From 8e428562cbff89aa3f9d111792eb6105cfd8cf03 Mon Sep 17 00:00:00 2001
From: Martin Habovstiak <martin.habovstiak@gmail.com>
Date: Sat, 30 Jul 2022 14:22:18 +0200
Subject: [PATCH] Implemented unsized `Script`

This renames `Script` to `ScriptBuf` and adds unsized `Script` modeled
after `PathBuf`/`Path`. The change cleans up the API a bit, especially
all functions that previously accepted `&Script` now accept truly
borrowed version. Some functions that perviously accepted `&[u8]` can
now accept `&Script` because constructing it is no loger costly.
---
 bitcoin/Cargo.toml                            |    1 +
 bitcoin/examples/ecdsa-psbt.rs                |    8 +-
 bitcoin/examples/taproot-psbt.rs              |   20 +-
 .../fuzz/fuzz_targets/deserialize_script.rs   |    2 +-
 .../fuzz_targets/script_bytes_to_asm_fmt.rs   |    2 +-
 bitcoin/src/address.rs                        |   16 +-
 bitcoin/src/bip152.rs                         |    6 +-
 bitcoin/src/bip158.rs                         |   19 +-
 bitcoin/src/blockdata/block.rs                |    2 +-
 bitcoin/src/blockdata/script.rs               | 1928 ++++++++++++-----
 bitcoin/src/blockdata/transaction.rs          |   22 +-
 bitcoin/src/internal_macros.rs                |    2 +-
 bitcoin/src/lib.rs                            |    3 +-
 bitcoin/src/network/message.rs                |    4 +-
 bitcoin/src/psbt/map/input.rs                 |   18 +-
 bitcoin/src/psbt/map/output.rs                |   14 +-
 bitcoin/src/psbt/mod.rs                       |   24 +-
 bitcoin/src/psbt/serialize.rs                 |   22 +-
 bitcoin/src/sighash.rs                        |   24 +-
 bitcoin/src/taproot.rs                        |   56 +-
 bitcoin/tests/psbt.rs                         |   12 +-
 bitcoin/tests/serde.rs                        |   28 +-
 22 files changed, 1525 insertions(+), 708 deletions(-)

diff --git a/bitcoin/Cargo.toml b/bitcoin/Cargo.toml
index 294e3da6..c903f384 100644
--- a/bitcoin/Cargo.toml
+++ b/bitcoin/Cargo.toml
@@ -20,6 +20,7 @@ serde = ["actual-serde", "bitcoin_hashes/serde", "secp256k1/serde"]
 secp-lowmemory = ["secp256k1/lowmemory"]
 secp-recovery = ["secp256k1/recovery"]
 bitcoinconsensus-std = ["bitcoinconsensus/std", "std"]
+rust_v_1_53 = []
 
 # At least one of std, no-std must be enabled.
 #
diff --git a/bitcoin/examples/ecdsa-psbt.rs b/bitcoin/examples/ecdsa-psbt.rs
index 77494fbd..b6405d0b 100644
--- a/bitcoin/examples/ecdsa-psbt.rs
+++ b/bitcoin/examples/ecdsa-psbt.rs
@@ -42,7 +42,7 @@ use bitcoin::locktime::absolute;
 use bitcoin::psbt::{self, Input, Psbt, PsbtSighashType};
 use bitcoin::secp256k1::{Secp256k1, Signing, Verification};
 use bitcoin::{
-    Address, Amount, Network, OutPoint, PublicKey, Script, Sequence, Transaction, TxIn, TxOut,
+    Address, Amount, Network, OutPoint, PublicKey, ScriptBuf, Sequence, Transaction, TxIn, TxOut,
     Txid, Witness,
 };
 
@@ -191,7 +191,7 @@ impl WatchOnly {
                     txid: Txid::from_hex(INPUT_UTXO_TXID)?,
                     vout: INPUT_UTXO_VOUT,
                 },
-                script_sig: Script::new(),
+                script_sig: ScriptBuf::new(),
                 sequence: Sequence::MAX, // Disable LockTime and RBF.
                 witness: Witness::default(),
             }],
@@ -216,7 +216,7 @@ impl WatchOnly {
         let pk = self.input_xpub.to_pub();
         let wpkh = pk.wpubkey_hash().expect("a compressed pubkey");
 
-        let redeem_script = Script::new_v0_p2wpkh(&wpkh);
+        let redeem_script = ScriptBuf::new_v0_p2wpkh(&wpkh);
         input.redeem_script = Some(redeem_script);
 
         let fingerprint = self.master_fingerprint;
@@ -284,7 +284,7 @@ fn input_derivation_path() -> Result<DerivationPath> {
 }
 
 fn previous_output() -> TxOut {
-    let script_pubkey = Script::from_hex(INPUT_UTXO_SCRIPT_PUBKEY)
+    let script_pubkey = ScriptBuf::from_hex(INPUT_UTXO_SCRIPT_PUBKEY)
         .expect("failed to parse input utxo scriptPubkey");
     let amount = Amount::from_str(INPUT_UTXO_VALUE).expect("failed to parse input utxo value");
 
diff --git a/bitcoin/examples/taproot-psbt.rs b/bitcoin/examples/taproot-psbt.rs
index e4149521..6a3477aa 100644
--- a/bitcoin/examples/taproot-psbt.rs
+++ b/bitcoin/examples/taproot-psbt.rs
@@ -94,7 +94,7 @@ use bitcoin::taproot::{
     LeafVersion, TapLeafHash, TapSighashHash, TaprootBuilder, TaprootSpendInfo,
 };
 use bitcoin::{
-    absolute, script, Address, Amount, OutPoint, Script, Transaction, TxIn, TxOut, Txid, Witness,
+    absolute, script, Address, Amount, OutPoint, ScriptBuf, Transaction, TxIn, TxOut, Txid, Witness,
 };
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
@@ -241,7 +241,7 @@ fn generate_bip86_key_spend_tx(
                 txid: Txid::from_hex(input_utxo.txid)?,
                 vout: input_utxo.vout,
             },
-            script_sig: Script::new(),
+            script_sig: ScriptBuf::new(),
             sequence: bitcoin::Sequence(0xFFFFFFFF), // Ignore nSequence.
             witness: Witness::default(),
         }],
@@ -263,7 +263,7 @@ fn generate_bip86_key_spend_tx(
 
     let mut input = Input {
         witness_utxo: {
-            let script_pubkey = Script::from_hex(input_utxo.script_pubkey)
+            let script_pubkey = ScriptBuf::from_hex(input_utxo.script_pubkey)
                 .expect("failed to parse input utxo scriptPubkey");
             let amount = Amount::from_sat(from_amount);
 
