Author: Ash Li, Noah Ho
With the birth of the Ordinals protocol, it provides Bitcoin with the functions of numbering and inscription, thus broadening the product range of the Bitcoin ecosystem and bringing new vitality to the Bitcoin ecosystem. In this article, we will delve into the details of the Ordinal protocol, including how to number and track each Bitcoin, and the relationship between inscriptions and numbers. But before we delve into this topic, we need to first understand some basic background of Bitcoin to help us better understand the subsequent content.
After finishing this article, you will have a good understanding of Bitcoin's transaction mechanism and payment model, how Ordinals number and track each Satoshi, and how inscriptions are created and traded. In addition, you will also understand the differences between different types of wallets.
1. Bitcoin Background
Bitcoin uses a cash-like transaction model (cash system), and its payment method is based on a model called UTXO, which is different from the traditional account balance-based model. For example: in the bank's account accounting model process, when A transfers 100 yuan to B, the bank will record three steps, which constitute a transaction process. The first step is to deduct 100 yuan from A's account, and the record ID of this step is tid1. The second step is to deposit 100 yuan into B's account, and the record ID of this step is tid2. The third step is to record a transfer record, which associates tid1 and tid2, indicating that A's account decreases 100 yuan and B's account increases 100 yuan. In this way, the transfer relationship between A and B is recorded and can be queried and tracked in the future. Now, we will explain Bitcoin's payment method through the introduction of UTXO and payment model.
UTXO
In the Bitcoin blockchain, all balances are stored in a list called "Unspent Transaction Output" (UTXO). Each UTXO contains a certain number of bitcoins, as well as the owner information of these bitcoins, and indicates whether they are available. You can think of it as a cash check with the holder's name on it. As long as the holder signs on it, the right to use it can be transferred to others. For a specific address, the sum of all its UTXO amounts is the balance of the wallet at that address. By traversing all UTXOs, we can get the current balance of each address. Adding up all the UTXO amounts gives you all the bitcoins currently in circulation.
In the transaction structure of Bitcoin, each transaction includes several inputs and outputs, where each input is a reference to an existing UTXO, and each output specifies a new fund receiving address and the corresponding amount. Once a transaction is initiated, the UTXO referenced by its input part will be temporarily locked to prevent it from being reused before the transaction is completed. Only when the transaction is successfully packaged into a block by the miner and confirmed by the network will the status of the relevant UTXO change. Specifically, the UTXO used for transaction input will be removed from the UTXO list, indicating that they have been consumed, and the output of the transaction will generate a new UTXO and add it to the UTXO list. It can be understood that the old cash check becomes invalid after being used, and a new cash check is generated, and its ownership belongs to the new holder.
It is worth emphasizing that each UTXO can only be used once in a transaction. Once it is consumed as an input, it is permanently removed from the UTXO list. At the same time, newly generated outputs are added to the list as new UTXOs. The UTXO list is constantly changing, and it is updated accordingly with the creation of each new block. And, by analyzing the transaction history in the blockchain, we are able to reconstruct the state of the UTXO list at any given point in time.
In addition, the total input amount of a transaction usually slightly exceeds its total output amount. This difference, called the transaction fee or network fee, is given as an incentive to the miners responsible for packaging the transaction into the block. The size of the network fee is proportional to the complexity of the transaction, so a transaction with more inputs and outputs usually requires a higher network fee.
Now, in order to understand the transaction structure of Bitcoin more vividly, we will conduct an in-depth analysis through a specific example. The transaction structure of Bitcoin is as follows, where the two variables vin and vout represent the "input" and "output" of Bitcoin transactions respectively. Bitcoin transactions do not record account-shaped data changes like the traditional account balance model, but are represented by input and output.
We can randomly select a transaction record on blockchain.com for analysis. The following figure shows a transaction with a hash ID of 0627052b6f28912f2703066a912ea577f2ce4da4caa5a5fbd8a57286c345c2f2. It contains one input and two outputs.
By using the bitcoin-cli commands getrawtransaction and decoderawtransaction, we can view the underlying structure of the above transaction:
In the Bitcoin network, transaction outputs contain two important pieces of information: address (public key hash) and amount (in Bitcoin). If the output of a transaction is not used in the input of other transactions, then this transaction output is called an unspent transaction output (UTXO). Whoever has the private key corresponding to the public key in the UTXO has the right to use (i.e. spend) this UTXO.
