With the birth of the Ordinals Protocol, it provided Bitcoin with the function of numbering and inscription, thereby broadening the product range of the Bitcoin ecosystem and bringing new vitality to the Bitcoin ecosystem. In this article, we’ll dive into the details of the Ordinal Protocol, including how each Bitcoin is numbered and traced, and the relationship between inscriptions and numbers. But before we dive deeper into this topic, we need to first understand some basic Bitcoin background to help us better understand what comes next.
After reading this article, you’ll master Bitcoin’s transaction mechanism and payment model, learn how Ordinals can number and track every Satoshi, and how inscriptions are created and traded. Also, you’ll learn about the differences between the different types of wallets.
Bitcoin uses a cash-like transaction model (cash system), and its payment method is based on a model called UTXO, which is different from the traditional model based on account balances. For example, in a bank’s account bookkeeping model process, when A transfers 100 yuan to B, the bank records three steps. These three steps form a transaction process. The first step is to deduct 100 yuan from A’s account. The record ID for this step is tid1. The second step is to deposit 100 yuan into B’s account. The record ID for this step is tid2. The third step is to record a transfer record. This record links tid1 and tid2, indicating a reduction of 100 yuan for account A and an increase of 100 yuan for account B. In this way, the transfer relationship between A and B is recorded and can be queried and tracked in the future. Now, we’ll explain Bitcoin’s payment methods through an introduction to UTXO and payment models.
In the Bitcoin blockchain, all balances are stored in a list called “Unspent Transaction Output (UTXO)” (Unspent Transaction Output). Each UTXO contains a certain amount of bitcoins, along with information about the owners of those bitcoins, and indicates whether they are available. Think of it as a cash check with the holder’s name on it. As long as the holder signs it, you can transfer the right to use it to another person. For a specific address, all of its UTXO amounts add up to the balance of that address’s wallet. By going through all the UTXOs, we can get the current balance for each address. The sum of all UTXO amounts is the total amount of bitcoins currently in circulation.
In Bitcoin’s transaction structure, each transaction includes several inputs and outputs. Each input is a reference to an existing UTXO, and each output specifies a new fund receipt address and corresponding amount. Once a transaction is initiated, the UTXO referenced in the input section is temporarily locked to prevent reuse until the transaction is completed. Only when the transaction is successfully packaged into a block (Block) by the miner and confirmed by the network will the relevant UTXO status change. Specifically, UTXOs used for transaction input will be removed from the UTXO list, indicating that they have been consumed, and the output of the transaction will generate a new UTXO and added to the UTXO list. It can be understood that an old cash check was used and then became invalid, creating a new cash check, which was owned by the new holder.
It is worth emphasizing that each UTXO can only be used once in a single transaction. Once it is consumed as an input, it is permanently removed from the UTXO list. Meanwhile, the newly generated output is added to the list as a new UTXO. The UTXO list is constantly changing, and as each new block is created, it is updated accordingly. Also, by analyzing the history of transactions in the blockchain, we are able to reconstruct the UTXO list state at any given point in time.
Also, the total input amount of a transaction usually slightly exceeds its total output amount. This difference, called transaction fee (transaction fee) or network fee (network fee), is given as an incentive to miners responsible for packaging transactions into blocks. The size of the network fee is proportional to the complexity of the transaction, so a transaction with more inputs and outputs usually requires a higher network fee.
Now, in order to better understand the Bitcoin transaction structure, we will conduct an in-depth analysis through a specific example. The transaction structure of Bitcoin is as follows. The two variables vin and vout represent the “input” and “output” of a Bitcoin transaction, respectively. Bitcoin transactions are not like traditional account balance models that record account data changes, but are expressed through input and output.
We can randomly select a transaction record on blockchain.com to analyze. The figure below shows The hash ID is a transaction of 0627052b6f28912f2703066a912ea577f2ce4da4caa5a5f5fbd8a57286c345c2f2. It contains one input and two outputs.
By using the bitcoin-cli commands getrawtransaction and decoderawtransaction, we can view the underlying structure of the above transaction:
In the Bitcoin network, the transaction output contains two important pieces of information: the address (public key hash) and the amount (in bitcoins). If the output of one transaction is not used in the input of another transaction, then this transaction output is called unspent transaction output (UTXO). Whoever has the private key corresponding to the public key in UTXO has the right to use (that is, spend) this UTXO.
Let’s look at the information in “vin” in the code above, which indicates that the UTXO spent on this exchange comes from another transaction (its id is 7957a35fe64f80d234d76d83a2a8a0d8a0d149a41d81de548f0a65a8a999f6f18). We can find the amount of this UTXO from historical transactions (for example, 0.1), Therefore, in this transaction, the user spent 0.1 BTC. The value 0.1 does not need to be explicitly written in the transaction, but is obtained by searching for UTXO information. The “vout” of this transaction has two outputs. These two outputs are two new UTXOs, corresponding to the new balance and holder until another transaction consumes them as input.