@@ -289,7 +289,7 @@ fn generate_bip86_key_spend_tx(
                 vout,
                 &sighash::Prevouts::All(&[TxOut {
                     value: from_amount,
-                    script_pubkey: Script::from_str(input_utxo.script_pubkey)?,
+                    script_pubkey: ScriptBuf::from_str(input_utxo.script_pubkey)?,
                 }]),
                 hash_ty,
             )?;
@@ -333,7 +333,7 @@ fn generate_bip86_key_spend_tx(
     tx.verify(|_| {
         Some(TxOut {
             value: from_amount,
-            script_pubkey: Script::from_hex(input_utxo.script_pubkey).unwrap(),
+            script_pubkey: ScriptBuf::from_hex(input_utxo.script_pubkey).unwrap(),
         })
     })
     .expect("failed to verify transaction");
@@ -367,7 +367,7 @@ impl BenefactorWallet {
         })
     }
 
-    fn time_lock_script(locktime: absolute::LockTime, beneficiary_key: XOnlyPublicKey) -> Script {
+    fn time_lock_script(locktime: absolute::LockTime, beneficiary_key: XOnlyPublicKey) -> ScriptBuf {
         script::Builder::new()
             .push_int(locktime.to_consensus_u32() as i64)
             .push_opcode(OP_CLTV)
@@ -404,7 +404,7 @@ impl BenefactorWallet {
             .finalize(&self.secp, internal_keypair.x_only_public_key().0)
             .expect("Should be finalizable");
         self.current_spend_info = Some(taproot_spend_info.clone());
-        let script_pubkey = Script::new_v1_p2tr(
+        let script_pubkey = ScriptBuf::new_v1_p2tr(
             &self.secp,
             taproot_spend_info.internal_key(),
             taproot_spend_info.merkle_root(),
@@ -425,7 +425,7 @@ impl BenefactorWallet {
             lock_time,
             input: vec![TxIn {
                 previous_output: OutPoint { txid: tx.txid(), vout: 0 },
-                script_sig: Script::new(),
+                script_sig: ScriptBuf::new(),
                 sequence: bitcoin::Sequence(0xFFFFFFFD), // enable locktime and opt-in RBF
                 witness: Witness::default(),
             }],
@@ -505,7 +505,7 @@ impl BenefactorWallet {
                 .expect("Should be finalizable");
             self.current_spend_info = Some(taproot_spend_info.clone());
             let prevout_script_pubkey = input.witness_utxo.as_ref().unwrap().script_pubkey.clone();
-            let output_script_pubkey = Script::new_v1_p2tr(
+            let output_script_pubkey = ScriptBuf::new_v1_p2tr(
                 &self.secp,
                 taproot_spend_info.internal_key(),
                 taproot_spend_info.merkle_root(),
@@ -573,7 +573,7 @@ impl BenefactorWallet {
                 lock_time,
                 input: vec![TxIn {
                     previous_output: OutPoint { txid: tx.txid(), vout: 0 },
-                    script_sig: Script::new(),
+                    script_sig: ScriptBuf::new(),
                     sequence: bitcoin::Sequence(0xFFFFFFFD), // enable locktime and opt-in RBF
                     witness: Witness::default(),
                 }],
diff --git a/bitcoin/fuzz/fuzz_targets/deserialize_script.rs b/bitcoin/fuzz/fuzz_targets/deserialize_script.rs
index 8cd25ae3..94875076 100644
--- a/bitcoin/fuzz/fuzz_targets/deserialize_script.rs
+++ b/bitcoin/fuzz/fuzz_targets/deserialize_script.rs
@@ -6,7 +6,7 @@ use bitcoin::blockdata::script;
 use bitcoin::consensus::encode;
 
 fn do_test(data: &[u8]) {
-    let s: Result<script::Script, _> = encode::deserialize(data);
+    let s: Result<script::ScriptBuf, _> = encode::deserialize(data);
     if let Ok(script) = s {
         let _: Result<Vec<script::Instruction>, script::Error> = script.instructions().collect();
 
diff --git a/bitcoin/fuzz/fuzz_targets/script_bytes_to_asm_fmt.rs b/bitcoin/fuzz/fuzz_targets/script_bytes_to_asm_fmt.rs
index 534f6f9f..e8736575 100644
--- a/bitcoin/fuzz/fuzz_targets/script_bytes_to_asm_fmt.rs
+++ b/bitcoin/fuzz/fuzz_targets/script_bytes_to_asm_fmt.rs
@@ -17,7 +17,7 @@ impl fmt::Write for NullWriter {
 
 fn do_test(data: &[u8]) {
     let mut writer = NullWriter;
-    bitcoin::Script::bytes_to_asm_fmt(data, &mut writer);
+    bitcoin::Script::from_bytes(data).fmt_asm(&mut writer);
 }
 
 #[cfg(feature = "afl")]
diff --git a/bitcoin/src/address.rs b/bitcoin/src/address.rs
index 7772702a..a0da8586 100644
--- a/bitcoin/src/address.rs
+++ b/bitcoin/src/address.rs
@@ -409,9 +409,11 @@ impl Payload {
                 return Err(Error::InvalidSegwitV0ProgramLength(script.len() - 2));
             }
 