Let's look at the information in "vin" in the code above. It indicates that the UTXO spent by this transaction comes from the 0th output (a transaction can have multiple outputs, and the index starts at 0) of another transaction (whose id is 7957a35fe64f80d234d76d83a2a8f1a0d8149a41d81de548f0a65a8a999f6f18). We can find the amount of this UTXO (for example, 0.1) from historical transactions, so the user spent 0.1 BTC in this transaction. The value 0.1 does not need to be explicitly written in the transaction, but is obtained by looking up the UTXO information. The "vout" of this transaction has two outputs, which are two new UTXOs corresponding to the new balance and holder, until another transaction consumes them as input.
Payment Model
To better understand the payment model of the Bitcoin network, we use an example to introduce the payment process of n bitcoins from A to B. The figure below shows the process of user A sending 3 bitcoins to user B.
For user A, first you need to determine all the UTXO sets he owns, that is, all the bitcoins that user A can control;
A selects one or more UTXOs from this set as transaction inputs. The sum of the amounts of these inputs is m (2+0.8+0.5=3.3 BTC), which is greater than the amount to be paid n (3 BTC).
User A sets two outputs for the transaction, one output is paid to B's address, the amount is n (3 BTC), and the other output is paid to A's own change address, the amount is m-n-fee (3.3-3-0.001=0.299 BTC). The user's wallet usually consists of multiple addresses, and generally each address is only used once, and the change is returned to a new address by default;
After the miner packages the transaction and confirms it on the chain, B can receive the transaction information. Because the size of the block is capped (about 1 MB), miners will give priority to confirming transactions with high transaction fees (fee_rate=fee/size) to obtain the highest handling fee return. We can see the real-time mining transaction fee in mempool. If we want to confirm as quickly as possible during the transfer process, we can choose High Priority or customize a suitable transaction fee rate.
2. Numbering and Tracking of Satoshi
The total number of Bitcoins is 21 million, and each Bitcoin contains 10^8 Satoshis (Sat). Therefore, there are a total of 21 million*10^8 Satoshis on the Bitcoin network. The Ordinals protocol distinguishes these Satoshis and uniquely numbers each Satoshi. This section will introduce how this protocol uniquely numbers each Satoshi and how to track the account it belongs to. In addition, the classification of the rarity of Satoshis will be briefly introduced.
Satoshi's number
According to the Ordinals protocol, Satoshis are numbered according to the order in which they are mined. The following figure shows how the 0th Satoshi mined in the 0th block is represented.
There are many ways to express Cong:
Integer symbol: For example, 2099994106992659, which indicates the serial number assigned to the satoshi in the order of mining.
Decimal notation: For example, 3891094.16797, the first digit indicates the height of the block where the satoshi was mined, and the second digit indicates the number of the satoshi in the block.
Degree symbol: For example, 3°111094′214″16797‴. This method has not been defined yet.
Percent symbol: For example, 99.99971949060254%, which indicates the position of the satoshi in the Bitcoin supply, expressed as a percentage.
Name: For example, Satoshi. A name that encodes the serial number using characters a to z.
We will use an example to explain how to number newly mined bitcoins. Looking at the 795952th block of the Bitcoin blockchain, we can see that the first transaction Tx 3a1f...b177 records the miner's reward (coinbase transaction). This transaction includes the newly mined bitcoins, which are the miner's packaging rewards, and the transaction initiator's fee paid to the miner. By looking at the input in the figure below, we can see that its UTXO id consists of a string of 0s and the block height. The output address is the miner's wallet address, and the amount is the sum of the above rewards and fees.
If we look further at the output to miners, we can see the address, amount, and distribution of the Satoshis included. As mentioned earlier, these include mining rewards and handling fees. Among them, the green sats number information 1941220000000000–1941220625000000 are the new Satoshis generated by mining rewards, and the remaining 712 Satoshi records correspond to all the handling fees in the block.
We can verify the number Sat 1941220000000000. Its block number is 795952, and the decimal symbol is 795952.0, which means that the block height of the Satoshi is 795952, and the Satoshi number in this block is 0. The rarity mark behind it is uncommon, which we will introduce in detail in the following section.
The Circulation of Satoshi
Because each BTC is generated through mining rewards, they are all traceable. Bitcoin accounts use the UTXO model. Assume that user A obtains the 100th to 110th satoshis through mining (10 satoshis are stored as a whole in the same UTXO with id adc123). When user A wants to pay 5 satoshis to user B, he chooses to use id abc123 as the input of the transaction, of which 5 satoshis are given to user B and 5 satoshis are returned to user A as change. These two 5 satoshis are a whole and are stored in two UTXOs with ids abc456 and abc789 respectively. The above UTXO ids and the number of satoshis are only shown as examples. In actual situations, the minimum limit of the number of satoshis sent is 546 and the UTXO id is not expressed in this form.
