Bitcoin P2PKH transaction locking and unlocking scripts

Bitcoin P2PKH transaction locking and unlocking scripts
Bitcoin P2PKH transaction locking and unlocking scripts

Written by Massimo Musumeci


transaction locking and unlocking script bitcoin

Lock and Unlock

What are locking and unlocking script in a standard P2PKH transaction? How funds can be moved on the blockchain from an owner to another and what this really means.

First of all. Bitcoin addresses (for example the standard ones, which starts with 1) are double hashes of public key. So when you are sending an amount of bitcoin to an address, your wallet is creating a transaction on background and this transaction will have a special script. For example if i want to send bitcoin to the address 1XXX belonging to Bob, my wallet will create a transaction with an output with a locking script in it.

What is the locking script (scriptPubKey) ?

The locking script is a script in bitcoin scripting language which says: check that whoever wants to redeem this amount of bitcoin presents: 1) a public key that when double hashed matches the address i am going to send money to AND 2) a signature that can be validated against the public key which has been just double hashed. This is a Pay To Public Key Hash script (P2PKH).

The transaction it’s like to say: i am locking this amount of bitcoin to a P2PKH address locking script that would match this address. Therefore money will be locked against that script. if the recipient (the person who owns that address) wants to spend such an amount, he has to present an unlocking script that combined with the locking script, unlocks the amount (execution will return TRUE).

For the above mentioned reasons a transaction can be seen as a collection of inputs and outputs. Inputs refer to previously created UTXOs (in previous transactions), while outputs generate new ones. Therefore, when creating a transaction each input spends an UTXO and each outputs creates a new one.

The unlocking script (scriptSig or witness) is built by the public key he owns + the signature he can generate with his private key. Only one has the private key can therefore produce the correct unlocking script.

Together the locking and unlocking script allow to “send” money to someone who can show ownership of that bitcoin address. And the person who owns the corresponding private key is the only person who can construct the unlocking script that fits that locking script in order to release that money in their own transaction to pay someone else.

the simplest transaction is composed by just one input and one output and looks like:

  • one input: unlock this amount
  • one output: lock it to a different script

In reality bitcoin is never moved, never goes anywhere. Bitcoin is just locked and unlocked. The only change that we achieve when we make a transaction is who can spend that amount.

All transactions are validated by all bitcoin validating nodes, by the execution of locking and unlocking scripts together. Infact each input contains an unlocking script and refers to an existing UTXO. What will the node do then, for validation purposes?

  • copy the unlocking script from transaction input
  • retrieve the utxo referenced by the input
  • copy the locking script in that utxo
  • execute in sequence the unlocking and locking script

if all above matches, the input is validated and that utxo can be spent and therefore locked into the transaction. Only a valid transaction that satisfies the locking script conditions results in the output to be considered spent and so removed from the utxo set.

The script as a stack

We spoke about bitcoin scripting language. This scriping language is often referred as a stack, which can allow two operations: push which adds items on top of the stack and pull which removes items from the top. Operations are executed only on the top of the stack. If the final result of the script is TRUE, then the transaction will be valid.

Let’s imagine a payment from Alice to Bob (meaning a payment to a P2PKH address of Bob). Alice must create a transaction output where the locking script looks like:


this script can be satisfied by BOB with an unlocking script of this form:

<BOB sig> <BOB pubKey>

so the validation would concatenate unlocking and locking script together (after a change in 2010 those script are executed separately but in sequence and the stack transferred between the two executions):


this must finally return TRUE for the validation to be successful. This validation occurrs when Bob would use that output to create a new transaction to someone else and therefore unlock the funds for being spent.


bitcoin is never moved. is just locked and unlocked. the only change is who can spend that amount.

Follow Us

Follow us on social network to be updated about the last security and privacy tips.

Subscribe free resources

We provide many resources for free. To all our subscribers, free eBooks, howtos, tutorials and much more.


Related Articles

Riga Baltic Honey Badger 2023

Riga Baltic Honey Badger 2023

Want to be really involved in Bitcoin environment with News, info, speeches, meetings and much more? The you must come to the Riga Baltic Honey...

About The Author

Massimo Musumeci

Physicist (MSc), OS specialist, cryptography and security researcher, system administrator with over 25 years experience in the field of security. Partner of companies and public institutions for online business and new technologies development. Supports and works to achieve a free, open, censorship-resistant and privacy-oriented technological and financial world based on Bitcoin. Reach and support on my patreon support page.

Patreon support

(Bitcoin) Security & Freedom group (italiano)



Sats Mobi

Donate to support research

Support now with Lightning!

Donate and Support massmux research

Bitcoin Only Swiss Exchange

Subscribe to Newsletter