+            let opcode = script.first_opcode().expect("witness_version guarantees len() > 4");
+
             Payload::WitnessProgram {
-                version: WitnessVersion::try_from(opcodes::All::from(script[0]))?,
-                program: script[2..].to_vec(),
+                version: WitnessVersion::try_from(opcode)?,
+                program: script.as_bytes()[2..].to_vec(),
             }
         } else {
             return Err(Error::UnrecognizedScript);
@@ -419,12 +421,12 @@ impl Payload {
     }
 
     /// Generates a script pubkey spending to this [Payload].
-    pub fn script_pubkey(&self) -> script::Script {
+    pub fn script_pubkey(&self) -> script::ScriptBuf {
         match *self {
-            Payload::PubkeyHash(ref hash) => script::Script::new_p2pkh(hash),
-            Payload::ScriptHash(ref hash) => script::Script::new_p2sh(hash),
+            Payload::PubkeyHash(ref hash) => script::ScriptBuf::new_p2pkh(hash),
+            Payload::ScriptHash(ref hash) => script::ScriptBuf::new_p2sh(hash),
             Payload::WitnessProgram { version, program: ref prog } =>
-                script::Script::new_witness_program(version, prog),
+                script::ScriptBuf::new_witness_program(version, prog)
         }
     }
 
@@ -674,7 +676,7 @@ impl Address {
     }
 
     /// Generates a script pubkey spending to this address.
-    pub fn script_pubkey(&self) -> script::Script { self.payload.script_pubkey() }
+    pub fn script_pubkey(&self) -> script::ScriptBuf { self.payload.script_pubkey() }
 
     /// Creates a URI string *bitcoin:address* optimized to be encoded in QR codes.
     ///
diff --git a/bitcoin/src/bip152.rs b/bitcoin/src/bip152.rs
index c3e6d899..a8eacbb5 100644
--- a/bitcoin/src/bip152.rs
+++ b/bitcoin/src/bip152.rs
@@ -377,7 +377,7 @@ mod test {
     use crate::consensus::encode::{deserialize, serialize};
     use crate::hashes::hex::FromHex;
     use crate::{
-        CompactTarget, OutPoint, Script, Sequence, Transaction, TxIn, TxMerkleNode, TxOut, Txid,
+        CompactTarget, OutPoint, ScriptBuf, Sequence, Transaction, TxIn, TxMerkleNode, TxOut, Txid,
         Witness,
     };
 
@@ -387,11 +387,11 @@ mod test {
             lock_time: absolute::LockTime::from_consensus(2),
             input: vec![TxIn {
                 previous_output: OutPoint::new(Txid::hash(nonce), 0),
-                script_sig: Script::new(),
+                script_sig: ScriptBuf::new(),
                 sequence: Sequence(1),
                 witness: Witness::new(),
             }],
-            output: vec![TxOut { value: 1, script_pubkey: Script::new() }],
+            output: vec![TxOut { value: 1, script_pubkey: ScriptBuf::new() }],
         }
     }
 
diff --git a/bitcoin/src/bip158.rs b/bitcoin/src/bip158.rs
index 8493d4e7..d487f7bb 100644
--- a/bitcoin/src/bip158.rs
+++ b/bitcoin/src/bip158.rs
@@ -20,7 +20,7 @@
 //! # Examples
 //!
 //! ```ignore
-//! fn get_script_for_coin(coin: &OutPoint) -> Result<Script, BlockFilterError> {
+//! fn get_script_for_coin(coin: &OutPoint) -> Result<ScriptBuf, BlockFilterError> {
 //!   // get utxo ...
 //! }
 //!
@@ -32,7 +32,7 @@
 //!
 //! // read and evaluate a filter
 //!
-//! let query: Iterator<Item=Script> = // .. some scripts you care about
+//! let query: Iterator<Item=ScriptBuf> = // .. some scripts you care about
 //! if filter.match_any(&block_hash, &mut query.map(|s| s.as_bytes())) {
 //!   // get this block
 //! }
@@ -117,9 +117,10 @@ impl BlockFilter {
     pub fn new(content: &[u8]) -> BlockFilter { BlockFilter { content: content.to_vec() } }
 
     /// Computes a SCRIPT_FILTER that contains spent and output scripts.
-    pub fn new_script_filter<M>(block: &Block, script_for_coin: M) -> Result<BlockFilter, Error>
+    pub fn new_script_filter<M, S>(block: &Block, script_for_coin: M) -> Result<BlockFilter, Error>
     where
-        M: Fn(&OutPoint) -> Result<Script, Error>,
+        M: Fn(&OutPoint) -> Result<S, Error>,
+        S: Borrow<Script>,
     {
         let mut out = Vec::new();
         let mut writer = BlockFilterWriter::new(&mut out, block);
@@ -188,9 +189,10 @@ impl<'a, W: io::Write> BlockFilterWriter<'a, W> {
     }
 
     /// Adds consumed output scripts of a block to filter.
-    pub fn add_input_scripts<M>(&mut self, script_for_coin: M) -> Result<(), Error>
+    pub fn add_input_scripts<M, S>(&mut self, script_for_coin: M) -> Result<(), Error>
     where
-        M: Fn(&OutPoint) -> Result<Script, Error>,
+        M: Fn(&OutPoint) -> Result<S, Error>,
+        S: Borrow<Script>,
     {
         for script in self
             .block
@@ -201,7 +203,7 @@ impl<'a, W: io::Write> BlockFilterWriter<'a, W> {
             .map(script_for_coin)
         {
             match script {
-                Ok(script) => self.add_element(script.as_bytes()),
+                Ok(script) => self.add_element(script.borrow().as_bytes()),
                 Err(e) => return Err(e),
             }
         }
@@ -560,6 +562,7 @@ mod test {
     use crate::consensus::encode::deserialize;
     use crate::hash_types::BlockHash;
     use crate::hashes::hex::FromHex;
+    use crate::ScriptBuf;
 