In the above transaction, the flow path of user A’s 10 satoshis is:
Mining generates 10 satoshis, numbered [100 *, 110). * means that the 100th to 109th satoshis are stored in the UTXO with id abc123, and its owner is user A.
When A makes a transfer, 10 satoshis are divided into two parts, each with 5 satoshis. The "first in, first out" principle is adopted here, that is, the order of the satoshis is determined by their index in the transaction output. Assuming that the output order is user A first, then user B, then the sequence number of user A's remaining 5 satoshis is [100 , 105), stored in the UTXO with id abc456, and the sequence number of user B's 5 satoshis is [105, 110), stored in the UTXO with id abc789.
Rare Satoshi
As a spin-off of the Ordinals protocol, the rarity of Satoshi can be defined based on the order in which they are mined. This will result in some special Satoshis having different rarities. Here are the rarity levels of different Satoshis:
Common: Any satoshi except the first satoshi in a block (total supply is 210 trillion)
Uncommon Premium: The first satoshi of each block (total supply is 6,929,999)
Rare: The first satoshi of each difficulty adjustment period (total supply is 3437)
epic: First Satoshi after each halving (total supply is 32)
Legendary: The first satoshi of each cycle (total supply is 5)
Mythic: The first Satoshi in the genesis block (total supply is 1)
This concept of rare satoshis can add more interest and value to the Bitcoin ecosystem. Satoshis of different rarities may have different values in the market, attracting collectors and investors.
3. Inscription Method
Ordinals are significantly different from NFTs on other non-Bitcoin chains. The main difference is that Ordinals metadata is not stored in a specific location. Instead, this metadata is embedded into the transaction’s witness data (witness data, witness field), which is why we call it an “inscription” because this data is “engraved” into Bitcoin like an inscription. On a specific part of the transaction, the data is attached to a specific Satoshi. This inscription process is implemented through Segregated Witness (SegWit) and Pay-to-Taproot (P2TR), which includes two stages: commit and reveal, which can Any form of content (such as text, images or videos) is inscribed on the designated Satoshi. We will introduce another more direct storage method OP_RETURN below and explain why it is not used as a means of inscription. At the same time, we will introduce what Segregated Witness and Pay-to-Taproot are, and what roles they play in Inscription. Finally we will introduce the method of inscription.
OP_RETURE
In Bitcoin Core 0.9, a compromise was finally achieved by adopting the RETURN operator. RETURN allows developers to add 80 bytes of non-payment data to transaction outputs. Unlike pseudo-payments, RETURN creates an explicit verifiable unspendable output that does not need to be stored in the UTXO set. RETURN outputs are recorded on the blockchain, they consume disk space and also increase the size of the blockchain, but they are not stored in the UTXO set, so they do not bloat the UTXO memory pool, and do not increase the expensive memory cost of full nodes.
Although OP_RETURN is a very direct means of storing information on the Bitcoin blockchain, it is also a potential inscription method. However, the limitations of OP_RETURN make it face some challenges when dealing with metadata storage. First, OP_RETURN can only store 80 bytes of data. For situations where more data needs to be stored, this limitation is obviously unsatisfactory. Secondly, OP_RETURN data is stored in the transaction output part. Although this data is not stored in the UTXO set, it occupies the storage space of the blockchain, resulting in an increase in the size of the blockchain. Finally, using OP_RETURN will lead to higher transaction fees because it requires paying more fees to publish these transactions.
Segregated Witness
In contrast, the new method provided by SegWit can overcome the above problems. SegWit is an important protocol upgrade of Bitcoin, proposed by Bitcoin core developer Pieter Wuille in 2015 and finally adopted in version 0.16.0 in 2017. Segregated in Segregated Witness means separation and isolation, and Witness is a signature thing related to the transaction. Therefore, SegWit separates certain transaction signature data (witness data) from the transaction.
The main benefit of separating signatures from transaction-related data is that it reduces the size of the data stored in a Bitcoin block. This way each block has additional capacity to store more transactions, which means the network can process more transactions and senders pay lower fees. Technically, it is to take the script signature (scriptSig) information out of the basic structure (base block) and put it in a new data structure. Nodes and miners doing verification work will also verify the script signature in this new data structure to ensure that the transaction is valid. The Segwit upgrade introduces a new witness field in the transaction output to ensure privacy and performance. Although witness data is not designed for data storage, it actually gives us an opportunity to store content such as inscription metadata. Let's use the following figure to understand the segregated witness more vividly:
Taproot
P2TR is a type of Bitcoin transaction output that was introduced in the Taproot upgrade in 2021, which allows different transaction conditions to be stored more privately in the blockchain. In Ordinals' inscriptions, P2TR plays a vital role. Inscriptions are essentially embedding specific data content into Bitcoin transactions, and the Taproot upgrade, especially P2TR, makes this embedded data more flexible and economical.
