A ScriptPubKey, also known as a locking script, is the piece of Bitcoin Script placed on a transaction output (TXO) that specifies the conditions that must be met to spend the funds it holds. It acts as a cryptographic lock, and only a transaction input containing a valid ScriptSig (unlocking script) that, when combined and executed, returns a TRUE result can unlock and spend the output. This mechanism is the foundation of Bitcoin's programmable money system, enabling various spending conditions beyond simple key ownership.
LABS
Glossary
ScriptPubKey (Locking Script)
A ScriptPubKey is a script attached to a UTXO output that specifies the cryptographic conditions required to authorize its spending.
Chainscore © 2026
definition
BITCOIN SCRIPT
What is ScriptPubKey (Locking Script)?
A technical definition of the cryptographic script that defines how funds can be spent in a Bitcoin transaction.
The most common type is the Pay-to-Public-Key-Hash (P2PKH) script, which locks funds to a specific Bitcoin address. Its format is OP_DUP OP_HASH160 <Public Key Hash> OP_EQUALVERIFY OP_CHECKSIG. To spend it, the spender must provide a signature and the full public key that hashes to the specified value. Other standard forms include Pay-to-Script-Hash (P2SH), which locks to the hash of a redeem script, and Pay-to-Witness-Public-Key-Hash (P2WPKH), the SegWit version of P2PKH that moves the signature data (witness) outside the base transaction.
The execution of a spending attempt involves concatenating the unlocking script (ScriptSig or witness data) with the locking ScriptPubKey and processing the combined script with Bitcoin's stack-based virtual machine. The script can encode complex conditions using opcodes for multi-signature requirements (OP_CHECKMULTISIG), hash locks, time locks (OP_CHECKLOCKTIMEVERIFY, OP_CHECKSEQUENCEVERIFY), or even simple arithmetic. If the final stack contains a single, non-zero TRUE value, the spend is valid.
Understanding ScriptPubKey is essential for developers building wallets, smart contracts, or analyzing the blockchain. It reveals the intended recipient and spending logic of every transaction output. Advanced protocols like Lightning Network channels and discreet log contracts use custom, non-standard locking scripts to enable off-chain agreements and oracles, demonstrating the flexibility of this fundamental Bitcoin primitive.
etymology
TERM BACKGROUND
Etymology and Origin
The term **ScriptPubKey** is a core technical concept in Bitcoin and other UTXO-based blockchains, describing the cryptographic lock placed on transaction outputs.
The term ScriptPubKey is a compound word derived from Script and Public Key. It originates from Bitcoin's scripting system, Script, a Forth-like, stack-based programming language used to define spending conditions. The "PubKey" portion specifies that a primary condition for unlocking the funds is the provision of a valid digital signature from the corresponding private key. A ScriptPubKey is also commonly called a locking script or output script, as it is the script attached to a transaction output that "locks" the value, dictating who can spend it in the future.
The concept emerged directly from Satoshi Nakamoto's Bitcoin whitepaper and the initial codebase, where the pay-to-public-key-hash (P2PKH) transaction type became the standard. In this model, the ScriptPubKey contains a cryptographic hash of the recipient's public key (the address) and opcodes that require a signature and public key to validate. This design decouples the public-facing address from the on-chain script, enhancing privacy and security. The evolution to Pay-to-Script-Hash (P2SH) and later Taproot (P2TR) introduced more complex ScriptPubKey structures that commit to scripts rather than exposing their full logic on-chain.
Understanding the ScriptPubKey is fundamental to grasping the Unspent Transaction Output (UTXO) model. Every UTXO is essentially defined by its ScriptPubKey and a value. When a new transaction is created to spend that UTXO, it must provide a ScriptSig (or witness in SegWit) that, when combined and executed with the referenced ScriptPubKey, results in a TRUE evaluation. This two-script validation system—comparing the locking script (ScriptPubKey) with the unlocking script (ScriptSig)—is the mechanism that enforces ownership and authorization on the blockchain without a central authority.
key-features
LOCKING SCRIPT MECHANICS
Key Features of ScriptPubKey
A ScriptPubKey is the cryptographic lock placed on a transaction output, defining the precise conditions that must be met to spend the funds. It is the core of Bitcoin's programmable money system.
