Principle example of a Bitcoin transaction with 1 input and 1 output only
The input in this transaction imports 50 BTC from output #0 in transaction f5d8… Then the output sends 50 BTC to a Bitcoin address (expressed here in hexadecimal 4043… instead of the normal base58). When the recipient wants to spend this money, he will reference output #0 of this transaction in the input of his own transaction.
An input is a reference to an output from a previous transaction. Multiple inputs are often listed in a transaction. The new transaction’s input values (that is, the total coin value of the previous outputs referenced by the new transaction’s inputs) are added. The total (less any transaction fee) is completely used by the outputs of the new transaction. Previous tx is a hash of a previous transaction. The index is the specific output in the referenced transaction. ScriptSig is the first half of a script (discussed in more detail later).
The script contains two components, a signature, and a public key. The public key must match the hash given in the script of the redeemed output. The public key is used to verify the redeemer’s signature, which is the second component. More precisely, the second component is an ECDSA signature over a hash of a simplified version of the transaction. Combined with the public key, the real owner of the address in question proves the transaction was created. Various flags define how the transaction is simplified and can be used to create different types of payment.
An output contains instructions for sending bitcoins. Value is the number of Satoshi (1 BTC = 100,000,000 Satoshi) that this output will be worth when claimed. ScriptPubKey is the second half of a script (discussed later). There can be more than one output, and they share the combined value of the inputs. Because each output from one transaction can only ever be referenced once by an input of a subsequent transaction, the entire combined input value needs to be sent in an output if you don’t want to lose it. If the input is worth 50 BTC, but you only want to send 25 BTC, Bitcoin will create two outputs worth 25 BTC: one to the destination and one back to you (known as “change,” though you send it to yourself). Any input bitcoins not redeemed in an output is considered a transaction fee; whoever generates the block can claim it by inserting it into the coinbase transaction of that block.
A sends 100 BTC to C, and C generates 50 BTC. C sends 101 BTC to D, and he needs to send himself some change. D sends the 101 BTC to someone else, but they haven’t redeemed it yet. Only D’s output and C’s change are capable of being spent in the current state.
To verify that inputs are authorized to collect the values of referenced outputs, Bitcoin uses a custom Forth-like scripting system. The input’s scriptSig and the referenced output’s scriptPubKey are evaluated (in that order), with scriptPubKey using the values left on the stack by scriptSig. The input is authorized if scriptPubKey returns true. The sender can create very complex conditions through the scripting system that people have to meet to claim the output’s value. For example, it’s possible to create an output that anyone can claim without any authorization. It’s also possible to require that input be signed by ten different keys or be redeemable with a password instead of a key.