The total number of bitcoins is 21 million, and each bitcoin contains 10^8 Satoshi (Satoshi, Sat). As a result, there are 21 million*10^8 satoshi on the Bitcoin network. The Ordinals protocol distinguishes these Satoshi and uniquely numbers each Satoshi. This section explains how this agreement uniquely numbers each Satoshi and tracks the account it is in. Additionally, the rarity classification for Satoshi will also be introduced.
According to the Ordinals Agreement, Satoshi are numbered according to the order in which they were mined. The figure below shows how the 0th Satoshi is represented by the 0th block.
There are many ways to express Satoshi:
We’ll use an example to explain how to number newly mined bitcoins. Looking at the 795952nd block of the Bitcoin blockchain, we can see that the first transaction Tx 3a1f… b177 recorded the miner’s reward (Coinbase transaction). The transaction includes newly mined bitcoins, which are packaged rewards for miners, and processing fees paid to miners by the transaction initiator. By looking at the input in the image below, we can see that its UTxO ID consists of a string of zeros and block height. The output address is the miner’s wallet address, and the amount is the sum of the above rewards and fees.
If we take a closer look at the output to miners section, we can see the address, amount, and distribution of included Satoshi. As mentioned before, these include mining rewards and fees. Among them, the green SATS number information 1941220000000000-1941220625000000 is a new Satoshi generated by mining rewards, and the remaining 712 Satoshi records correspond to all processing fees in this block.
We can verify the number Sat 1941220000000000. Its block number is 795952, and the decimal symbol (decimal) is 795952.0, which means that the block height for mining this Satoshi is 795952, the number in this block is 0, and the rarity (rarity) that follows is marked as uncommon, which we’ll cover in more detail in later sections.
Because every BTC is generated through mining rewards, they are all traceable. Bitcoin accounts use the UTXO model. Let’s say user A obtained the 100th to 110th Satoshi through mining (10 Satoshi are stored as a whole in UTXO with the same ID adc123). When user A wants to pay user B 5 Satoshi, he chooses to use the ID abc123 as input for the transaction. Of these, 5 Satoshi are given to user B, and 5 Satoshi are returned to user A as zeros. These two copies of the 5 Satoshi are a whole, stored in two UTXO with IDs abc456 and abc789, respectively. The number of UTXO IDs and Satoshi mentioned above is only shown as an example. In actual circumstances, the minimum number of Satoshi sent is limited to 546, and UTXO IDs are not expressed in this form.
In the transaction described above, the transfer paths of User A’s 10 Satoshi are:
As a derivative of the Ordinals Protocol, Satoshi’s rarity can be defined based on the order in which they are mined. This will cause some special Satoshi to have varying rarity levels. Here’s how rare the different types of hearing are:
This rare and clever concept can add more fun and value to the Bitcoin ecosystem. Satoshi of varying rarity may have different values in the market, attracting collectors and investors.
Ordinals is significantly different from other non-Bitcoin on-chain NFTs. Among them, the main difference is that Ordinals’ metadata is not stored in a specific location. Instead, this metadata is embedded into the transaction’s witness data (witness field), which is why we call it “ inscription (inscription) “, because this data is “engraved” like an inscription on a specific part of a Bitcoin transaction, and this data It is attached to a specific Satoshi. This inscription process is achieved through segregated witness (SegWit) and “pay-to-taproot (P2TR)” (pay-to-taproot (P2TR)). It includes two stages of submission (commit) and disclosure (reveal), and can engrave any form of content (such as text, image, or video) on the designated smart board. We’ll introduce another more direct storage method OP_RETURN below and explain why it wasn’t used as a means of inscriptions. At the same time, we’ll introduce what segregated witness and pay-to-taproot are, and what role they play in the inscription. At the end we will introduce how the inscriptions are made.
In version 0.9 of the Bitcoin Core client, a compromise was finally achieved by using the RETURN operator. **RETURN allows developers to add 80 bytes of non-payment data to the transaction output. **Unlike fake payments, RETURN creates an unequivocal verifiable unconsumable output; such data does not need to be stored in a UTXO set. RETURN outputs are recorded on the blockchain. They consume disk space and also cause the blockchain to grow in size, but since they are not stored in UTXO concentration, they do not expand the UTXO memory pool, let alone increase the expensive memory cost of the entire node.
Although OP_RETURN is a very direct means of storing information to the Bitcoin blockchain, it is also a potential inscription method. However, OP_RETURN’s limitations make it face some challenges when dealing with metadata storage. First, OP_RETURN can only store 80 bytes of data, and for situations where larger amounts of data need to be stored, this limitation is clearly impossible to meet. Second, OP_RETURN data is stored in the transaction output section. Although this data is not stored centrally in UTXO, it takes up blockchain storage space, leading to an increase in blockchain size. Finally, using OP_RETURN results in higher transaction fees because it requires paying more to post these transactions.