01
Defines Spending Conditions
The ScriptPubKey is a set of instructions that specifies the exact cryptographic proof required to unlock and spend the associated bitcoins. Common patterns include:
- Pay-to-Public-Key-Hash (P2PKH): Requires a digital signature from the holder of a specific public key hash.
- Pay-to-Script-Hash (P2SH): Requires a script that matches a predefined hash, enabling complex, multi-signature schemes.
- Pay-to-Taproot (P2TR): A modern, efficient script that can represent either a single signature or a complex Merkle tree of conditions.
02
Part of Unspent Transaction Output (UTXO)
Every UTXO contains two critical components: a value (amount of bitcoin) and a ScriptPubKey. The ScriptPubKey is the immutable lock attached to that specific value. When a transaction spends a UTXO, it must provide a valid ScriptSig (or Witness data) that, when combined and executed with the ScriptPubKey, returns a 'true' result.
03
Executed in the Bitcoin Script Language
ScriptPubKeys are written in Bitcoin Script, a simple, stack-based, and intentionally non-Turing-complete programming language. When a spending transaction is validated, the network's nodes concatenate the provided unlocking script (ScriptSig/Witness) with the ScriptPubKey and execute the combined script. The transaction is only valid if the final execution leaves a single 'true' value on the stack.
04
Determines Address Format
A blockchain address is a user-friendly, encoded representation of a ScriptPubKey. The encoding includes a version byte that identifies the script type and a checksum. For example:
- A P2PKH address starts with '1'.
- A P2SH address starts with '3'.
- A Native SegWit (P2WPKH) address starts with 'bc1q'.
- A Taproot (P2TR) address starts with 'bc1p'. The address is derived from the hashed script, not the script itself.
05
Enables Programmable Money
Beyond simple payments, complex ScriptPubKeys enable advanced smart contract functionality on Bitcoin. By designing specific locking conditions, developers can create:
- Multi-signature wallets requiring M-of-N signatures.
- Timelocks that prevent spending until a certain block height or timestamp (CheckLockTimeVerify).
- Hashed Timelock Contracts (HTLCs) for cross-chain atomic swaps and the Lightning Network. This turns Bitcoin into a programmable settlement layer.
06
Immutable and Transparent
Once a transaction is confirmed in a block, its ScriptPubKey becomes an immutable part of the blockchain's history. Anyone can audit the spending conditions of any UTXO. This transparency is fundamental to Bitcoin's trustless model—you can verify the rules governing any amount of bitcoin without relying on a third party. The script cannot be altered after confirmation.
how-it-works
BITCOIN SCRIPT
How a ScriptPubKey Works
A ScriptPubKey is the cryptographic lock that secures bitcoin in a transaction output, defining the precise conditions required to spend it.
A ScriptPubKey (also known as a locking script) is the piece of Bitcoin Script attached to a transaction output that defines the conditions required to spend the bitcoin it controls. It acts as a cryptographic lockbox, specifying the rules that a future spender must satisfy, typically by providing a valid digital signature from the rightful owner. This mechanism is the foundation of Bitcoin's programmable money system, enabling not just simple payments but also complex smart contracts.
The most common ScriptPubKey is the Pay-to-Public-Key-Hash (P2PKH) script, which locks funds to a specific Bitcoin address. Its structure requires a spender to provide two pieces of data in a corresponding ScriptSig (unlocking script): a valid digital signature and the original public key. The script validates these by hashing the provided public key and checking it matches the hash in the lock, then verifying the signature. Other standard types include Pay-to-Script-Hash (P2SH) and Pay-to-Witness-Public-Key-Hash (P2WPKH), each with different operational logic and efficiency characteristics.
When a new transaction attempts to spend an output, the Bitcoin node's script interpreter executes a process called script validation. It concatenates the unlocking script (ScriptSig) from the new input with the locking script (ScriptPubKey) from the referenced output and runs the combined script. The spend is only valid if the final execution leaves a single TRUE value on the stack. This deterministic evaluation ensures that only the party who can satisfy the cryptographic conditions can move the funds, enforcing the security model of the UTXO (Unspent Transaction Output) system.
Beyond simple payments, ScriptPubKeys enable advanced functionalities. They can require multi-signature schemes (multisig), where M-of-N signatures are needed. They can also create timelocks using OP_CHECKLOCKTIMEVERIFY or OP_CHECKSEQUENCEVERIFY, making funds unspendable until a certain block height or time has passed. These building blocks allow for escrow, payment channels, and other complex conditional logic, showcasing the flexibility of Bitcoin's scripting language within its intentionally limited design scope.
