Bitcoin Core 31.99.0
P2P Digital Currency
verify_script.cpp
Go to the documentation of this file.
1// Copyright (c) 2016-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <addresstype.h>
6#include <bench/bench.h>
7#include <coins.h>
8#include <key.h>
9#include <policy/policy.h>
10#include <primitives/transaction.h>
11#include <pubkey.h>
12#include <script/interpreter.h>
13#include <script/script.h>
14#include <span.h>
15#include <test/util/transaction_utils.h>
16#include <uint256.h>
17#include <util/translation.h>
18
19#include <array>
20#include <cassert>
21#include <cstdint>
22#include <vector>
23
24enum class ScriptType {
25 P2WPKH, // segwitv0, witness-pubkey-hash (ECDSA signature)
26 P2TR_KeyPath, // segwitv1, taproot key-path spend (Schnorr signature)
27 P2TR_ScriptPath, // segwitv1, taproot script-path spend (Tapscript leaf with a single OP_CHECKSIG)
28};
29
30static size_t ExpectedWitnessStackSize(ScriptType script_type)
31{
32 switch (script_type) {
33 case ScriptType::P2WPKH: return 2; // [pubkey, signature]
34 case ScriptType::P2TR_KeyPath: return 1; // [signature]
35 case ScriptType::P2TR_ScriptPath: return 3; // [signature, tapscript, control block]
36 } // no default case, so the compiler can warn about missing cases
37 assert(false);
38}
39
40// Microbenchmark for verification of standard scripts.
41static void VerifyScriptBench(benchmark::Bench& bench, ScriptType script_type)
42{
43 ECC_Context ecc_context{};
44
45 // Create deterministic key material needed for output script creation / signing
46 CKey privkey;
47 privkey.Set(uint256::ONE.begin(), uint256::ONE.end(), /*fCompressedIn=*/true);
48 CPubKey pubkey = privkey.GetPubKey();
49 XOnlyPubKey xonly_pubkey{pubkey};
50 CKeyID key_id = pubkey.GetID();
51
52 FlatSigningProvider keystore;
53 keystore.keys.emplace(key_id, privkey);
54 keystore.pubkeys.emplace(key_id, pubkey);
55
56 // Create crediting and spending transactions with provided input type
57 const auto dest{[&]() -> CTxDestination {
58 switch (script_type) {
59 case ScriptType::P2WPKH: return WitnessV0KeyHash(pubkey);
60 case ScriptType::P2TR_KeyPath: return WitnessV1Taproot(xonly_pubkey);
61 case ScriptType::P2TR_ScriptPath:
62 TaprootBuilder builder;
63 builder.Add(0, CScript() << ToByteVector(xonly_pubkey) << OP_CHECKSIG, TAPROOT_LEAF_TAPSCRIPT);
64 builder.Finalize(XOnlyPubKey::NUMS_H); // effectively unspendable key-path
65 const auto output{builder.GetOutput()};
66 keystore.tr_trees.emplace(output, builder);
67 return output;
68 } // no default case, so the compiler can warn about missing cases
69 assert(false);
70 }()};
71 const CMutableTransaction& txCredit = BuildCreditingTransaction(GetScriptForDestination(dest), 1);
72 CMutableTransaction txSpend = BuildSpendingTransaction(/*scriptSig=*/{}, /*scriptWitness=*/{}, CTransaction(txCredit));
73
74 // Sign spending transaction, precompute transaction data
75 PrecomputedTransactionData txdata;
76 {
77 const std::map<COutPoint, Coin> coins{
78 {txSpend.vin[0].prevout, Coin(txCredit.vout[0], /*nHeightIn=*/100, /*fCoinBaseIn=*/false)}
79 };
80 std::map<int, bilingual_str> input_errors;
81 bool complete = SignTransaction(txSpend, &keystore, coins, {.sighash_type = SIGHASH_ALL}, input_errors);
82 assert(complete);
83 // Weak sanity check on witness data to ensure we produced the intended spending type
84 assert(txSpend.vin[0].scriptWitness.stack.size() == ExpectedWitnessStackSize(script_type));
85 txdata.Init(txSpend, /*spent_outputs=*/{txCredit.vout[0]});
86 }
87
88 // Benchmark.
