Bitcoin Transaction Validation, What Exactly Goes on Under the Hood?

Currently, the bitcoin network is processing about 4-4.5 transactions per second and up to 7 per second, with a current total of about 10million transactions per year.

Graphic Courtesy of

To understand how bitcoin transactions work, we need to first understand a few concepts.  Once these are understood, how transactions work will be much easier to understand. 

KeyPairs (Public and Private)

The bitcoin network requires all users to have keypairs.  A keypair is made of one public and one private key. 

Private keys are a single 256-bit number.  You can create one yourself or have it generated.  From this private key, a public key is generated using the Elliptic Curve Digital Signature Algorithm (ECDSA).  The resulting public key string of numbers cannot be used in reverse to find a private key.  This new key pair is used to encrypt/decrypt data as well as lock data where only the private key can be used to unlock it. 

Basic Authentication Process

Bitcoin authenticates transactions and senders with digital signatures created using keypairs.  The sender wants the correct bitcoin amount to be transferred to the right person(wallet), and the receiver wants to ensure the data is accurate and from the sender. 

  1. The sender collected the data to be sent.
  2. Using the hash function a 256-bit hash is created.
  3. The sender signs the hash with their private key encrypting it and creating a digital signature

At this point, data, the public key, and the digital signature are provided to the receiver.

  1. When the public key is applied to the Digital Signature, step 3 is revered, and the step 2 hash is the result.
  2. The data and the hash function are applied, and the result is the hash (should be the same as step 2).
  3. The results of Steps 4 and 5 are compared, and if correct, the transaction is authenticated; if not (the data is incorrect or the public key used is erroneous), it is rejected as a false transaction.

The Bitcoin Transaction(receiving)

Now that we know the basics of the transaction, let’s dive into some specifics.

You decide to sell your vintage car, and a buyer (we’ll call him Nakamura) offers to pay you with bitcoin, so you must provide a bitcoin address.  You create an address by hashing your public key, resulting in a “PubKeyHash” and converting that to a bitcoin address which starts with a 1 or 3 with the base58check format.

You can reverse engineer the PublicKeyhash from the address but cannot even obtain the public key from the PublicKeyHash.

With the provided address, Nakamura (your car buyer) will create a transaction output containing:

  • Index (a transaction ID) and location to help in future transactions
  • The total amount in satoshis (bitcoin’s smallest unit)
  • PubKey Script locks the amount in your PubKeyHash

When you eventually want to spend the ten bitcoins, your private key will be used to feed the PubKey Script and unlock the received Bitcoin.

The transaction must be validated and mined by the miners (usually within 10 minutes but sometimes longer) to be completed, and then your wallet will indicate the ten-bitcoin deposit.  The wallet does not “contain” the money like a real-world wallet; just an output called an Unspent Transaction Output (UTXO).  UTXOs are unlocked when you send some or all the bitcoin to another address creating a new UTXO. 

The bitcoin network is not an account-based system but a matrix of UTXOs.  The wallets hold keys to unlock those UTXOs and transfer them to others. 

The Bitcoin Transaction (Sending)

If you send any amount of satoshis, you will create a new UTXO for that transaction and either send all the bitcoin with the single new UTXO or a second new UXTO is created with the remainder which is sent right back to you. 

Now you want to spend that bitcoin from the car sale to buy a collection of Pokémon cards from Ash (He’s got them all).  You will therefore create a new input and output.



You start with the transaction ID and Index to locate the UTXO and the PubKey Script from the sale of the car (blue rectangle above). 

You then create a new Signature Script which is for the satisfaction of the PubKey Script.  The Signature script has a signature (all the transaction data for sending to Ash) and your public key.  The data is:

  • Old Transaction ID
  • Old Index
  • Nakamura’s PubKey Script
  • Ash’s PubKey script
  • Total satoshis going to Ash

This data is hashed twice with the SHA256 algorithm and signed with your private key.  This product is then added to your public key to create the new Signature Script.  Orange rectangle above


Your output contains the satoshi’s to be transferred, a new index, and a new PubKey Script with Ash’s address he provides to lock the bitcoin to his address.

Miners and the PubKey Script

When the transaction is sent to the miners, they will take the Signature Script and run it with the PubKey Script.  With a “true” result, the transaction is added to the block and then validated.

The PubKey Script explained

Graphic modified from

The PubKey Script uses the following stacked six-step process to verify (return a T or F) the transaction:

  1. Add the signature script (Sig) and then stack on it the public key (PubKey)
  2. OP_DUP duplicates of the last thing added to the stack (the PubKey)
  3. OP_HASH160 hashes the duplicated public key Pk Hash
  4. PubKey (Pk) Hash from the first transaction (car) is added (Pk Hash in the oval)
  5. OP_EQUALVERIFY compares the top two parts of the stack, Pk Hash from the car transaction (in the oval) and the Pk Hash of the public key provided to the Signature Script (in the square). If they are the same, they will be removed (popped off) from the stack. (leaving the public key and signature)
  6. OP_CHECKSIG will use the public key to decrypt the signature. The PubKey Script then checks for a match between the digital signature and the output of the data that was twice hashed and signed, creating the signature(sig).  If they match, the Sig and PubKey are popped off, and a “True” result is then added to the new block and validated on the network; if “False,” the transaction fails and is not added. 

Ash now gives you your beloved Pokémon collection.


The Bitcoin Transaction Validation process is a set of checks to ensure that the network stays accurate and allows for privacy by not transmitting personal information to make transactions.  The transaction process has been proven to be a robust system that can prevent tampering and give confidence to its users. 


Disclaimer: The author of this text, Jean Chalopin, is a global business leader with a background encompassing banking, biotech, and entertainment.  Mr. Chalopin is Chairman of Deltec International Group,

The co-author of this text, Robin Trehan, has a Bachelor’s degree in Economics, a Master’s in International Business and Finance, and an MBA in Electronic Business.  Mr. Trehan is a Senior VP at Deltec International Group,

 The views, thoughts, and opinions expressed in this text are solely the views of the authors, and do not necessarily reflect those of Deltec International Group, its subsidiaries, and/or its employees.