First, because of the way Taproot scripts are stored, we can store inscription content in Taproot script path spending scripts that have almost no restrictions on content while also getting a discount on witness data, making it relatively economical to store inscription content. Since Taproot scripts can only be consumed from pre-existing Taproot outputs, inscriptions use a two-phase commit/reveal process. First, in a commit transaction, a Taproot output is created that commits to a script containing the inscription content. Then, in a reveal transaction, the output created by the commit transaction is consumed, revealing the inscription content on-chain.
This approach significantly reduces resource consumption. Without P2TR, the witness information is stored in the output of the transaction. This way, the witness information is stored in the UTXO set as long as the output is not consumed. In contrast, if P2TR is used, the witness information does not appear in the transaction generated during the commit phase, so it is not written to the UTXO set. Only when the UTXO is consumed does the witness information appear in the transaction input during the reveal phase. P2TR allows metadata to be written to the Bitcoin blockchain, but it never appears in the UTXO set. Since maintaining/modifying the UTXO set requires more resources, this approach can save a lot of resources.
Inscription
The Ordinals protocol takes advantage of SegWit’s relaxation of the size limit on content written to the Bitcoin network, storing the inscription content in the witness data. This allows it to store metadata up to 4MB. Taproot makes it easier to store arbitrary witness data in Bitcoin transactions, allowing Ordinals developer Casey Rodarmor to reuse old opcodes (OP_FALSE, OP_IF, OP_PUSH) for what he describes as “envelopes” called “inscriptions” to store arbitrary data.
The process of casting an inscription consists of two steps:
First, a Taproot output committed to a script containing the inscription content needs to be created in the submitted transaction. The storage format is Taproot, that is, the output of the previous transaction is P2TR (Pay-To-Taproot), and the input of the next transaction is embedded in the Taproot script of the witness; the string ord is first pushed onto the stack to eliminate the ambiguity that the inscription has other uses. OP_PUSH 1 indicates that the next push contains the content type, and OP_PUSH 0 indicates that the subsequent data push contains the content itself. Large inscriptions must use multiple data pushes, because one of the few limitations of taproot is that a single data push must not be larger than 520 bytes. At this point, the data of the inscription has been mapped to the UTXO of the transaction output, but it has not been made public.
A text inscription containing the string "Hello, world!" is serialized as above. Secondly, the output created by the submitted transaction needs to be consumed in the reveal transaction. At this stage, the transaction is initiated by taking the UTXO corresponding to the inscription as input. At this point, the corresponding inscription content is made public to the entire network.
Through the above two steps, the inscription content has been bound to the inscribed UTXO. According to the positioning of Satoshi described above, the inscription is performed on the first Satoshi corresponding to the input UTXO, and the inscription content is included in the input of the displayed transaction. According to the introduction to the circulation and tracking of Satoshi described above, this Satoshi engraved with special content can be transferred, bought, sold, lost and restored. It should be noted that the inscription cannot be repeated, otherwise the subsequent inscription will be invalid.
We will explain this process in detail by engraving a small BTC NFT image. This process mainly includes the two stages mentioned above: commit and reveal. First, we see that the Hash ID of the first transaction is 2ddf9...f585c. It can be noticed that the output of this transaction does not contain witness data, and there is no relevant inscription information on the webpage.
Next, we check the records of the second phase, whose Hash ID is e7454...7c0e1. Here, we can see the information of Ordinals inscription, which is the content of the witnessed inscription. The input address of this transaction is the output address of the previous transaction, and the output 0.00000546BTC (546 Satoshi) is to send this NFT to its own address. At the same time, we can also find the Satoshi where this inscription is located in Sat 1893640468329373.
In the Bitcoin wallet, we can see this asset. If we want to trade this NFT, we can directly send it to someone else's address, that is, send this UTXO, thus completing the circulation of the inscription.
4. Bitcoin Wallet
After we understand what is the Ordinals ecosystem, the circulation of Satoshi and the relevant knowledge of inscriptions, there are currently many application scenarios, whether it is the emergence of BRC-20, ORC-20, BRC-721, GBRC-721 and other related derivative protocols, we need to have corresponding wallets to support and display token information or NFT small pictures. In this section, we will introduce the concepts and characteristics of different Bitcoin wallet addresses.