     #[test]
     fn test_blockfilters() {
@@ -585,7 +588,7 @@ mod test {
                 for input in tx.input.iter() {
                     txmap.insert(
                         input.previous_output,
-                        Script::from(Vec::from_hex(si.next().unwrap().as_str().unwrap()).unwrap()),
+                        ScriptBuf::from(Vec::from_hex(si.next().unwrap().as_str().unwrap()).unwrap()),
                     );
                 }
             }
diff --git a/bitcoin/src/blockdata/block.rs b/bitcoin/src/blockdata/block.rs
index b56fbc64..277a7ea9 100644
--- a/bitcoin/src/blockdata/block.rs
+++ b/bitcoin/src/blockdata/block.rs
@@ -240,7 +240,7 @@ impl Block {
 
         // Commitment is in the last output that starts with magic bytes.
         if let Some(pos) = coinbase.output.iter()
-            .rposition(|o| o.script_pubkey.len () >= 38 && o.script_pubkey[0..6] ==  MAGIC)
+            .rposition(|o| o.script_pubkey.len () >= 38 && o.script_pubkey.as_bytes()[0..6] ==  MAGIC)
         {
             let commitment = WitnessCommitment::from_slice(&coinbase.output[pos].script_pubkey.as_bytes()[6..38]).unwrap();
             // Witness reserved value is in coinbase input witness.
diff --git a/bitcoin/src/blockdata/script.rs b/bitcoin/src/blockdata/script.rs
index 701de9e1..df2c18d0 100644
--- a/bitcoin/src/blockdata/script.rs
+++ b/bitcoin/src/blockdata/script.rs
@@ -3,30 +3,70 @@
 
 //! Bitcoin scripts.
 //!
+//! *[See also the `Script` type](Script).*
+//!
+//! This module provides the structures and functions needed to support scripts.
+//!
+//! <details>
+//! <summary>What is Bitcoin script</summary>
+//!
 //! Scripts define Bitcoin's digital signature scheme: a signature is formed
 //! from a script (the second half of which is defined by a coin to be spent,
 //! and the first half provided by the spending transaction), and is valid iff
 //! the script leaves `TRUE` on the stack after being evaluated. Bitcoin's
-//! script is a stack-based assembly language similar in spirit to Forth.
+//! script is a stack-based assembly language similar in spirit to [Forth].
 //!
-//! This module provides the structures and functions needed to support scripts.
+//! Script is represented as a sequence of bytes on the wire, each byte representing an operation,
+//! or data to be pushed on the stack.
 //!
+//! See [Bitcoin Wiki: Script][wiki-script] for more information.
+//!
+//! [Forth]: https://en.wikipedia.org/wiki/Forth_(programming_language)
+//!
+//! [wiki-script]: https://en.bitcoin.it/wiki/Script
+//! </details>
+//!
+//! In this library we chose to keep the byte representation in memory and decode opcodes only when
+//! processing the script. This is similar to Rust choosing to represent strings as UTF-8-encoded
+//! bytes rather than slice of `char`s. In both cases the individual items can have different sizes
+//! and forcing them to be larger would waste memory and, in case of Bitcoin script, even some
+//! performance (forcing allocations).
+//!
+//! ## `Script` vs `ScriptBuf` vs `Builder`
+//!
+//! These are the most important types in this module and they are quite similar, so it may seem
+//! confusing what the differences are. `Script` is an unsized type much like `str` or `Path` are
+//! and `ScriptBuf` is an owned counterpart to `Script` just like `String` is an owned counterpart
+//! to `str`.
+//!
+//! However it is common to construct an owned script and then pass it around. For this case a
+//! builder API is more convenient. To support this we provide `Builder` type which is very similar
+//! to `ScriptBuf` but its methods take `self` instead of `&mut self` and return `Self`. It also
+//! contains a cache that may make some modifications faster. This cache is usually not needed
+//! outside of creating the script.
+//!
+//! At the time of writing there's only one operation using the cache - `push_verify`, so the cache
+//! is minimal but we may extend it in the future if needed.
 
 use crate::prelude::*;
 
-use crate::io;
-use core::convert::TryFrom;
-use core::{fmt, default::Default};
-use core::ops::Index;
+use alloc::rc::Rc;
+use alloc::sync::Arc;
 use bitcoin_internals::debug_from_display;
-#[cfg(feature = "bitcoinconsensus")]
-use bitcoin_internals::write_err;
+use crate::io;
+use core::cmp::Ordering;
+use core::convert::TryFrom;
+use core::borrow::{Borrow, BorrowMut};
+use core::{fmt, default::Default};
+use core::ops::{Deref, DerefMut, Index, Range, RangeFull, RangeFrom, RangeTo, RangeInclusive, RangeToInclusive};
+#[cfg(feature = "rust_v_1_53")]
+use core::ops::Bound;
+use bitcoin_hashes::hex::ToHex;
 
 #[cfg(feature = "serde")] use serde;
 
 use crate::hash_types::{PubkeyHash, WPubkeyHash, ScriptHash, WScriptHash};
-use crate::blockdata::opcodes;
-use crate::blockdata::opcodes::all::*;
+use crate::blockdata::opcodes::{self, all::*};
 use crate::consensus::{encode, Decodable, Encodable};
 use crate::hashes::{Hash, hex};
 use crate::policy::DUST_RELAY_TX_FEE;
@@ -34,44 +74,568 @@ use crate::policy::DUST_RELAY_TX_FEE;
 #[cfg(feature="bitcoinconsensus")] use core::convert::From;
 use crate::OutPoint;
 
-use crate::crypto::key::PublicKey;
+use crate::key::PublicKey;
 use crate::address::WitnessVersion;
 use crate::taproot::{LeafVersion, TapBranchHash, TapLeafHash};
 use secp256k1::{Secp256k1, Verification, XOnlyPublicKey};
-use crate::crypto::schnorr::{TapTweak, TweakedPublicKey, UntweakedPublicKey};
+use crate::schnorr::{TapTweak, TweakedPublicKey, UntweakedPublicKey};
 