In contrast, SegWit provides a new approach that can overcome these problems. SegWit is an important protocol upgrade for Bitcoin. It was proposed by Bitcoin core developer Pieter Wuille in 2015 and finally officially adopted in the 0.16.0 version in 2017. Segregated in segregated witness means separation or isolation, and witness is a signature related to a transaction. Therefore, SegWit separates certain transaction signature data (witness data) from transactions.
The main benefit of separating signatures from transaction-related data is the reduction in the size of the data stored in a Bitcoin block. This way each block has extra capacity to store more transactions, which also means that the network can process more transactions and the sender pays lower processing fees. Technically speaking, script signature (scriptSig) information is taken from the basic structure (base block) and placed in a new data structure. Nodes and miners doing verification work will also verify script signatures in this new data structure to ensure that transactions are valid. The Segwit upgrade introduced a new witness field in transaction output to ensure privacy and performance. Although witness data isn’t designed for data storage, it actually gives us an opportunity to store things like inscription metadata. Let’s use the following image to better understand the quarantine witness:
P2TR is a type of transaction output for Bitcoin. It was introduced in the Taproot upgrade in 2021. It allows different transaction conditions to be stored more privately on the blockchain. In the Ordinals’ inscription, P2TR plays a critical role. The inscription essentially embeds specific data content into Bitcoin transactions, and Taproot upgrades, particularly P2TR, have made this embedded data more flexible and economical.
First, due to the storage method of Taproot scripts, we can store inscription content in Taproot script path expenditure scripts. These scripts have almost no restrictions on content, and at the same time can also obtain discounts on witness data, making it relatively economical to store inscription content. Since consumption of the Taproot script can only be made from the Taproot output that already exists, the inscription uses a two-stage submission/disclosure process. First, in submitting a transaction, a Taproot output was created that promised a script containing the content of the inscription. Then, in the reveal transaction, the output created by submitting the transaction was consumed, thereby revealing the content of the inscription on the chain.
This approach has greatly reduced the consumption of resources. If P2TR is not used, witness information is stored in the transaction’s output. In this way, as long as this output is not consumed, the witness information will always be stored in the UTXO pool. Conversely, if P2TR is used, witness information will not appear in transactions generated during the submission phase, so it will not be written to the UTXO set. Only when this UTXO is spent will witness information appear in the transaction input during the disclosure phase. P2TR allows metadata to be written to the Bitcoin blockchain, but it never appears in UTXO. Since maintaining/modifying UTXO sets requires more resources, this approach can save significant resources.
The Ordinals protocol used SegWit to relax size restrictions on content written to the Bitcoin network, storing the inscription content in witness data. It allows it to store up to 4MB of metadata. Taproot makes it easier to store arbitrary witness data in Bitcoin transactions, allowing Ordinals developer Casey Rodarmor to reuse old opcodes (OP_FALSE, OP_IF, OP_PUSH) to store arbitrary data in what he described as an “envelope” called an “inscription.”
The process for casting an inscription consists of the following two steps:
First, it is necessary to create a promise in the submission transaction to the Taproot output of the script containing the content of the inscription. The storage format is Taproot, that is, the output of the previous transaction is P2TR (Pay-To-Taproot), and the input of the latter transaction embeds content in a specific format in the witnessed Taproot script; the string ord is first stacked to eliminate the ambiguity that the inscription has other uses. OP_PUSH 1 indicates that the next push contains the content type, and OP_PUSH 0 indicates that subsequent data pushes include the content itself. Large inscriptions must use multiple data pushes because one of the few limitations of taproot is that a single data push cannot be larger than 520 bytes. At this point, the inscription’s data has been applied to the UTXO output of the transaction, but it has not been disclosed.
Second, it is necessary to reveal the output created by the purchase submission transaction in the transaction. At this stage, the transaction is initiated by using the UTXO corresponding to that inscription as input. At this point, the content of the corresponding inscription was made public to the entire network.
Through the above two steps, the content of the inscription has been bound to the engraved UTXO. Also, according to Satoshi’s positioning described above, the inscription is performed on the first Satoshi corresponding to the UTXO input, and the content of the inscription is included in the input showing the transaction. According to the introduction to the circulation and tracking of Satoshi described above, this Satoshi, which is engraved with special content, can be transferred, bought, sold, lost, and recovered. Note that inscriptions cannot be repeated, otherwise the subsequent inscriptions will not be valid.
We will explain this process in detail by inscribing an example of a small BTC NFT image. This process mainly includes the two stages of submission (commit) and disclosure (reveal) mentioned earlier. First, we see that the Hash ID for the first transaction is 2ddf9... f585c. It can be noted that the output of this transaction did not include witness data, and there was no relevant inscription on the page.
Next, let’s look at the record of the second stage. The hash ID is e7454... 7c0e1. Here, we can see the information on the Ordinals Inscription, that is, the content of the witness inscription. The input address for this transaction is the output address of the previous transaction, and the output 0.00000546 BTC (546 Satoshi) is sending this NFT to its own address. At the same time, we can also use Sat Find Satoshi where this inscription is located in 1893640468329373.