Bitcoin addresses begin with 1, 3, or bc1. Just like email addresses, they can be shared with other Bitcoin users who can use them to send Bitcoin directly to their own wallets. From a security perspective, there is nothing sensitive about a Bitcoin address. It can be published anywhere without compromising the security of your account. Unlike email addresses, we can create new addresses as often as we want, all of which deposit funds directly into your wallet. In fact, many modern wallets automatically create a new address for each transaction to maximize privacy. A wallet is simply a collection of addresses and the keys that unlock the funds in them. First, we need to know how the address of a Bitcoin wallet is generated.
Bitcoin private and public keys
Bitcoin uses the elliptic curve Secp256k1. The "private key" is a random number between 1 and n-1. n is a very large number (256 bits). n is expressed in scientific notation as approximately 1.15792*10^77. This range is extremely large, and it is almost impossible for us to guess other people's private keys. This random integer private key can be represented by 256 bits, and there are many encoding methods. If the private key in WIF or WIF-compressed form is not encrypted, it can be decoded to get the original "random integer". Another way is BIP38, which proposes to encrypt the private key with the AES algorithm. The private key obtained by this scheme starts with the character 6P. This private key must be entered with a password to be imported into various Bitcoin wallets. This is the private key we usually use.
Then we will use the elliptic curve formula K = kG to generate Bitcoin's public key K from the private key k. G is the Base Point, which is a parameter of secp256k1. We can get the two coordinates of K, which are the two expressions of the public key, "Uncompressed format" and "Compressed format".
Uncompressed form is to directly concatenate the two coordinates x and y together and add a 0x04 prefix in front;
Compressed form, that is, when y is an even number, it is encoded as 02 x, and when y is an odd number, it is encoded as 03 x;
Bitcoin Address
The various types of Bitcoin addresses are shown in the figure below. There are four ways to represent them:
Legacy (P2PKH) format
Example: 1Fh7ajXabJBpZPZw8bjD3QU4CuQ3pRty9u
The address starts with "1" and is the original address format of Bitcoin, which is still in use today. It is obtained by calculating the public key through Hash, also known as P2PKH, which is the abbreviation of Pay To PubKey Hash.
Nested SegWit (P2SH) format
Example: 3KF9nXowQ4asSGxRRzeiTpDjMuwM2nypAN
The address starts with "3". P2SH is the abbreviation of Pay To Script Hash, which supports more complex functions than Legacy addresses. Nested P2SH takes an existing P2SH address (starting with "3") and encapsulates it with a SegWit address.
Native SegWit (Bech32) format
Example: bc1qf3uwcxaz779nxedw0wry89v9cjh9w2xylnmqc3
Addresses starting with bc1 were proposed in BIP0173, which are native segregated witness addresses. Bech32-encoded addresses are an address format developed specifically for SegWit. Bech32 was defined in BIP173 at the end of 2017. One of the main features of this format is that it is case-insensitive (the address only contains 0-9, az), so it can effectively avoid confusion when entering and is easier to read. Since fewer characters are required in the address, the address is encoded using Base32 instead of the traditional Base58, which makes calculations more convenient and efficient. Data can be stored more compactly in the QR code. Bech32 provides higher security, better optimization of checksum and error detection codes, and minimizes the chance of invalid addresses.
Bech32 addresses are natively compatible with SegWit. No extra space is needed to put a SegWit address into a P2SH address, so using Bech32 format addresses will result in lower fees. Bech32 addresses have several advantages over the old Base58 (Base58Check encoding is used to encode byte arrays in Bitcoin into human-encodable strings) addresses: smaller QR codes; better error prevention; more secure; case-insensitive; consisting only of lowercase letters, so it is easier to read, enter, and understand.
Taproot format (P2TR)
Bech32 has a shortcoming: if the last character of an address is p, inserting or deleting any number of characters q immediately before p will not invalidate its checksum.
In order to alleviate the above shortcomings of Bech32, Bech32m addresses were proposed in BIP0350:
For native segwit addresses with version 0, use the previous Bech32;
For native segwit addresses with version 1 (or higher), the new Bech32m is used.
For Bech32m addresses, when version is 1, they always start with bc1p (i.e., Taproot addresses). Specifically, like local segregated witness, wallets can consist of a seed phrase and a passphrase. These are used to generate extended public and private keys, which are used to derive addresses of arbitrary paths in hierarchical deterministic wallets. Mainly used to store BRC-20 and BTC NFTs, etc.
V. About Us
Spectrum Labs is a team of masters and PhDs who focus on blockchain research, as well as senior people in the blockchain industry. We are committed to blockchain research chain technology and its applications to help people better understand blockchain. Spectrum Labs' main business includes writing research reports, writing courses, and developing tools.
The BTC NFT Chinese Community is a BTC NFT Chinese communication platform created for new Chinese people around the world.