-/// Bitcoin script.
+/// Bitcoin script slice.
 ///
-/// A list of instructions in a simple, [Forth]-like, stack-based programming language
-/// that Bitcoin uses.
+/// *[See also the `bitcoin::blockdata::script` module](crate::blockdata::script).*
 ///
-/// [Forth]: https://en.wikipedia.org/wiki/Forth_(programming_language)
+/// `Script` is a script slice, the most primitive script type. It's usually seen in its borrowed
+/// form `&Script`. It is always encoded as a series of bytes representing the opcodes and data
+/// pushes.
 ///
-/// See [Bitcoin Wiki: Script][wiki-script] for more information.
+/// ## Validity
+///
+/// `Script` does not have any validity invariants - it's essentially just a marked slice of
+/// bytes. This is similar to [`Path`](std::path::Path) vs [`OsStr`](std::ffi::OsStr) where they
+/// are trivially cast-able to each-other and `Path` doesn't guarantee being a usable FS path but
+/// having a newtype still has value because of added methods, readability and basic type checking.
+///
+/// Although at least data pushes could be checked not to overflow the script, bad scripts are
+/// allowed to be in a transaction (outputs just become unspendable) and there even are such
+/// transactions in the chain. Thus we must allow such scripts to be placed in the transaction.
+///
+/// ## Slicing safety
+///
+/// Slicing is similar to how `str` works: some ranges may be incorrect and indexing by
+/// `usize` is not supported. However, as opposed to `std`, we have no way of checking
+/// correctness without causing linear complexity so there are **no panics on invalid
+/// ranges!** If you supply an invalid range, you'll get a garbled script.
+///
+/// The range is considered valid if it's at a boundary of instruction. Care must be taken
+/// especially with push operations because you could get a reference to arbitrary
+/// attacker-supplied bytes that look like a valid script.
+///
+/// It is recommended to use `.instructions()` method to get an iterator over script
+/// instructions and work with that instead.
+///
+/// ## Memory safety
+///
+/// The type is `#[repr(transparent)]` for internal purposes only!
+/// No consumer crate may rely on the represenation of the struct!
+///
+/// ## References
 ///
-/// [wiki-script]: https://en.bitcoin.it/wiki/Script
 ///
 /// ### Bitcoin Core References
 ///
 /// * [CScript definition](https://github.com/bitcoin/bitcoin/blob/d492dc1cdaabdc52b0766bf4cba4bd73178325d0/src/script/script.h#L410)
-#[derive(Clone, Default, PartialOrd, Ord, PartialEq, Eq, Hash)]
-pub struct Script(Box<[u8]>);
+///
+#[derive(PartialOrd, Ord, PartialEq, Eq, Hash)]
+#[repr(transparent)]
+pub struct Script([u8]);
 
