Last week on the train back to my parents’ place for Christmas I decided to follow @wmougayar’s example and read a couple of landmark Bitcoin and cryptocurrency papers. If you’re interested, William’s list is here and includes an interesting cross section of topics. Out of the list, Satoshi’s original paper Bitcoin: A Peer-to-Peer Electronic Cash System helped clarify the specifics of how Bitcoin works and why it has potential to be incredibly important. At nine pages including graphics and footnotes it’s both short and accessible so if you’re on the fence just go read it.
After reading the paper and following down the Bitcoin wiki rabbit hole I rediscovered the Script page on the Bitcoin wiki. Disregarding some cases, one of the key features of a blockchain is that new transactions must contain inputs from a previous transaction. With Bitcoin specifically, in order to use the output of a previous transaction you need to supply inputs that cause the previous output’s “Script” to evaluate to true. The Bitcoin wiki has a more eloquent explanation but at a high level this scripting functionality theoretically allows the Bitcoin blockchain to be used for things like:
- Contracts including an external Oracle. To my knowledge this has not yet been implemented.
- m-of-n / multisig transactions – requiring at least some number of private keys to be present. This has been implemented with varying degrees of wallet support.
- Securely and permanently storing arbitrary data inside the blockhain. Implemented and what we’re interested in!
So stepping back a bit why would you want to store data inside the blockchain? As it turns out the blockchain has a few properties that make this an attractive proposition. First off, because of the public/private key cryptography scheme it’s only possible to “spend” the coins in an address if you know the address’ corresponding private key. Concretely, assuming that private keys remain secret I can’t create a transaction using an address that you control as an input and viceversa. So by creating a successful transaction you can vouch for the fact that you do in fact own a private key which may have in turn been used to sign an email to me, been used to buy a beer at a bar, and so on.
Next, once a Bitcoin transaction has a sufficient number of confirmations the data contained within it is effectively immutable. So for a nominal fee you can create something that is “set in stone”. In comparison, creating and running a similar system from scratch would be extremely expensive. And finally, the blockchain is distributed so thousands of machines have a copy of what’s happened. Barring exceptional circumstances, you’ll have access to the data even if a high percentage of nodes fail.
For all of this to “click” you’ll need an overall understanding of how Bitcoin transactions work under the bonnet. Ken Shriff has an excellent write up at Bitcoins the hard way: Using the raw Bitcoin protocol explaining what pieces go into creating a raw Bitcoin transaction. What makes an OP_RETURN output special is that the OP_RETURN keyword immediately marks the output as nonspendable while also accepting a second parameter of up to 40 bytes. That second parameter is where we’re going to stick our immutable data and since the output isn’t spendable creating this transaction won’t cost any coin.
As much as I love getting my hands dirty I decided to cheat a bit and use bitcoinjs-lib to build the transaction and then Chain to push it to the Bitcoin network. As it turns out, it’s possible to use bitcoinjs-lib in a browser via Browserify but you’ll need to hand modify the output to export “Buffer”. I have a “Dashboard” setup at http://code.setfive.com/btcscript/ with this all set up and it’s viewable on GitHub at https://github.com/Setfive/setfive.github.com/tree/master/btcscript. To use this, you’ll need a private key in WIF (Wallet Interchange Format) for an address with coins or you can generate keys and fund the address.
From there, you’ll need to take the following steps:
- Make sure the private key field is populated
- Under “Check Address” click “Refresh” to get the info about the public address
- If there are any unspent transactions, click one to use it in the new transaction
- If you want to actually send some Satoshi fill in a destination address and amount
- Otherwise, you can enter up to 40 bytes of data in the OP_RETURN field
- Click “Send” and you should see the transaction ID that was created
- You can view the details for the transaction on https://blockchain.info/
I created a transaction using 1vaRGdVr9pqr9kEqJLoSMdN5MsjXBUrTN and if you can see the details at 1f5d645dde93a663427c60b3fb7d139f37343446e39a9d97bf56c4138083b109. If you scroll to the bottom under “Output Scripts” you’ll see the full output Scripts along with the data I included with the OP_RETURN keyword. Additionally, the guys at coinsecrets.org are tracking transactions with OP_RETURN outputs so your transaction should appear there.
Anyway, that’s how OP_RETURN works. We’re hacking away on Bitcoin Scripts in general and will follow up with a post soon.