Understanding ScriptPubKeys is essential for developers building wallets, analyzing blockchain data, or implementing advanced Bitcoin protocols. Each output's script defines not just ownership but also the path to spending, creating a transparent and auditable chain of custody. As the ecosystem evolves with Taproot and Schnorr signatures, the structure and capabilities of locking scripts continue to advance, enabling more private and efficient transaction types while maintaining backward compatibility with this core locking mechanism.
visual-explainer
LOCKING SCRIPT
Visualizing the ScriptPubKey
A detailed exploration of the ScriptPubKey, the fundamental Bitcoin script that defines how funds can be spent.
A ScriptPubKey (also known as a locking script) is the segment of a Bitcoin transaction output that specifies the conditions required to spend the funds it holds. It is a small program written in Bitcoin's stack-based scripting language that acts as a cryptographic lock, and it is the counterpart to the ScriptSig (unlocking script) presented in a future spending transaction. The network validates a spend by executing the ScriptSig and ScriptPubKey together; if the final result is TRUE, the transaction is valid. Common types include the Pay-to-Public-Key-Hash (P2PKH) script, which locks funds to a specific Bitcoin address, and the Pay-to-Script-Hash (P2SH) script, which defers complex logic to a separate redeem script.
To visualize its structure, consider a standard P2PKH ScriptPubKey: OP_DUP OP_HASH160 <Public Key Hash> OP_EQUALVERIFY OP_CHECKSIG. This script encodes a precise verification sequence: it duplicates the public key from the unlocking script, hashes it, compares it to the embedded public key hash, and finally verifies the cryptographic signature. The <Public Key Hash> is the 20-byte RIPEMD-160 hash of the recipient's public key, which is also the core data encoded in a legacy Bitcoin address. This design ensures that only the holder of the corresponding private key can produce a valid ScriptSig to satisfy these conditions.
Beyond simple payments, ScriptPubKeys enable advanced functionalities. A Pay-to-Script-Hash (P2SH) ScriptPubKey, like OP_HASH160 <Redeem Script Hash> OP_EQUAL, locks funds to the hash of a more complex redeem script, enabling multi-signature schemes, timelocks, and other smart contracts. The actual spending conditions are only revealed when the funds are spent. Similarly, Pay-to-Witness-Public-Key-Hash (P2WPKH) and Pay-to-Witness-Script-Hash (P2WSH) are SegWit-native versions that separate the witness data (signatures) from the transaction data, improving scalability and enabling more complex script upgrades like those used in the Lightning Network.
common-types
LOCKING SCRIPTS
Common ScriptPubKey Types
A ScriptPubKey is the locking script in a transaction output that defines the conditions required to spend the funds. It is the counterpart to a ScriptSig (unlocking script).
01
Pay-to-Public-Key-Hash (P2PKH)
The original, most common Bitcoin payment type. It locks funds to the hash of a public key, requiring a signature and the full public key to spend.
- Structure:
OP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG - Address Format: Begins with '1' (Bitcoin mainnet).
- Example: The standard address
1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNauses P2PKH.
02
Pay-to-Script-Hash (P2SH)
Introduced in BIP 16, it locks funds to the hash of a redeem script, not a public key. The spender must provide the redeem script and any signatures it requires.
- Structure:
OP_HASH160 <ScriptHash> OP_EQUAL - Address Format: Begins with '3' (Bitcoin mainnet).
- Use Case: Enables complex spending conditions (multisig, custom logic) while keeping the on-chain footprint small.
03
Pay-to-Witness-Public-Key-Hash (P2WPKH)
A native Segregated Witness (SegWit) script that moves the signature (witness data) outside the transaction base, reducing fees and increasing capacity.
- Structure:
OP_0 <PubKeyHash> - Address Format: Bech32 addresses starting with
bc1q(Bitcoin mainnet). - Benefit: Eliminates transaction malleability and provides a discount on witness data size.
04
Pay-to-Witness-Script-Hash (P2WSH)
The SegWit version of P2SH for complex scripts. It commits to the hash of a witness script, with all witness data (signatures, scripts) provided in the segregated witness field.
- Structure:
OP_0 <WitnessScriptHash> - Address Format: Bech32 addresses (e.g.,
bc1q...). - Use Case: Enables advanced, large multisig setups (e.g., 15-of-15) with lower fees than legacy P2SH.