-impl<I> Index<I> for Script
-where
-    [u8]: Index<I>,
-{
-    type Output = <[u8] as Index<I>>::Output;
+/// An owned, growable script.
+///
+/// `ScriptBuf` is the most common script type that has the ownership over the contents of the
+/// script. It has a close relationship with its borrowed counterpart, [`Script`].
+///
+/// Just as other similar types, this implements [`Deref`], so [deref coercions] apply. Also note
+/// that all the safety/validity restrictions that apply to [`Script`] apply to `ScriptBuf` as well.
+///
+/// [deref coercions]: https://doc.rust-lang.org/std/ops/trait.Deref.html#more-on-deref-coercion
+#[derive(Default, Debug, Clone, PartialOrd, Ord, PartialEq, Eq, Hash)]
+pub struct ScriptBuf(Vec<u8>);
+
+impl ToOwned for Script {
+    type Owned = ScriptBuf;
+
+    fn to_owned(&self) -> Self::Owned {
+        ScriptBuf(self.0.to_owned())
+    }
+}
+
+impl Script {
+    /// Treat byte slice as `Script`
+    #[inline]
+    pub fn from_bytes(bytes: &[u8]) -> &Script {
+        // SAFETY: copied from `std`
+        // The pointer was just created from a reference which is still alive.
+        // Casting slice pointer to a transparent struct wrapping that slice is sound (same
+        // layout).
+        unsafe {
+            &*(bytes as *const [u8] as *const Script)
+        }
+    }
+
+    /// Treat mutable byte slice as `Script`
+    #[inline]
+    pub fn from_bytes_mut(bytes: &mut [u8]) -> &mut Script {
+        // SAFETY: copied from `std`
+        // The pointer was just created from a reference which is still alive.
+        // Casting slice pointer to a transparent struct wrapping that slice is sound (same
+        // layout).
+        // Function signature prevents callers from accessing `bytes` while the returned reference
+        // is alive.
+        unsafe {
+            &mut *(bytes as *mut [u8] as *mut Script)
+        }
+    }
+
+    /// Returns the script data as a byte slice.
+    #[inline]
+    pub fn as_bytes(&self) -> &[u8] {
+        &self.0
+    }
+
+    /// Returns the script data as a mutable byte slice.
+    #[inline]
+    pub fn as_mut_bytes(&mut self) -> &mut [u8] {
+        &mut self.0
+    }
+
+    /// Creates a new empty script.
+    #[inline]
+    pub fn empty() -> &'static Script { Script::from_bytes(&[]) }
+
+    /// Creates a new script builder
+    pub fn builder() -> Builder {
+      Builder::new()
+    }
+
+    /// Returns 160-bit hash of the script.
+    #[inline]
+    pub fn script_hash(&self) -> ScriptHash {
+        ScriptHash::hash(self.as_bytes())
+    }
+
+    /// Returns 256-bit hash of the script for P2WSH outputs.
+    #[inline]
+    pub fn wscript_hash(&self) -> WScriptHash {
+        WScriptHash::hash(self.as_bytes())
+    }
+
+    /// Returns the length in bytes of the script.
+    #[inline]
+    pub fn len(&self) -> usize { self.0.len() }
+
+    /// Returns whether the script is the empty script.
+    #[inline]
+    pub fn is_empty(&self) -> bool { self.0.is_empty() }
+
+    /// Returns a copy of the script data.
+    #[inline]
+    pub fn to_bytes(&self) -> Vec<u8> { self.0.to_owned() }
+
+    /// Returns an iterator over script bytes.
+    #[inline]
+    pub fn bytes(&self) -> Bytes<'_> {
+        Bytes(self.as_bytes().iter().copied())
+    }
+
+    /// Computes the P2WSH output corresponding to this witnessScript (aka the "witness redeem
+    /// script").
+    #[inline]
+    pub fn to_v0_p2wsh(&self) -> ScriptBuf {
+        ScriptBuf::new_v0_p2wsh(&self.wscript_hash())
+    }
+
+    /// Computes P2TR output with a given internal key and a single script spending path equal to
+    /// the current script, assuming that the script is a Tapscript.
+    #[inline]
+    pub fn to_v1_p2tr<C: Verification>(&self, secp: &Secp256k1<C>, internal_key: UntweakedPublicKey) -> ScriptBuf {
+        let leaf_hash = TapLeafHash::from_script(self, LeafVersion::TapScript);
+        let merkle_root = TapBranchHash::from_inner(leaf_hash.into_inner());
+        ScriptBuf::new_v1_p2tr(secp, internal_key, Some(merkle_root))
+    }
+
+    /// Returns witness version of the script, if any, assuming the script is a `scriptPubkey`.
+    #[inline]
+    pub fn witness_version(&self) -> Option<WitnessVersion> {
+        self.0.first().and_then(|opcode| WitnessVersion::try_from(opcodes::All::from(*opcode)).ok())
+    }
+
+    /// Checks whether a script pubkey is a P2SH output.
+    #[inline]
+    pub fn is_p2sh(&self) -> bool {
+        self.0.len() == 23
+            && self.0[0] == OP_HASH160.to_u8()
+            && self.0[1] == OP_PUSHBYTES_20.to_u8()
+            && self.0[22] == OP_EQUAL.to_u8()
+    }
+
+    /// Checks whether a script pubkey is a P2PKH output.
+    #[inline]
+    pub fn is_p2pkh(&self) -> bool {
+        self.0.len() == 25
+            && self.0[0] == OP_DUP.to_u8()
+            && self.0[1] == OP_HASH160.to_u8()
+            && self.0[2] == OP_PUSHBYTES_20.to_u8()
+            && self.0[23] == OP_EQUALVERIFY.to_u8()
+            && self.0[24] == OP_CHECKSIG.to_u8()
+    }
+
+    /// Checks whether a script pubkey is a P2PK output.
+    ///
+    /// You can obtain the public key, if its valid,
+    /// by calling [`p2pk_public_key()`](Self::p2pk_public_key)
+    #[inline]
+    pub fn is_p2pk(&self) -> bool {
+        self.p2pk_pubkey_bytes().is_some()
+    }
+
+    /// Returns the public key if this script is P2PK with a **valid** public key.
+    ///
+    /// This may return `None` even when [`is_p2pk()`](Self::is_p2pk) returns true.
+    /// This happens when the public key is invalid (e.g. the point not being on the curve).
+    /// It also implies the script is unspendable.
+    #[inline]
+    pub fn p2pk_public_key(&self) -> Option<PublicKey> {
+        PublicKey::from_slice(self.p2pk_pubkey_bytes()?).ok()
+    }
+
+    /// Returns the bytes of the (possibly invalid) public key if this script is P2PK.
+    #[inline]
+    fn p2pk_pubkey_bytes(&self) -> Option<&[u8]> {
+        match self.len() {
+            67 if self.0[0] == OP_PUSHBYTES_65.to_u8()
+                    && self.0[66] == OP_CHECKSIG.to_u8() =>  {
+                Some(&self.0[1..66])
+            }
+            35 if self.0[0] == OP_PUSHBYTES_33.to_u8()
+                    && self.0[34] == OP_CHECKSIG.to_u8() =>  {
+                Some(&self.0[1..34])
+            }
+            _ => None
+        }
+    }
+
+    /// Checks whether a script pubkey is a Segregated Witness (segwit) program.
+    #[inline]
+    pub fn is_witness_program(&self) -> bool {
+        // A scriptPubKey (or redeemScript as defined in BIP16/P2SH) that consists of a 1-byte
+        // push opcode (for 0 to 16) followed by a data push between 2 and 40 bytes gets a new
+        // special meaning. The value of the first push is called the "version byte". The following
+        // byte vector pushed is called the "witness program".
+        let script_len = self.0.len();
+        if !(4..=42).contains(&script_len) {
+            return false
+        }
+        let ver_opcode = opcodes::All::from(self.0[0]); // Version 0 or PUSHNUM_1-PUSHNUM_16
+        let push_opbyte = self.0[1]; // Second byte push opcode 2-40 bytes
+        WitnessVersion::try_from(ver_opcode).is_ok()
+            && push_opbyte >= OP_PUSHBYTES_2.to_u8()
+            && push_opbyte <= OP_PUSHBYTES_40.to_u8()
+            // Check that the rest of the script has the correct size
+            && script_len - 2 == push_opbyte as usize
+    }
+
+    /// Checks whether a script pubkey is a P2WSH output.
+    #[inline]
+    pub fn is_v0_p2wsh(&self) -> bool {
+        self.0.len() == 34
+            && self.witness_version() == Some(WitnessVersion::V0)
+            && self.0[1] == OP_PUSHBYTES_32.to_u8()
+    }
+
+    /// Checks whether a script pubkey is a P2WPKH output.
+    #[inline]
+    pub fn is_v0_p2wpkh(&self) -> bool {
+        self.0.len() == 22
+            && self.witness_version() == Some(WitnessVersion::V0)
+            && self.0[1] == OP_PUSHBYTES_20.to_u8()
+    }
+
+    /// Checks whether a script pubkey is a P2TR output.
+    #[inline]
+    pub fn is_v1_p2tr(&self) -> bool {
+        self.0.len() == 34
+            && self.witness_version() == Some(WitnessVersion::V1)
+            && self.0[1] == OP_PUSHBYTES_32.to_u8()
+    }
+
+    /// Check if this is an OP_RETURN output.
+    #[inline]
+    pub fn is_op_return (&self) -> bool {
