JOVANA
Library Glossary Getting Started Three Levels Fields How it works Mission
Join the mission
All guides

Script: What Bitcoin Can and Can't Do

Every coin you spend on Bitcoin is locked by a tiny program. Meet Script — the deliberately limited language that decides who can unlock the money, and why it was kept small on purpose.

A coin locked in a tiny puzzle box

Picture a left-luggage locker with a clever twist: instead of a fixed key, each locker comes with a little riddle printed on the door. Anyone who can answer the riddle gets to open it. Most riddles are simple — *"prove you own the matching key"* — but the locker maker could, in principle, print stranger ones.

This is almost exactly how Bitcoin works. Every coin you hold is really an unspent output sitting on the chain, and each one carries a small program — a locking script — that states the riddle. To spend it, you supply an unlocking script: your answer. The network runs the two scripts together, and if they finish with a thumbs-up, the coin is yours to move. The language these riddles are written in is called Script.

How Script runs: a stack of plates

Script is a stack-based language, and a stack is just a pile of plates: you only ever add a plate on top (push) or take the top one off (pop). The script is a list of instructions read left to right. Some instructions push data — a number, a signature, a key. Others are opcodes that pop a plate or two, do something, and push the result back.

To check a spend, the node lays your unlocking script first, then the locking script after it, and runs the whole thing. The rule at the end is delightfully simple: if the top plate is "true" (a non-zero value), the coin unlocks. If the stack ends empty, false, or the script hit a forbidden move, the spend is rejected.

unlocking:  <push 3>  <push 4>
locking:    OP_ADD  <push 7>  OP_EQUAL

stack walk-through (top is rightmost):
  push 3      -> [ 3 ]
  push 4      -> [ 3, 4 ]
  OP_ADD      -> [ 7 ]        # pop 3 and 4, push 3+4
  push 7      -> [ 7, 7 ]
  OP_EQUAL    -> [ true ]     # pop both, equal? push true

Top plate is true -> coin unlocks.
A toy locking script: "unlock me if you know two numbers that add to 7."

The everyday riddle: pay-to-public-key-hash

Almost all real coins use one standard riddle, pay-to-public-key-hash (P2PKH). In plain words it says: *"To spend me, show a public key that hashes to this address, and a valid signature from its matching private key."* It binds the coin to one owner without ever revealing the public key until spend time — a neat privacy and safety win.

locking   (on the coin):
  OP_DUP  OP_HASH160  <pubKeyHash>  OP_EQUALVERIFY  OP_CHECKSIG

unlocking (you provide):
  <signature>  <pubKey>

idea:
  1. duplicate your pubKey, hash it
  2. EQUALVERIFY: must match the address baked in
  3. CHECKSIG: signature must be valid for that key
all pass -> true -> spend allowed
Pay-to-public-key-hash: prove the key matches the address, then sign.

Notice how little the riddle actually does: duplicate, hash, compare, verify a signature. No loops, no "if the price is above X," no calling out to the internet. That spareness is not a missing feature — it is the whole point, as the next section explains.

Small on purpose: no loops, no surprises

Script is deliberately not Turing-complete. In particular it has no loops and no jumps backward — a script always runs in a straight, finite line and then stops. This sounds like a weakness, but it buys two priceless guarantees. First, every node knows a script will finish quickly; there is no way to write one that runs forever and freezes the network. Second, the cost of checking a transaction is predictable before you run it.

Even so, Script is more than one-owner riddles. A popular pattern is multisig — "M-of-N keys must sign." A shared business wallet might lock funds so that any 2 of 3 company directors are needed to release them, removing any single point of failure. The riddle simply collects several signatures and counts the valid ones.

2-of-3 multisig locking script:
  OP_2  <pubKey_A>  <pubKey_B>  <pubKey_C>  OP_3  OP_CHECKMULTISIG

unlocking (any two valid signatures):
  OP_0  <sig_from_A>  <sig_from_C>

meaning:
  "release the coin only if at least 2 of
   these 3 named keys each sign."

(the leading OP_0 is a dummy: OP_CHECKMULTISIG has an
 old off-by-one bug that pops one extra item.)
Multisig: a shared coin that takes two of three keys to move.

The ceiling — and the bridge to Ethereum

Multisig and a handful of time-lock and hash-lock tricks are roughly the limit of what plain Script expresses. You cannot write "pay out only if a team wins the match," or "split this rent among ten tenants every month," or "run a small lending market." Script can guard a coin with a clever lock, but it cannot host an ongoing, stateful program that holds funds and reacts over time.

That ceiling is exactly what motivated the next big idea. If a coin can carry a *little* program, why not a full one — with loops, memory, and the freedom to express any rule at all? That question gave us the smart contract and the networks built around it. Bitcoin chose a tight, ultra-safe lock; the next track chooses raw programmability and manages the new risks differently.