In the Bitcoin wallet, we can see this asset. If we want to trade this NFT, we can send it directly to someone else’s address, that is, send this UTXO, and this completes the circulation of the inscription.
After we have learned about the Ordinals ecosystem, the circulation of Satoshi, and related knowledge about inscriptions, there are currently many application scenarios. Whether it is the emergence of related derivative agreements such as BRC-20, ORC-20, BRC-721, GBRC-721, etc., we need a corresponding wallet to support and display token information or small NFT images. In this section, we’ll introduce the concepts and characteristics of different Bitcoin wallet addresses.
Bitcoin addresses begin with 1, 3, or bc1. Just like email addresses, they can be shared with other Bitcoin users who can use them to send bitcoins directly to their wallets. From a security point of view, Bitcoin addresses don’t have any sensitive content. It can be posted anywhere without jeopardizing the security of the account. Unlike email addresses, we can create new addresses any time we need, all of which will deposit funds directly into your wallet. In fact, many modern wallets automatically create a new address for every transaction to maximize privacy. A wallet is simply a collection of addresses and keys to unlock the funds in it. First, we need to know how the Bitcoin wallet address is generated.
Bitcoin uses an elliptical curve secp256k1. The “private key” is a random number between 1 and n-1. n is a large number (256 bits), and n is expressed in scientific notation about 1.15792*10^77. The scope is huge, and it’s almost impossible for us to guess other people’s private keys. This random integer private key can be used 256 bits indicate that there are many ways to encode. If the private key using WIF or WIF-compressed is unencrypted, the original “random integer” can be obtained by decoding. Another method is BIP38. It is proposed to use the AES algorithm to encrypt the private key. The private key obtained by this scheme starts with the character 6P. This private key must be imported into various Bitcoin wallets. This is the private key we usually use.
We will then use the elliptic curve formula K = kG to generate Bitcoin’s public key K from the private key k. G is the base point, which is a parameter of secp256k1. You can get the two coordinates of K, which are the two expressions of the public key, “Uncompressed format” and “Compressed format”, respectively.
The various types of Bitcoin addresses can be seen in the following figure. There are four ways to express them:
1.Legacy (P2PKH) format
Example: 1fh7ajxabjbpzw8bjd3qu4cuq3prty9u
Addresses starting with “1” are Bitcoin’s original address format and are still in use today. Obtained from the public key through hash calculation, also known as P2PKH, is an abbreviation for Pay To PubKey Hash (payment to public key hash).
2. Nested SegWit (P2SH) format
Example: 3kf9nxowq4assgxrrzeitpdjmuwM2nyPan
Addresses start with “ 3 “. P2SH is an abbreviation for Pay To Script Hash (Pay To Script Hash), which supports more complex features than Legacy addresses. Nested P2SH obtains an existing P2SH address (starting with “3”) and encapsulates it with the SegWit address.
3.Native SegWit (Bech32) format
Addresses beginning with bc1 were proposed in BIP0173; they are native quarantine witness addresses. Bech32 encoded address is an address format specially developed for SegWit. Bech32 was defined in BIP173 at the end of 2017. One of the main features of this format is that it is not case sensitive (the address contains only 0-9, az), so it can effectively avoid confusion and is easier to read when entering. Since fewer characters are required in the address, the address uses Base32 encoding instead of traditional Base58, which is more convenient and efficient to calculate. The data can be stored more tightly in a QR code. Bech32 provides higher security, better optimizes verification and error detection codes, and minimizes the chance of invalid addresses.
The Bech32 address itself is SegWit compatible. There is no additional space required to put the SegWit address into the P2SH address, so using a Bech32 format address, the processing fee will be lower. Bech32 addresses have several advantages over the old Base58 (Base58Check coding is used to encode byte arrays in Bitcoin into human-encodable strings) addresses: QR codes are smaller; they are more error-proof; they are more secure; they are not case sensitive; they are only composed of lowercase letters, so they are easier to read, type, and understand.
4.Taproot Format (P2TR)
Bech32 has a drawback: if the last character in the address is p, inserting or deleting any number of characters q immediately before p will not invalidate its checksum.
To mitigate the above shortcomings of Bech32, the Bech32M address was proposed in BIP0350:
For Bech32M addresses, when version is 1, they always start with bc1p (that is, Taproot address). Specifically, like a local quarantine witness, a wallet can consist of a seed phrase and a passphrase. These are used to generate extended public and private keys, and are used to derive addresses for arbitrary paths in hierarchical deterministic wallets. Mainly NFTs that store BRC-20 and BTC.
Spectrum Labs is a team of masters and PhDs focused on blockchain research, as well as veterans within the blockchain industry. We are committed to blockchain research chain technology and its applications to help people better understand blockchain. Spectrum Labs’ main business includes writing research reports, writing courses, and developing tools.
The BTC NFT Chinese Community is a BTC NFT Chinese exchange platform for Chinese newcomers from around the world.