+        match self.0.first() {
+            Some(b) => *b == OP_RETURN.to_u8(),
+            None => false
+        }
+    }
+
+    /// Checks whether a script can be proven to have no satisfying input.
+    #[inline]
+    pub fn is_provably_unspendable(&self) -> bool {
+        use crate::blockdata::opcodes::Class::{ReturnOp, IllegalOp};
+
+        match self.0.first() {
+            Some(b) => {
+                let first = opcodes::All::from(*b);
+                let class = first.classify(opcodes::ClassifyContext::Legacy);
+
+                class == ReturnOp || class == IllegalOp
+            },
+            None => false,
+        }
+    }
+
+    /// Returns the minimum value an output with this script should have in order to be
+    /// broadcastable on today's Bitcoin network.
+    pub fn dust_value(&self) -> crate::Amount {
+        // This must never be lower than Bitcoin Core's GetDustThreshold() (as of v0.21) as it may
+        // otherwise allow users to create transactions which likely can never be broadcast/confirmed.
+        let sats = DUST_RELAY_TX_FEE as u64 / 1000 * // The default dust relay fee is 3000 satoshi/kB (i.e. 3 sat/vByte)
+        if self.is_op_return() {
+            0
+        } else if self.is_witness_program() {
+            32 + 4 + 1 + (107 / 4) + 4 + // The spend cost copied from Core
+            8 + // The serialized size of the TxOut's amount field
+            self.consensus_encode(&mut sink()).expect("sinks don't error") as u64 // The serialized size of this script_pubkey
+        } else {
+            32 + 4 + 1 + 107 + 4 + // The spend cost copied from Core
+            8 + // The serialized size of the TxOut's amount field
+            self.consensus_encode(&mut sink()).expect("sinks don't error") as u64 // The serialized size of this script_pubkey
+        };
+
+        crate::Amount::from_sat(sats)
+    }
+
+    /// Iterates over the script instructions.
+    ///
+    /// Each returned item is a nested enum covering opcodes, datapushes and errors.
+    /// At most one error will be returned and then the iterator will end. To instead iterate over
+    /// the script as sequence of bytes call the [`bytes`](Self::bytes) method.
+    ///
+    /// To force minimal pushes, use [`instructions_minimal`](Self::instructions_minimal).
+    #[inline]
+    pub fn instructions(&self) -> Instructions {
+        Instructions {
+            data: self.0.iter(),
+            enforce_minimal: false,
+        }
+    }
+
+    /// Iterates over the script instructions while enforcing minimal pushes.
+    ///
+    /// This is similar to [`instructions`](Self::instructions) but an error is returned if a push
+    /// is not minimal.
+    #[inline]
+    pub fn instructions_minimal(&self) -> Instructions {
+        Instructions {
+            data: self.0.iter(),
+            enforce_minimal: true,
+        }
+    }
+
+    /// Iterates over the script instructions and their indices.
+    ///
+    /// Unless the script contains an error, the returned item consists of an index pointing to the
+    /// position in the script where the instruction begins and the decoded instruction - either an
+    /// opcode or data push.
+    ///
+    /// To force minimal pushes, use [`Self::instruction_indices_minimal`].
+    #[inline]
+    pub fn instruction_indices(&self) -> InstructionIndices {
+        InstructionIndices::from_instructions(self.instructions())
+    }
+
+    /// Iterates over the script instructions and their indices while enforcing minimal pushes.
+    ///
+    /// This is similar to [`instruction_indices`](Self::instruction_indices) but an error is
+    /// returned if a push is not minimal.
+    #[inline]
+    pub fn instruction_indices_minimal(&self) -> InstructionIndices {
+        InstructionIndices::from_instructions(self.instructions_minimal())
+    }
+
+    /// Shorthand for [`Self::verify_with_flags`] with flag [bitcoinconsensus::VERIFY_ALL].
+    ///
+    /// # Parameters
+    ///  * `index` - The input index in spending which is spending this transaction.
+    ///  * `amount` - The amount this script guards.
+    ///  * `spending_tx` - The transaction that attempts to spend the output holding this script.
+    #[cfg(feature="bitcoinconsensus")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "bitcoinconsensus")))]
+    pub fn verify (&self, index: usize, amount: crate::Amount, spending_tx: &[u8]) -> Result<(), Error> {
+        self.verify_with_flags(index, amount, spending_tx, bitcoinconsensus::VERIFY_ALL)
+    }
+
+    /// Verifies spend of an input script.
+    ///
+    /// # Parameters
+    ///  * `index` - The input index in spending which is spending this transaction.
+    ///  * `amount` - The amount this script guards.
+    ///  * `spending_tx` - The transaction that attempts to spend the output holding this script.
+    ///  * `flags` - Verification flags, see [`bitcoinconsensus::VERIFY_ALL`] and similar.
+    #[cfg(feature="bitcoinconsensus")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "bitcoinconsensus")))]
+    pub fn verify_with_flags<F: Into<u32>>(&self, index: usize, amount: crate::Amount, spending_tx: &[u8], flags: F) -> Result<(), Error> {
+        Ok(bitcoinconsensus::verify_with_flags (&self.0[..], amount.to_sat(), spending_tx, index, flags.into())?)
+    }
+
+    /// Writes the assembly decoding of the script to the formatter.
+    pub fn fmt_asm(&self, f: &mut dyn fmt::Write) -> fmt::Result {
+        bytes_to_asm_fmt(self.as_ref(), f)
+    }
+
+    /// Returns the assembly decoding of the script.
+    pub fn to_asm_string(&self) -> String {
+        let mut buf = String::new();
+        self.fmt_asm(&mut buf).unwrap();
+        buf
+    }
+
+    /// Returns the first opcode of the script (if there is any).
+    pub fn first_opcode(&self) -> Option<opcodes::All> {
+        self.as_bytes().first().copied().map(From::from)
+    }
+
+    /// Iterates the script to find the last opcode.
+    ///
+    /// Returns `None` is the instruction is data push or if the script is empty.
+    fn last_opcode(&self) -> Option<opcodes::All> {
+        match self.instructions().last() {
+            Some(Ok(Instruction::Op(op))) => Some(op),
+            _ => None,
+        }
+    }
+
+    /// Converts a [`Box<Script>`](Box) into a [`ScriptBuf`] without copying or allocating.
+    #[must_use = "`self` will be dropped if the result is not used"]
+    pub fn into_script_buf(self: Box<Self>) -> ScriptBuf {
+        let rw = Box::into_raw(self) as *mut [u8];
+        // SAFETY: copied from `std`
+        // The pointer was just created from a box without deallocating
+        // Casting a transparent struct wrapping a slice to the slice pointer is sound (same
+        // layout).
+        let inner = unsafe { Box::from_raw(rw) };
+        ScriptBuf(Vec::from(inner))
+    }
+}
+
+impl<'a> From<&'a Script> for Box<Script> {
+    fn from(value: &'a Script) -> Self {
+        value.to_owned().into()
+    }
+}
+
+impl<'a> From<&'a Script> for ScriptBuf {
+    fn from(value: &'a Script) -> Self {
+        value.to_owned()
+    }
+}
+
+impl<'a> From<&'a Script> for Cow<'a, Script> {
+    fn from(value: &'a Script) -> Self {
+        Cow::Borrowed(value)
+    }
+}
+
+impl<'a> From<&'a Script> for Arc<Script> {
+    fn from(value: &'a Script) -> Self {
+        let rw: *const [u8] = Arc::into_raw(Arc::from(&value.0));
+        // SAFETY: copied from `std`
+        // The pointer was just created from an Arc without deallocating
+        // Casting a slice to a transparent struct wrapping that slice is sound (same
+        // layout).
+        unsafe { Arc::from_raw(rw as *const Script) }
+    }
+}
+
+impl<'a> From<&'a Script> for Rc<Script> {
+    fn from(value: &'a Script) -> Self {
+        let rw: *const [u8] = Rc::into_raw(Rc::from(&value.0));
+        // SAFETY: copied from `std`
+        // The pointer was just created from an Rc without deallocating
+        // Casting a slice to a transparent struct wrapping that slice is sound (same
+        // layout).
+        unsafe { Rc::from_raw(rw as *const Script) }
+    }
+}
+
+impl ToHex for Script {
+    #[inline]
+    fn to_hex(&self) -> String {
+        self.0.to_hex()
+    }
+}
+
+/// Iterator over bytes of a script
+pub struct Bytes<'a>(core::iter::Copied<core::slice::Iter<'a, u8>>);
+
+impl Iterator for Bytes<'_> {
+    type Item = u8;
 