89 bench.unit("script").run([&] {
90 ScriptError err;
91 bool success = VerifyScript(
92 txSpend.vin[0].scriptSig,
93 txCredit.vout[0].scriptPubKey,
94 &txSpend.vin[0].scriptWitness,
95 STANDARD_SCRIPT_VERIFY_FLAGS,
96 MutableTransactionSignatureChecker(&txSpend, 0, txCredit.vout[0].nValue, txdata, MissingDataBehavior::ASSERT_FAIL),
97 &err);
98 assert(err == SCRIPT_ERR_OK);
99 assert(success);
100 });
101}
102
103static void VerifyScriptP2WPKH(benchmark::Bench& bench) { VerifyScriptBench(bench, ScriptType::P2WPKH); }
104static void VerifyScriptP2TR_KeyPath(benchmark::Bench& bench) { VerifyScriptBench(bench, ScriptType::P2TR_KeyPath); }
105static void VerifyScriptP2TR_ScriptPath(benchmark::Bench& bench) { VerifyScriptBench(bench, ScriptType::P2TR_ScriptPath); }
106
107static void VerifyNestedIfScript(benchmark::Bench& bench)
108{
109 std::vector<std::vector<unsigned char>> stack;
110 CScript script;
111 for (int i = 0; i < 100; ++i) {
112 script << OP_1 << OP_IF;
113 }
114 for (int i = 0; i < 1000; ++i) {
115 script << OP_1;
116 }
117 for (int i = 0; i < 100; ++i) {
118 script << OP_ENDIF;
119 }
120 bench.unit("script")
121 .setup([&] { stack.clear(); })
122 .run([&] {
123 ScriptError error;
124 const bool ret{EvalScript(stack, script, /*flags=*/0, BaseSignatureChecker(), SigVersion::BASE, &error)};
125 assert(ret && error == SCRIPT_ERR_OK);
126 });
127}
128
129BENCHMARK(VerifyScriptP2WPKH);
130BENCHMARK(VerifyScriptP2TR_KeyPath);
131BENCHMARK(VerifyScriptP2TR_ScriptPath);
132BENCHMARK(VerifyNestedIfScript);
GetScriptForDestination
CScript GetScriptForDestination(const CTxDestination &dest)
Generate a Bitcoin scriptPubKey for the given CTxDestination.
Definition: addresstype.cpp:166
CTxDestination
std::variant< CNoDestination, PubKeyDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessV1Taproot, PayToAnchor, WitnessUnknown > CTxDestination
A txout script categorized into standard templates.
Definition: addresstype.h:143
ret
int ret
Definition: bitcoin-cli.cpp:1691
ecc_context
ECC_Context ecc_context
Definition: bitcoin-wallet.cpp:127
CKey
An encapsulated private key.
Definition: key.h:37
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:182
CKey::Set
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:105
CKeyID
A reference to a CKey: the Hash160 of its serialized public key.
Definition: pubkey.h:24
CPubKey
An encapsulated public key.
Definition: pubkey.h:34
CPubKey::GetID
CKeyID GetID() const
Get the KeyID of this public key (hash of its serialization)
Definition: pubkey.h:160
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:406
CTransaction
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:281
Coin
A UTXO entry.
Definition: coins.h:35
ECC_Context
RAII class initializing and deinitializing global state for elliptic curve support.
Definition: key.h:327
TaprootBuilder
Utility class to construct Taproot outputs from internal key and script tree.
Definition: signingprovider.h:62
TaprootBuilder::GetOutput
WitnessV1Taproot GetOutput()
Compute scriptPubKey (after Finalize()).
Definition: signingprovider.cpp:472
TaprootBuilder::Add
TaprootBuilder & Add(int depth, std::span< const unsigned char > script, int leaf_version, bool track=true)
Add a new script at a certain depth in the tree.
Definition: signingprovider.cpp:438
TaprootBuilder::Finalize
TaprootBuilder & Finalize(const XOnlyPubKey &internal_key)
Finalize the construction.
Definition: signingprovider.cpp:461
XOnlyPubKey::NUMS_H
static const XOnlyPubKey NUMS_H
Nothing Up My Sleeve point H Used as an internal key for provably disabling the key path spend see BI...
Definition: pubkey.h:235
ankerl::nanobench::Bench
Main entry point to nanobench's benchmarking facility.
Definition: nanobench.h:633
ankerl::nanobench::Bench::run
Bench & run(char const *benchmarkName, Op &&op)
Repeatedly calls op() based on the configuration, and performs measurements.
Definition: nanobench.h:1292
ankerl::nanobench::Bench::unit
Bench & unit(char const *unit)
Sets the operation unit.
ankerl::nanobench::Bench::setup
detail::SetupRunner< SetupOp > setup(SetupOp setupOp)
Configure an untimed setup step per epoch (forces single-iteration epochs).