With the birth of the Ordinals Protocol, it provided Bitcoin with the function of numbering and inscription, thereby broadening the product range of the Bitcoin ecosystem and bringing new vitality to the Bitcoin ecosystem. In this article, we’ll dive into the details of the Ordinal Protocol, including how each Bitcoin is numbered and traced, and the relationship between inscriptions and numbers. But before we dive deeper into this topic, we need to first understand some basic Bitcoin background to help us better understand what comes next.
After reading this article, you’ll master Bitcoin’s transaction mechanism and payment model, learn how Ordinals can number and track every Satoshi, and how inscriptions are created and traded. Also, you’ll learn about the differences between the different types of wallets.
Bitcoin uses a cash-like transaction model (cash system), and its payment method is based on a model called UTXO, which is different from the traditional model based on account balances. For example, in a bank’s account bookkeeping model process, when A transfers 100 yuan to B, the bank records three steps. These three steps form a transaction process. The first step is to deduct 100 yuan from A’s account. The record ID for this step is tid1. The second step is to deposit 100 yuan into B’s account. The record ID for this step is tid2. The third step is to record a transfer record. This record links tid1 and tid2, indicating a reduction of 100 yuan for account A and an increase of 100 yuan for account B. In this way, the transfer relationship between A and B is recorded and can be queried and tracked in the future. Now, we’ll explain Bitcoin’s payment methods through an introduction to UTXO and payment models.
In the Bitcoin blockchain, all balances are stored in a list called “Unspent Transaction Output (UTXO)” (Unspent Transaction Output). Each UTXO contains a certain amount of bitcoins, along with information about the owners of those bitcoins, and indicates whether they are available. Think of it as a cash check with the holder’s name on it. As long as the holder signs it, you can transfer the right to use it to another person. For a specific address, all of its UTXO amounts add up to the balance of that address’s wallet. By going through all the UTXOs, we can get the current balance for each address. The sum of all UTXO amounts is the total amount of bitcoins currently in circulation.
In Bitcoin’s transaction structure, each transaction includes several inputs and outputs. Each input is a reference to an existing UTXO, and each output specifies a new fund receipt address and corresponding amount. Once a transaction is initiated, the UTXO referenced in the input section is temporarily locked to prevent reuse until the transaction is completed. Only when the transaction is successfully packaged into a block (Block) by the miner and confirmed by the network will the relevant UTXO status change. Specifically, UTXOs used for transaction input will be removed from the UTXO list, indicating that they have been consumed, and the output of the transaction will generate a new UTXO and added to the UTXO list. It can be understood that an old cash check was used and then became invalid, creating a new cash check, which was owned by the new holder.
It is worth emphasizing that each UTXO can only be used once in a single transaction. Once it is consumed as an input, it is permanently removed from the UTXO list. Meanwhile, the newly generated output is added to the list as a new UTXO. The UTXO list is constantly changing, and as each new block is created, it is updated accordingly. Also, by analyzing the history of transactions in the blockchain, we are able to reconstruct the UTXO list state at any given point in time.
Also, the total input amount of a transaction usually slightly exceeds its total output amount. This difference, called transaction fee (transaction fee) or network fee (network fee), is given as an incentive to miners responsible for packaging transactions into blocks. The size of the network fee is proportional to the complexity of the transaction, so a transaction with more inputs and outputs usually requires a higher network fee.
Now, in order to better understand the Bitcoin transaction structure, we will conduct an in-depth analysis through a specific example. The transaction structure of Bitcoin is as follows. The two variables vin and vout represent the “input” and “output” of a Bitcoin transaction, respectively. Bitcoin transactions are not like traditional account balance models that record account data changes, but are expressed through input and output.
We can randomly select a transaction record on blockchain.com to analyze. The figure below shows The hash ID is a transaction of 0627052b6f28912f2703066a912ea577f2ce4da4caa5a5f5fbd8a57286c345c2f2. It contains one input and two outputs.
By using the bitcoin-cli commands getrawtransaction and decoderawtransaction, we can view the underlying structure of the above transaction:
In the Bitcoin network, the transaction output contains two important pieces of information: the address (public key hash) and the amount (in bitcoins). If the output of one transaction is not used in the input of another transaction, then this transaction output is called unspent transaction output (UTXO). Whoever has the private key corresponding to the public key in UTXO has the right to use (that is, spend) this UTXO.
Let’s look at the information in “vin” in the code above, which indicates that the UTXO spent on this exchange comes from another transaction (its id is 7957a35fe64f80d234d76d83a2a8a0d8a0d149a41d81de548f0a65a8a999f6f18). We can find the amount of this UTXO from historical transactions (for example, 0.1), Therefore, in this transaction, the user spent 0.1 BTC. The value 0.1 does not need to be explicitly written in the transaction, but is obtained by searching for UTXO information. The “vout” of this transaction has two outputs. These two outputs are two new UTXOs, corresponding to the new balance and holder until another transaction consumes them as input.
