5
BIP0016 says "Validation fails if there are any operations other than "push data" operations in the scriptSig".
What does it mean "push data operations"? OP_CHECKMULTISIG seems to be allowed but does not look like "push data" to me.
BIP0016 pay-to-scripthash transaction validation
Answers
1
What does it mean "push data operations"?
Push data operations are when a script pushes a byte vector into the stack. Examples are pushing signatures, public keys, or scripts. It excludes all script opcodes apart from OP_PUSHDATA1, OP_PUSHDATA2, OP_PUSHDATA3.
OP_CHECKMULTISIG seems to be allowed but does not look like "push data" to me. OP_CHECKMULTISIG is an opcode, however, since it's actually contained in a byte vector. You are pushing a full script to the stack, instead of just pushing the opcode.
So, if you look at a P2SH scriptSig:
...signatures... {scriptLength}{script}
You'll see that OP_CHECKMULTISIG is contained within {script} instead of being directly executed by whatever is parsing the scriptSig.
0
Like Pieter Wuille mentions, there is a difference between the scriptPubKey and the scriptSig script.
When a transaction is made, every output has it's own scriptPubKey script that specifies the condition to spend the output. Standard pay-to-address transactions have a script that can be interpreted as "sign this hash with the private key that corresponds to this address".
To spend the output, one must include it as an input in a new transaction. But to fulfil the output script, you will need to pass data as input to the script, mostly this is a signature. This data is passed in the scriptSig script.
The wiki page on the scripting concept will probably help you understand it.
1Yes, I know how scripts work, but note this question is specifically about BIP0016. The question arised because OP_CHECKMULTISIG is in scriptSig (actually, in its inner serialized script) so it still applies. I guess the answer is: "the restriction only applies to the outer non-serialized scriptSig", is that correct? – kaoD – 2014-01-08T18:14:43.970
You probably refer to this example scriptSig: [signature] {[pubkey] OP_CHECKSIG}. I think the curly brackets mean that the result of the operation between them is included. So it has 2 data elements. The signature and the result. But I'm not entirely sure of it, I didn't read the whole BIP. If the answer appears irrelevant, I'll remove it, just to thought you were confusing the two different script types. – Steven Roose – 2014-01-08T21:30:20.633
1The scriptSig contains 2 push operations: one with the signature, one with the serialized script. The scriptSig itself only contains pushes. Obviously, one of those pushes contains the actual script, but it's still just a push. – Pieter Wuille – 2014-08-06T20:04:56.773
0
In the "Pay to Script Hash", ScriptSig looks like this
...signatures... {serialized script}
and ScriptPubKey is
OP_HASH160 [20-byte-hash-value] OP_EQUAL
You have to understand that {serialized script} in the ScriptSig is initially treated as a constant that just gets pushed onto the data stack. So even if {serialized script} is {[pubkey] OP_CHECKSIG}, as mentioned later in BIP16 as an example, it will not fail validation because the OP_CHECKSIG is not treated as an operation, it is just part of a constant.
Note that there are two validation steps in "Pay to Script Hash". The first step is where {serialized script} is treated as a constant and the rest of the script makes sure that the [20-byte-hash-value] is indeed the hash of {serialized script}.
The second validation step occurs when the first validation step succeeds, and in the words of BIP16
{serialized script} is popped off the initial stack, and the transaction is validated again using the popped stack and the deserialized script as the scriptPubKey.
If you are still confused, I have written a beginner friendly article that explains how "Pay to Script Hash" works and walks through the execution of an example script in an article here:
http://kaykurokawa.blogspot.com/2014/07/scripting-in-bitcoin-part-2.html
1Note that the rule is about the scriptSig, not the scriptPubKey. The former contains the data that is passed to the latter. – Pieter Wuille – 2014-01-08T09:19:18.100