Understanding P2WPKH

[kanishk779]

I was trying to understand the P2WPKH addresses, but I don't understand how are they valid for non-segwit nodes? My understanding of a valid bitcoin script is that the stack should be empty once the concatenation of the unlocking and locking script is run.

This is the locking script for P2WPKH

0 ab68025513c3dbd2f7b92a94e0581f5d50f654e7

This page describes that

To the non-segwit node the two pushes would look like an output that anyone can spend and does not require a signature.

But in this case, the stack would not be empty. So how is this a valid script?
It further mentions that for the segwit nodes, the first number acts as the version and the second one is the witness program. How does this work and what exactly is the witness program? Is it a hash of some script like we have for the P2SH addresses?

[dr-orlovsky]

I can answer the second question, but can't answer the first one (I have the same question actually).

So, the witness program is the next byte-push following the version opcode in the scriptPubkey. The meaning of the witness program is specific to the used witness version (first int-push in scriptPubkey).

For witness version v0 (P2WKPH, P2WSH) it means that the following push (20 or 32 bytes correspondingly) is the hash of the public key (P2WPKH) or a witness script (P2WSH). It must be provided as a part of the witness data of the spending transaction input, and for a public key it must be a compressed public key, and for a witness script it must be a script source as a first witness stack element (i.e. this is "like in P2SH", except that the script is now part of the witness and not sigScript and thus lacks byte-push command in front of it. Also it is disallowed to have checksigs/checkmultisigs for uncompressed keys, unlike P2SH).

[kanishk779]

Seems like my understanding of a valid bitcoin script was wrong. This wiki mentions which scripts are valid with respect to the state of the stack.

A transaction is valid if nothing in the combined script triggers failure and the top stack item is True (non-zero) when the script exits.

Therefore the P2WPKH addresses will be valid for non-segwit nodes, as the script will just push some stuff on the stack and the top of the stack won't be zero.

Could you elaborate on what does it means when you say

it must be provided as a part of the witness data of the spending transaction input.

were you referring to the public-key/script or the hash of them, that needs to be provided by the spender of the bitcoins, which will be included in the witness data?

[dr-orlovsky]

Your argument looks very reasonable and explaining everything.

were you referring to the public-key/script or the hash of them, that needs to be provided by the spender of the bitcoins, which will be included in the witness data?

The witness for P2WSH and P2WSH-in-P2SH spending must provide the source of the script in full, and the hash of this script must match the witness program from the output spent.