The total number of bitcoins is 21 million, and each bitcoin contains 10^8 Satoshi (Satoshi, Sat). As a result, there are 21 million*10^8 satoshi on the Bitcoin network. The Ordinals protocol distinguishes these Satoshi and uniquely numbers each Satoshi. This section explains how this agreement uniquely numbers each Satoshi and tracks the account it is in. Additionally, the rarity classification for Satoshi will also be introduced.
According to the Ordinals Agreement, Satoshi are numbered according to the order in which they were mined. The figure below shows how the 0th Satoshi is represented by the 0th block.
There are many ways to express Satoshi:
We’ll use an example to explain how to number newly mined bitcoins. Looking at the 795952nd block of the Bitcoin blockchain, we can see that the first transaction Tx 3a1f… b177 recorded the miner’s reward (Coinbase transaction). The transaction includes newly mined bitcoins, which are packaged rewards for miners, and processing fees paid to miners by the transaction initiator. By looking at the input in the image below, we can see that its UTxO ID consists of a string of zeros and block height. The output address is the miner’s wallet address, and the amount is the sum of the above rewards and fees.
If we take a closer look at the output to miners section, we can see the address, amount, and distribution of included Satoshi. As mentioned before, these include mining rewards and fees. Among them, the green SATS number information 1941220000000000-1941220625000000 is a new Satoshi generated by mining rewards, and the remaining 712 Satoshi records correspond to all processing fees in this block.
We can verify the number Sat 1941220000000000. Its block number is 795952, and the decimal symbol (decimal) is 795952.0, which means that the block height for mining this Satoshi is 795952, the number in this block is 0, and the rarity (rarity) that follows is marked as uncommon, which we’ll cover in more detail in later sections.
Because every BTC is generated through mining rewards, they are all traceable. Bitcoin accounts use the UTXO model. Let’s say user A obtained the 100th to 110th Satoshi through mining (10 Satoshi are stored as a whole in UTXO with the same ID adc123). When user A wants to pay user B 5 Satoshi, he chooses to use the ID abc123 as input for the transaction. Of these, 5 Satoshi are given to user B, and 5 Satoshi are returned to user A as zeros. These two copies of the 5 Satoshi are a whole, stored in two UTXO with IDs abc456 and abc789, respectively. The number of UTXO IDs and Satoshi mentioned above is only shown as an example. In actual circumstances, the minimum number of Satoshi sent is limited to 546, and UTXO IDs are not expressed in this form.
In the transaction described above, the transfer paths of User A’s 10 Satoshi are:
As a derivative of the Ordinals Protocol, Satoshi’s rarity can be defined based on the order in which they are mined. This will cause some special Satoshi to have varying rarity levels. Here’s how rare the different types of hearing are:
This rare and clever concept can add more fun and value to the Bitcoin ecosystem. Satoshi of varying rarity may have different values in the market, attracting collectors and investors.
Ordinals is significantly different from other non-Bitcoin on-chain NFTs. Among them, the main difference is that Ordinals’ metadata is not stored in a specific location. Instead, this metadata is embedded into the transaction’s witness data (witness field), which is why we call it “ inscription (inscription) “, because this data is “engraved” like an inscription on a specific part of a Bitcoin transaction, and this data It is attached to a specific Satoshi. This inscription process is achieved through segregated witness (SegWit) and “pay-to-taproot (P2TR)” (pay-to-taproot (P2TR)). It includes two stages of submission (commit) and disclosure (reveal), and can engrave any form of content (such as text, image, or video) on the designated smart board. We’ll introduce another more direct storage method OP_RETURN below and explain why it wasn’t used as a means of inscriptions. At the same time, we’ll introduce what segregated witness and pay-to-taproot are, and what role they play in the inscription. At the end we will introduce how the inscriptions are made.
In version 0.9 of the Bitcoin Core client, a compromise was finally achieved by using the RETURN operator. **RETURN allows developers to add 80 bytes of non-payment data to the transaction output. **Unlike fake payments, RETURN creates an unequivocal verifiable unconsumable output; such data does not need to be stored in a UTXO set. RETURN outputs are recorded on the blockchain. They consume disk space and also cause the blockchain to grow in size, but since they are not stored in UTXO concentration, they do not expand the UTXO memory pool, let alone increase the expensive memory cost of the entire node.
Although OP_RETURN is a very direct means of storing information to the Bitcoin blockchain, it is also a potential inscription method. However, OP_RETURN’s limitations make it face some challenges when dealing with metadata storage. First, OP_RETURN can only store 80 bytes of data, and for situations where larger amounts of data need to be stored, this limitation is clearly impossible to meet. Second, OP_RETURN data is stored in the transaction output section. Although this data is not stored centrally in UTXO, it takes up blockchain storage space, leading to an increase in blockchain size. Finally, using OP_RETURN results in higher transaction fees because it requires paying more to post these transactions.
