TERM_DEF // MODULE_7_P2PKH / P2PKH
P2PKH
P2PKH. Pay-to-Public-Key-Hash — the most common Bitcoin address type.
P2PKH (Pay-to-Public-Key-Hash) is the script template behind every Bitcoin address starting with '1'. The scriptPubKey locks funds to the HASH160 of a public key. To spend, the owner provides their signature and public key; the script verifies the public key hashes to the expected value and the signature is valid. P2PKH improves on P2PK by hiding the public key until spend time.
This page sits in the Module 7 — P2PKH section — Vocabulary introduced in the P2PKH module. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
P2PKH (Pay-to-Public-Key-Hash) is the script template behind every Bitcoin address starting with '1'. The scriptPubKey locks funds to the HASH160 of a public key. To spend, the owner provides their signature and public key; the script verifies the public key hashes to the expected value and the signature is valid. P2PKH improves on P2PK by hiding the public key until spend time.
This page sits in the Module 7 — P2PKH section — Vocabulary introduced in the P2PKH module. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
WHAT_P2PKH_IS
P2PKH — at a glance
MODULE 7
P2PKH (Pay to Public Key Hash) is Bitcoin's original standard locking script. The output commits to the HASH160 of a public key; to spend, the signer reveals the public key plus a valid signature.
P2PKH (Pay-to-Public-Key-Hash) is the script template behind every Bitcoin address starting with '1'. The scriptPubKey locks funds to the HASH160 of a public key. To spend, the owner provides their signature and public key; the script verifies the public key hashes to the expected value and the signature is valid. P2PKH improves on P2PK by hiding the public key until spend time.
Why it exists
DESIGN
Bitcoin needed programmable money. A flat "pay address X" rule would have been too rigid — no multisig, no time-locks, no hashed commitments, no Lightning. Script is the answer: a tiny, deterministic, non-Turing-complete bytecode that lets coins be locked behind arbitrary spending conditions while keeping validation cheap and predictable.
HOW_IT_WORKS
Mechanism
HOW IT WORKS
Every UTXO is locked by a scriptPubKey — the output's locking script. To spend it, you provide a scriptSig (or witness) containing data that satisfies the lock. The node concatenates them, runs the combined script on a stack machine, and accepts the spend if and only if execution finishes with a single truthy value on the stack. P2PKH contributes a specific stack effect within that process — opcodes either push, pop, copy, hash, branch, or verify, and they do so left-to-right deterministically.
1. The script is parsed into a sequence of opcodes and push-data items.
2. Execution starts with an empty stack and an empty alt-stack.
3. Each opcode runs in order — push opcodes add to the stack, others consume the top items and may push results.
4. Conditional opcodes (OP_IF/OP_NOTIF/OP_ELSE/OP_ENDIF) branch execution.
5. Final state: a single non-zero (truthy) value on top → the spend is authorised. Anything else (empty stack, false, error) → the script fails and the tx is rejected.
WORKED_EXAMPLE
P2PKH — the full spend flow
EXAMPLE
scriptPubKey (in the output, 25 bytes):
OP_DUP OP_HASH160 <20-byte pubkey hash> OP_EQUALVERIFY OP_CHECKSIG
scriptSig (in the spending tx's input):
Combined execution (stack-based, left to right):
push → [sig]
push → [sig pubkey]
OP_DUP → [sig pubkey pubkey]
OP_HASH160 → [sig pubkey HASH160(pubkey)]
push → [sig pubkey HASH160(pubkey) expected]
OP_EQUALVERIFY → [sig pubkey] (fails if hashes differ)
OP_CHECKSIG → [1] (true iff signature valid)
End state: single truthy value → spend authorised.
Address encoding: Base58Check of (version byte 0x00 || HASH160(pubkey))
→ starts with "1…" on mainnet
KEY_PROPERTIES
STACK-BASED
Every operation reads and writes the top of a single shared LIFO stack. No registers, no variables, no heap.
DETERMINISTIC
No randomness, no clocks. Every node executes the same script the same way — divergence would fork the network.
NON-TURING-COMPLETE
No loops, no recursion. Every script halts in bounded time, so validation cost is predictable.
CONSENSUS-CRITICAL
A misbehaving Script implementation forks its node off the network. The reference implementation is the de-facto spec.
COMMON_PITFALLS
Things that catch people out
PITFALLS
- OP_RETURN makes an output provably unspendable — useful for data commitments, ruinous if used accidentally.
- Several opcodes were disabled in 2010 after security incidents (OP_MUL, OP_DIV, OP_SUBSTR, …) and have never been re-enabled.
- Number encoding (CScriptNum) is sign-magnitude, not two's complement. -1 is 0x81, not 0xff — a frequent source of bugs.
- OP_CHECKMULTISIG has a historical off-by-one bug — it pops one extra dummy item from the stack. Always prefix the sigs with an OP_0.
RELATED_CONCEPTS
Other terms from Module 7 — P2PKH — click any to read its page:
TERMINOLOGY_INDEX
TERMINOLOGY
P2PKH
Pay-to-Public-Key-Hash — the most common Bitcoin address type.
scriptSig
scriptPubKey
The locking script embedded in a transaction output.