05
Pay-to-Taproot (P2TR)
Introduced with the Taproot upgrade (BIP 341), it locks funds to a public key that can represent either a single signature (Schnorr) or a complex Merkle tree of scripts (Tapscript).
- Structure:
OP_1 <x-only-pubkey> - Address Format: Bech32m addresses starting with
bc1p. - Benefit: Enhances privacy (all spends look identical), efficiency, and enables advanced smart contract flexibility.
06
Null Data (OP_RETURN)
A provably unspendable script used to embed arbitrary data on the blockchain, as the output can never be spent.
- Structure:
OP_RETURN <data> - Primary Use: Data anchoring, timestamping, and protocol metadata. It is a consensus-safe way to prune non-financial data.
- Limit: Most implementations limit the data payload to 80 bytes.
ecosystem-usage
SCRIPTING
Ecosystem Usage
A ScriptPubKey, or locking script, is the cryptographic condition that must be satisfied to spend a transaction output. It is a fundamental building block for defining ownership and enabling complex logic on the Bitcoin blockchain.
01
Pay-to-Public-Key-Hash (P2PKH)
The most common locking script, which secures funds to a Bitcoin address. It requires the spender to provide a digital signature and the corresponding public key that hashes to the address. This is the standard script for legacy Bitcoin transactions.
- Structure:
OP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG - Example: The address
1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNais a P2PKH address.
02
Pay-to-Script-Hash (P2SH)
A script that locks funds to the hash of a redeem script, rather than specific public keys. This enables complex spending conditions (multisig, custom logic) while keeping the on-chain footprint small. The spender must provide the redeem script and any signatures it requires.
- Key Benefit: Shifts the burden of complex script data from the sender to the spender.
- Standard Format: Begins with
OP_HASH160 <ScriptHash> OP_EQUAL.
03
Pay-to-Witness-Public-Key-Hash (P2WPKH)
A Segregated Witness (SegWit) locking script that moves the witness data (signature) outside the traditional transaction block. It improves scalability and enables signature malleability fixes. The script commits to a 20-byte public key hash.
- Structure:
OP_0 <20-byte-PubKeyHash> - Address Format: Native SegWit addresses starting with
bc1q.
04
Pay-to-Taproot (P2TR)
The most advanced standard locking script introduced with the Taproot upgrade. It can represent either a single-key spend (Schnorr signature) or a complex Merkelized Abstract Syntax Tree (MAST) of conditions, with all possibilities committing to a single, efficient output. This enhances privacy and efficiency.
- Structure:
OP_1 <32-byte-x-only-pubkey> - Address Format: Bech32m addresses starting with
bc1p.
05
Multisignature (Multisig) Scripts
Locking scripts that require signatures from multiple private keys to authorize a spend. Commonly expressed as m-of-n, where m signatures are required from a set of n predefined public keys. These are fundamental for custody solutions and organizational treasuries.
- Common Implementation: Often embedded within a P2SH or P2WSH redeem script.
- Example: A 2-of-3 multisig wallet for a company requires any two of three executives to sign.
06
Null Data (OP_RETURN) Outputs
A special type of provably unspendable output used to embed arbitrary data on the blockchain. Its ScriptPubKey begins with OP_RETURN, which causes the script to fail immediately, ensuring the output can never be spent. This is used for data anchoring, timestamps, and asset protocols.
- Key Constraint: Standard policy limits data to 80 bytes.
- Use Case: Storing cryptographic commitments or proof-of-existence hashes.
security-considerations
SCRIPT PUBKEY
Security Considerations
The ScriptPubKey, or locking script, defines the conditions that must be met to spend a transaction output. Its security properties are fundamental to Bitcoin and UTXO-based blockchain integrity.
01
Immutable Spending Conditions
Once a UTXO is created, its ScriptPubKey is cryptographically committed to the blockchain and cannot be altered. This immutability prevents unauthorized changes to spending rules, but it also means any bug or vulnerability in the script is permanent for that output. Developers must audit scripts before deployment, as there is no mechanism for patching or upgrading a locking script after the fact.
02
Script Complexity & Attack Surface
While Pay-to-PubKey-Hash (P2PKH) and Pay-to-Script-Hash (P2SH) are standard and well-audited, custom or complex scripts increase the attack surface. Potential risks include:
- Logic flaws that allow unintended spending paths.