In contrast, SegWit provides a new approach that can overcome these problems. SegWit is an important protocol upgrade for Bitcoin. It was proposed by Bitcoin core developer Pieter Wuille in 2015 and finally officially adopted in the 0.16.0 version in 2017. Segregated in segregated witness means separation or isolation, and witness is a signature related to a transaction. Therefore, SegWit separates certain transaction signature data (witness data) from transactions.
The main benefit of separating signatures from transaction-related data is the reduction in the size of the data stored in a Bitcoin block. This way each block has extra capacity to store more transactions, which also means that the network can process more transactions and the sender pays lower processing fees. Technically speaking, script signature (scriptSig) information is taken from the basic structure (base block) and placed in a new data structure. Nodes and miners doing verification work will also verify script signatures in this new data structure to ensure that transactions are valid. The Segwit upgrade introduced a new witness field in transaction output to ensure privacy and performance. Although witness data isn’t designed for data storage, it actually gives us an opportunity to store things like inscription metadata. Let’s use the following image to better understand the quarantine witness:
P2TR is a type of transaction output for Bitcoin. It was introduced in the Taproot upgrade in 2021. It allows different transaction conditions to be stored more privately on the blockchain. In the Ordinals’ inscription, P2TR plays a critical role. The inscription essentially embeds specific data content into Bitcoin transactions, and Taproot upgrades, particularly P2TR, have made this embedded data more flexible and economical.
First, due to the storage method of Taproot scripts, we can store inscription content in Taproot script path expenditure scripts. These scripts have almost no restrictions on content, and at the same time can also obtain discounts on witness data, making it relatively economical to store inscription content. Since consumption of the Taproot script can only be made from the Taproot output that already exists, the inscription uses a two-stage submission/disclosure process. First, in submitting a transaction, a Taproot output was created that promised a script containing the content of the inscription. Then, in the reveal transaction, the output created by submitting the transaction was consumed, thereby revealing the content of the inscription on the chain.
This approach has greatly reduced the consumption of resources. If P2TR is not used, witness information is stored in the transaction’s output. In this way, as long as this output is not consumed, the witness information will always be stored in the UTXO pool. Conversely, if P2TR is used, witness information will not appear in transactions generated during the submission phase, so it will not be written to the UTXO set. Only when this UTXO is spent will witness information appear in the transaction input during the disclosure phase. P2TR allows metadata to be written to the Bitcoin blockchain, but it never appears in UTXO. Since maintaining/modifying UTXO sets requires more resources, this approach can save significant resources.
The Ordinals protocol used SegWit to relax size restrictions on content written to the Bitcoin network, storing the inscription content in witness data. It allows it to store up to 4MB of metadata. Taproot makes it easier to store arbitrary witness data in Bitcoin transactions, allowing Ordinals developer Casey Rodarmor to reuse old opcodes (OP_FALSE, OP_IF, OP_PUSH) to store arbitrary data in what he described as an “envelope” called an “inscription.”
The process for casting an inscription consists of the following two steps:
First, it is necessary to create a promise in the submission transaction to the Taproot output of the script containing the content of the inscription. The storage format is Taproot, that is, the output of the previous transaction is P2TR (Pay-To-Taproot), and the input of the latter transaction embeds content in a specific format in the witnessed Taproot script; the string ord is first stacked to eliminate the ambiguity that the inscription has other uses. OP_PUSH 1 indicates that the next push contains the content type, and OP_PUSH 0 indicates that subsequent data pushes include the content itself. Large inscriptions must use multiple data pushes because one of the few limitations of taproot is that a single data push cannot be larger than 520 bytes. At this point, the inscription’s data has been applied to the UTXO output of the transaction, but it has not been disclosed.
Second, it is necessary to reveal the output created by the purchase submission transaction in the transaction. At this stage, the transaction is initiated by using the UTXO corresponding to that inscription as input. At this point, the content of the corresponding inscription was made public to the entire network.
Through the above two steps, the content of the inscription has been bound to the engraved UTXO. Also, according to Satoshi’s positioning described above, the inscription is performed on the first Satoshi corresponding to the UTXO input, and the content of the inscription is included in the input showing the transaction. According to the introduction to the circulation and tracking of Satoshi described above, this Satoshi, which is engraved with special content, can be transferred, bought, sold, lost, and recovered. Note that inscriptions cannot be repeated, otherwise the subsequent inscriptions will not be valid.
We will explain this process in detail by inscribing an example of a small BTC NFT image. This process mainly includes the two stages of submission (commit) and disclosure (reveal) mentioned earlier. First, we see that the Hash ID for the first transaction is 2ddf9... f585c. It can be noted that the output of this transaction did not include witness data, and there was no relevant inscription on the page.
Next, let’s look at the record of the second stage. The hash ID is e7454... 7c0e1. Here, we can see the information on the Ordinals Inscription, that is, the content of the witness inscription. The input address for this transaction is the output address of the previous transaction, and the output 0.00000546 BTC (546 Satoshi) is sending this NFT to its own address. At the same time, we can also use Sat Find Satoshi where this inscription is located in 1893640468329373.