Definition: nanobench.h:1286
uint256::ONE
static const uint256 ONE
Definition: uint256.h:205
EvalScript
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, script_verify_flags flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptExecutionData &execdata, ScriptError *serror)
Definition: interpreter.cpp:417
VerifyScript
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, const CScriptWitness *witness, script_verify_flags flags, const BaseSignatureChecker &checker, ScriptError *serror)
Definition: interpreter.cpp:2012
SigVersion::BASE
@ BASE
Bare scripts and BIP16 P2SH-wrapped redeemscripts.
TAPROOT_LEAF_TAPSCRIPT
static constexpr uint8_t TAPROOT_LEAF_TAPSCRIPT
Definition: interpreter.h:243
SIGHASH_ALL
@ SIGHASH_ALL
Definition: interpreter.h:32
MissingDataBehavior::ASSERT_FAIL
@ ASSERT_FAIL
Abort execution through assertion failure (for consensus code)
STANDARD_SCRIPT_VERIFY_FLAGS
static constexpr script_verify_flags STANDARD_SCRIPT_VERIFY_FLAGS
Standard script verification flags that standard transactions will comply with.
Definition: policy.h:118
SignTransaction
void SignTransaction(CMutableTransaction &mtx, const SigningProvider *keystore, const std::map< COutPoint, Coin > &coins, const UniValue &hashType, UniValue &result)
Sign a transaction with the given keystore and previous transactions.
Definition: rawtransaction_util.cpp:311
OP_IF
@ OP_IF
Definition: script.h:105
OP_CHECKSIG
@ OP_CHECKSIG
Definition: script.h:191
OP_ENDIF
@ OP_ENDIF
Definition: script.h:110
OP_1
@ OP_1
Definition: script.h:84
ToByteVector
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:68
ScriptError
enum ScriptError_t ScriptError
SCRIPT_ERR_OK
@ SCRIPT_ERR_OK
Definition: script_error.h:13
InputType::P2WPKH
@ P2WPKH
CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:358
CMutableTransaction::vout
std::vector< CTxOut > vout
Definition: transaction.h:360
CMutableTransaction::vin
std::vector< CTxIn > vin
Definition: transaction.h:359
FlatSigningProvider::pubkeys
std::map< CKeyID, CPubKey > pubkeys
Definition: signingprovider.h:238
FlatSigningProvider::keys
std::map< CKeyID, CKey > keys
Definition: signingprovider.h:240
FlatSigningProvider::tr_trees
std::map< XOnlyPubKey, TaprootBuilder > tr_trees
Definition: signingprovider.h:241
BuildSpendingTransaction
CMutableTransaction BuildSpendingTransaction(const CScript &scriptSig, const CScriptWitness &scriptWitness, const CTransaction &txCredit)
Definition: transaction_utils.cpp:26
BuildCreditingTransaction
CMutableTransaction BuildCreditingTransaction(const CScript &scriptPubKey, int nValue)
Definition: transaction_utils.cpp:10
transaction_utils.h
assert
assert(!tx.IsCoinBase())
ScriptType
ScriptType
Definition: verify_script.cpp:24
ScriptType::P2TR_KeyPath
@ P2TR_KeyPath
ScriptType::P2WPKH
@ P2WPKH
ScriptType::P2TR_ScriptPath
@ P2TR_ScriptPath
VerifyNestedIfScript
static void VerifyNestedIfScript(benchmark::Bench &bench)
Definition: verify_script.cpp:107
VerifyScriptP2TR_ScriptPath
static void VerifyScriptP2TR_ScriptPath(benchmark::Bench &bench)
Definition: verify_script.cpp:105
VerifyScriptP2WPKH
static void VerifyScriptP2WPKH(benchmark::Bench &bench)
Definition: verify_script.cpp:103
VerifyScriptBench
static void VerifyScriptBench(benchmark::Bench &bench, ScriptType script_type)
Definition: verify_script.cpp:41
VerifyScriptP2TR_KeyPath
static void VerifyScriptP2TR_KeyPath(benchmark::Bench &bench)
Definition: verify_script.cpp:104
ExpectedWitnessStackSize
static size_t ExpectedWitnessStackSize(ScriptType script_type)
Definition: verify_script.cpp:30
BENCHMARK
BENCHMARK(VerifyScriptP2WPKH)
Generated on Tue Jun 2 2026 20:00:30 for Bitcoin Core by doxygen 1.9.4