OP_HASH160

OP_HASH160 (opcode 0xa9) consumes the top item on the stack, computes RIPEMD160(SHA256(x)) of that item, and pushes the resulting 20-byte digest back onto the stack. This double-hash construction is the reason Bitcoin addresses are 160 bits wide: SHA256 provides collision resistance while RIPEMD160 compresses the output to a shorter, more compact value.

Why two hash functions

Nesting RIPEMD160 over SHA256 hedges against an unforeseen weakness in either primitive while keeping the public-facing commitment small — a meaningful saving back when every byte of UTXO data mattered. The same 20-byte output appears in legacy P2PKH addresses (the hash of a public key) and in P2SH addresses (the hash of a redeem script).

Role in standard scripts

In a Pay-to-Public-Key-Hash locking script, OP_DUP OP_HASH160 <20-byte-hash> OP_EQUALVERIFY OP_CHECKSIG, OP_HASH160 hashes the spender's supplied public key so it can be compared against the committed address hash before signature verification runs. In Pay-to-Script-Hash, it hashes the revealed redeem script. SegWit v0 keeps the same 160-bit digest in its witness-program variants (P2WPKH).

OP_HASH160 is best understood next to the signature opcode it precedes, OP_CHECKSIG, and contrasts with the data-commitment role of OP_RETURN, which also embeds hashes but in a provably unspendable output.