In the Bitcoin wallet, we can see this asset. If we want to trade this NFT, we can send it directly to someone else’s address, that is, send this UTXO, and this completes the circulation of the inscription.
After we have learned about the Ordinals ecosystem, the circulation of Satoshi, and related knowledge about inscriptions, there are currently many application scenarios. Whether it is the emergence of related derivative agreements such as BRC-20, ORC-20, BRC-721, GBRC-721, etc., we need a corresponding wallet to support and display token information or small NFT images. In this section, we’ll introduce the concepts and characteristics of different Bitcoin wallet addresses.
Bitcoin addresses begin with 1, 3, or bc1. Just like email addresses, they can be shared with other Bitcoin users who can use them to send bitcoins directly to their wallets. From a security point of view, Bitcoin addresses don’t have any sensitive content. It can be posted anywhere without jeopardizing the security of the account. Unlike email addresses, we can create new addresses any time we need, all of which will deposit funds directly into your wallet. In fact, many modern wallets automatically create a new address for every transaction to maximize privacy. A wallet is simply a collection of addresses and keys to unlock the funds in it. First, we need to know how the Bitcoin wallet address is generated.
Bitcoin uses an elliptical curve secp256k1. The “private key” is a random number between 1 and n-1. n is a large number (256 bits), and n is expressed in scientific notation about 1.15792*10^77. The scope is huge, and it’s almost impossible for us to guess other people’s private keys. This random integer private key can be used 256 bits indicate that there are many ways to encode. If the private key using WIF or WIF-compressed is unencrypted, the original “random integer” can be obtained by decoding. Another method is BIP38. It is proposed to use the AES algorithm to encrypt the private key. The private key obtained by this scheme starts with the character 6P. This private key must be imported into various Bitcoin wallets. This is the private key we usually use.
We will then use the elliptic curve formula K = kG to generate Bitcoin’s public key K from the private key k. G is the base point, which is a parameter of secp256k1. You can get the two coordinates of K, which are the two expressions of the public key, “Uncompressed format” and “Compressed format”, respectively.
The various types of Bitcoin addresses can be seen in the following figure. There are four ways to express them:
1.Legacy (P2PKH) format
Example: 1fh7ajxabjbpzw8bjd3qu4cuq3prty9u
Addresses starting with “1” are Bitcoin’s original address format and are still in use today. Obtained from the public key through hash calculation, also known as P2PKH, is an abbreviation for Pay To PubKey Hash (payment to public key hash).
2. Nested SegWit (P2SH) format
Example: 3kf9nxowq4assgxrrzeitpdjmuwM2nyPan
Addresses start with “ 3 “. P2SH is an abbreviation for Pay To Script Hash (Pay To Script Hash), which supports more complex features than Legacy addresses. Nested P2SH obtains an existing P2SH address (starting with “3”) and encapsulates it with the SegWit address.
3.Native SegWit (Bech32) format
Addresses beginning with bc1 were proposed in BIP0173; they are native quarantine witness addresses. Bech32 encoded address is an address format specially developed for SegWit. Bech32 was defined in BIP173 at the end of 2017. One of the main features of this format is that it is not case sensitive (the address contains only 0-9, az), so it can effectively avoid confusion and is easier to read when entering. Since fewer characters are required in the address, the address uses Base32 encoding instead of traditional Base58, which is more convenient and efficient to calculate. The data can be stored more tightly in a QR code. Bech32 provides higher security, better optimizes verification and error detection codes, and minimizes the chance of invalid addresses.
The Bech32 address itself is SegWit compatible. There is no additional space required to put the SegWit address into the P2SH address, so using a Bech32 format address, the processing fee will be lower. Bech32 addresses have several advantages over the old Base58 (Base58Check coding is used to encode byte arrays in Bitcoin into human-encodable strings) addresses: QR codes are smaller; they are more error-proof; they are more secure; they are not case sensitive; they are only composed of lowercase letters, so they are easier to read, type, and understand.
4.Taproot Format (P2TR)
Bech32 has a drawback: if the last character in the address is p, inserting or deleting any number of characters q immediately before p will not invalidate its checksum.
To mitigate the above shortcomings of Bech32, the Bech32M address was proposed in BIP0350:
For Bech32M addresses, when version is 1, they always start with bc1p (that is, Taproot address). Specifically, like a local quarantine witness, a wallet can consist of a seed phrase and a passphrase. These are used to generate extended public and private keys, and are used to derive addresses for arbitrary paths in hierarchical deterministic wallets. Mainly NFTs that store BRC-20 and BTC.
Spectrum Labs is a team of masters and PhDs focused on blockchain research, as well as veterans within the blockchain industry. We are committed to blockchain research chain technology and its applications to help people better understand blockchain. Spectrum Labs’ main business includes writing research reports, writing courses, and developing tools.
The BTC NFT Chinese Community is a BTC NFT Chinese exchange platform for Chinese newcomers from around the world.