- Resource exhaustion via scripts that require excessive validation time or memory (addressed by consensus rules like script size limits and OP codes).
- Increased potential for signature malleability in non-standard scripts.
03
Address & Script Confusion
A common security pitfall is confusing a Bitcoin address (a derived, human-readable representation) with the underlying ScriptPubKey. Funds sent to an address generated from a compromised or incorrectly implemented script library will be permanently locked. Wallets and services must ensure the address generation process correctly derives the intended script type (e.g., P2PKH, P2SH, P2WPKH).
04
Quantum Resistance Considerations
Standard Pay-to-PubKey-Hash (P2PKH) scripts reveal the public key when spent, making them vulnerable to a future, large-scale quantum computer that could derive the private key. Pay-to-Script-Hash (P2SH) and Pay-to-Witness-Script-Hash (P2WSH) can provide a layer of defense, as the spending conditions (and thus the public key) are only revealed at spend time, narrowing the attack window.
05
Interaction with Signing Devices
Hardware wallets and other signing devices must correctly parse the ScriptPubKey of the UTXO being spent to determine the required signature type. A maliciously crafted or non-standard script could trick a device into signing an unintended transaction. Secure devices validate the script structure before signing to prevent this class of attack.
06
Dust and Unspendable Outputs
Creating UTXOs with non-standard or erroneous ScriptPubKeys can lead to unspendable outputs, permanently removing BTC from circulation. Similarly, dust outputs (extremely low-value UTXOs) with complex scripts may become unspendable if the transaction fee required to spend them exceeds their value. This can be used in denial-of-service attacks by bloating the UTXO set.
BITCOIN SCRIPT COMPONENTS
ScriptPubKey vs. ScriptSig / Witness
A comparison of the three core script components that define spending conditions and authorization in Bitcoin transactions.
| Feature | ScriptPubKey (Locking Script) | ScriptSig (Legacy) | Witness (SegWit) |
|---|---|---|---|
Primary Function | Defines the spending condition (who can spend) | Provides the authorization to spend (signature, keys) | Provides the authorization to spend (signature, keys) |
Transaction Location | Output of a previous transaction | Input of the spending transaction | Separate witness field, not in txid calculation |
Data Included | Public key hash, script hash, or complex script | Digital signature(s) and possibly public key(s) | Digital signature(s), public key(s), and/or script data |
Script Execution | Evaluated second (after ScriptSig/Witness is placed) | Evaluated first (its data is placed into the ScriptPubKey) | Evaluated first (its data is placed into the ScriptPubKey) |
Transaction Malleability | Immutable once created | Contributed to transaction malleability issue | Solved transaction malleability by being segregated |
Block Space Usage | Counts toward block size limit | Counts toward block size limit | Discounted (counts as 1/4 weight for v0 witness) |
Standard Types | P2PKH, P2SH, P2WPKH, P2WSH, P2TR | Corresponding signature for P2PKH or P2SH | Corresponding witness for P2WPKH, P2WSH, or P2TR |
SCRIPT PUBKEY
Common Misconceptions
The ScriptPubKey, or locking script, is a fundamental but often misunderstood component of Bitcoin and UTXO-based blockchains. This section clarifies its precise role, technical function, and common points of confusion.
No, a ScriptPubKey is not the same as a Bitcoin address; it is the cryptographic script that an address encodes. A Bitcoin address (e.g., bc1q...) is a user-friendly, encoded representation of a ScriptPubKey. When you send funds to an address, your wallet software decodes it to construct the precise locking script that will be placed on the output. The address is for human interaction, while the ScriptPubKey is the actual on-chain logic that defines the spending conditions.
SCRIPTING
Frequently Asked Questions (FAQ)
A technical deep dive into the ScriptPubKey, the fundamental component that defines who can spend a transaction output in Bitcoin and related blockchains.
A ScriptPubKey (or locking script) is a piece of Bitcoin Script attached to a transaction output that defines the conditions required to spend it. It acts as a cryptographic lock, specifying the recipient's address and the rules for unlocking the funds, such as requiring a valid digital signature from a specific public key. When a subsequent transaction attempts to spend these funds, it must provide a matching ScriptSig (unlocking script) that satisfies the conditions set by the ScriptPubKey, enabling the network to validate the spending transaction's legitimacy.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall