWitness,
94 STANDARD_SCRIPT_VERIFY_FLAGS,
95 MutableTransactionSignatureChecker(&txSpend, 0, txCredit.vout[0].nValue, txdata, MissingDataBehavior::ASSERT_FAIL),
96 &err);
97 assert(err == SCRIPT_ERR_OK);
98 assert(success);
99 });
100}
101
102static void VerifyScriptP2WPKH(benchmark::Bench& bench) { VerifyScriptBench(bench, ScriptType::P2WPKH); }
103static void VerifyScriptP2TR_KeyPath(benchmark::Bench& bench) { VerifyScriptBench(bench, ScriptType::P2TR_KeyPath); }
104static void VerifyScriptP2TR_ScriptPath(benchmark::Bench& bench) { VerifyScriptBench(bench, ScriptType::P2TR_ScriptPath); }
105
106static void VerifyNestedIfScript(benchmark::Bench& bench)
107{
108 std::vector<std::vector<unsigned char>> stack;
109 CScript script;
110 for (int i = 0; i < 100; ++i) {
111 script << OP_1 << OP_IF;
112 }
113 for (int i = 0; i < 1000; ++i) {
114 script << OP_1;
115 }
116 for (int i = 0; i < 100; ++i) {
117 script << OP_ENDIF;
118 }
119 bench.unit("script")
120 .setup([&] { stack.clear(); })
121 .run([&] {
122 ScriptError error;
123 const bool ret{EvalScript(stack, script, /*flags=*/0, BaseSignatureChecker(), SigVersion::BASE, &error)};
124 assert(ret && error == SCRIPT_ERR_OK);
125 });
126}
127
128BENCHMARK(VerifyScriptP2WPKH);
129BENCHMARK(VerifyScriptP2TR_KeyPath);
130BENCHMARK(VerifyScriptP2TR_ScriptPath);
131BENCHMARK(VerifyNestedIfScript);
GetScriptForDestination
CScript GetScriptForDestination(const CTxDestination &dest)
Generate a Bitcoin scriptPubKey for the given CTxDestination.
Definition: addresstype.cpp:166
CTxDestination
std::variant< CNoDestination, PubKeyDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessV1Taproot, PayToAnchor, WitnessUnknown > CTxDestination
A txout script categorized into standard templates.
Definition: addresstype.h:143
ret
int ret
Definition: bitcoin-cli.cpp:1405
ecc_context
ECC_Context ecc_context
Definition: bitcoin-wallet.cpp:127
CKey
An encapsulated private key.
Definition: key.h:36
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:183
CKey::Set
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:104
CKeyID
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:24
CPubKey
An encapsulated public key.
Definition: pubkey.h:34
CPubKey::GetID
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:160
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:405
CTransaction
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:281
Coin
A UTXO entry.
Definition: coins.h:35
ECC_Context
RAII class initializing and deinitializing global state for elliptic curve support.
Definition: key.h:326
TaprootBuilder
Utility class to construct Taproot outputs from internal key and script tree.
Definition: signingprovider.h:50
TaprootBuilder::GetOutput
WitnessV1Taproot GetOutput()
Compute scriptPubKey (after Finalize()).
Definition: signingprovider.cpp:467
TaprootBuilder::Add
TaprootBuilder & Add(int depth, std::span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
Definition: signingprovider.cpp:433
TaprootBuilder::Finalize
TaprootBuilder & Finalize(const XOnlyPubKey &internal_key)
Finalize the construction.
Definition: signingprovider.cpp:456
XOnlyPubKey::NUMS_H
static const XOnlyPubKey NUMS_H
Nothing Up My Sleeve point H Used as an internal key for provably disabling the key path spend see BI...
Definition: pubkey.h:235
ankerl::nanobench::Bench
Main entry point to nanobench's benchmarking facility.
Definition: nanobench.h:633
ankerl::nanobench::Bench::run
Bench & run(char const *benchmarkName, Op &&op)
Repeatedly calls op() based on the configuration, and performs measurements.
Definition: nanobench.h:1292
ankerl::nanobench::Bench::unit
Bench & unit(char const *unit)
Sets the operation unit.
ankerl::nanobench::Bench::setup
detail::SetupRunner< SetupOp > setup(SetupOp setupOp)
Configure an untimed setup step per epoch (forces single-iteration epochs).
Definition: nanobench.h:1286
uint256::ONE
static const uint256 ONE
Definition: uint256.h:205
EvalScript
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, script_verify_flags flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror)
Definition: interpreter.cpp:407
VerifyScript
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, script_verify_flags flags, const BaseSignatureChecker &checker, ScriptError *serror)
Definition: interpreter.cpp:2002
SigVersion::BASE
@ BASE
Bare scripts and BIP16 P2SH-wrapped redeemscripts.
TAPROOT_LEAF_TAPSCRIPT
static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT
Definition: interpreter.h:242
SIGHASH_ALL
@ SIGHASH_ALL
Definition: interpreter.h:31
MissingDataBehavior::ASSERT_FAIL
@ ASSERT_FAIL
Abort execution through assertion failure (for consensus code)
STANDARD_SCRIPT_VERIFY_FLAGS
static constexpr script_verify_flags STANDARD_SCRIPT_VERIFY_FLAGS
Standard script verification flags that standard transactions will comply with.
Definition: policy.h:118
SignTransaction
void SignTransaction(CMutableTransaction &mtx, const SigningProvider *keystore, const std::map< COutPoint, Coin > &coins, const UniValue &hashType, UniValue &result)
Sign a transaction with the given keystore and previous transactions.
Definition: rawtransaction_util.cpp:311
OP_IF
@ OP_IF
Definition: script.h:104
OP_CHECKSIG
@ OP_CHECKSIG
Definition: script.h:190
OP_ENDIF
@ OP_ENDIF
Definition: script.h:109
OP_1
@ OP_1
Definition: script.h:83
ToByteVector
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:67
ScriptError
enum ScriptError_t ScriptError
SCRIPT_ERR_OK
@ SCRIPT_ERR_OK
Definition: script_error.h:13
InputType::P2WPKH
@ P2WPKH
CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:358
CMutableTransaction::vout
std::vector< CTxOut > vout
Definition: transaction.h:360
CMutableTransaction::vin
std::vector< CTxIn > vin
Definition: transaction.h:359
FlatSigningProvider::pubkeys
std::map< CKeyID, CPubKey > pubkeys
Definition: signingprovider.h:226
FlatSigningProvider::keys
std::map< CKeyID, CKey > keys
Definition: signingprovider.h:228
FlatSigningProvider::tr_trees
std::map< XOnlyPubKey, TaprootBuilder > tr_trees
Definition: signingprovider.h:229
BuildSpendingTransaction
CMutableTransaction BuildSpendingTransaction(const CScript &scriptSig, const CScriptWitness &scriptWitness, const CTransaction &txCredit)
Definition: transaction_utils.cpp:26
BuildCreditingTransaction
CMutableTransaction BuildCreditingTransaction(const CScript &scriptPubKey, int nValue)
Definition: transaction_utils.cpp:10
transaction_utils.h
assert
assert(!tx.IsCoinBase())
ScriptType
ScriptType
Definition: verify_script.cpp:23
ScriptType::P2TR_KeyPath
@ P2TR_KeyPath
ScriptType::P2WPKH
@ P2WPKH
ScriptType::P2TR_ScriptPath
@ P2TR_ScriptPath
VerifyNestedIfScript
static void VerifyNestedIfScript(benchmark::Bench &bench)
Definition: verify_script.cpp:106
VerifyScriptP2TR_ScriptPath
static void VerifyScriptP2TR_ScriptPath(benchmark::Bench &bench)
Definition: verify_script.cpp:104
VerifyScriptP2WPKH
static void VerifyScriptP2WPKH(benchmark::Bench &bench)
Definition: verify_script.cpp:102
VerifyScriptBench
static void VerifyScriptBench(benchmark::Bench &bench, ScriptType script_type)
Definition: verify_script.cpp:40
VerifyScriptP2TR_KeyPath
static void VerifyScriptP2TR_KeyPath(benchmark::Bench &bench)
Definition: verify_script.cpp:103
ExpectedWitnessStackSize
static size_t ExpectedWitnessStackSize(ScriptType script_type)
Definition: verify_script.cpp:29
BENCHMARK
BENCHMARK(VerifyScriptP2WPKH)
Generated on Wed May 13 2026 20:00:32 for Bitcoin Core by doxygen 1.9.4