     #[inline]
-    fn index(&self, index: I) -> &Self::Output {
-        &self.0[index]
+    fn next(&mut self) -> Option<Self::Item> {
+        self.0.next()
+    }
+
+    #[inline]
+    fn size_hint(&self) -> (usize, Option<usize>) {
+        self.0.size_hint()
+    }
+
+    #[inline]
+    fn nth(&mut self, n: usize) -> Option<Self::Item> {
+        self.0.nth(n)
+    }
+}
+
+impl DoubleEndedIterator for Bytes<'_> {
+    #[inline]
+    fn next_back(&mut self) -> Option<Self::Item> {
+        self.0.next_back()
+    }
+
+    #[inline]
+    fn nth_back(&mut self, n: usize) -> Option<Self::Item> {
+        self.0.nth_back(n)
+    }
+}
+
+impl ExactSizeIterator for Bytes<'_> {}
+impl core::iter::FusedIterator for Bytes<'_> {}
+
+macro_rules! delegate_index {
+    ($($type:ty),* $(,)?) => {
+        $(
+            /// Script subslicing operation - read [slicing safety](#slicing-safety)!
+            impl Index<$type> for Script {
+                type Output = Self;
+
+                #[inline]
+                fn index(&self, index: $type) -> &Self::Output {
+                    Self::from_bytes(&self.0[index])
+                }
+            }
+        )*
+    }
+}
+
+delegate_index!(Range<usize>, RangeFrom<usize>, RangeTo<usize>, RangeFull, RangeInclusive<usize>, RangeToInclusive<usize>);
+#[cfg(feature = "rust_v_1_53")]
+#[cfg_attr(docsrs, doc(cfg(feature = "rust_v_1_53")))]
+delegate_index!((Bound<usize>, Bound<usize>));
+
+impl AsRef<Script> for Script {
+    #[inline]
+    fn as_ref(&self) -> &Script {
+        self
+    }
+}
+
+impl AsMut<Script> for Script {
+    fn as_mut(&mut self) -> &mut Script {
+        self
     }
 }
 
 impl AsRef<[u8]> for Script {
+    #[inline]
     fn as_ref(&self) -> &[u8] {
-        &self.0
+        self.as_bytes()
+    }
+}
+
+impl AsMut<[u8]> for Script {
+    #[inline]
+    fn as_mut(&mut self) -> &mut [u8] {
+        self.as_mut_bytes()
     }
 }
 
@@ -84,14 +648,15 @@ impl fmt::Debug for Script {
 }
 
 impl fmt::Display for Script {
+    #[inline]
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        fmt::Debug::fmt(self, f)
+        self.fmt_asm(f)
     }
 }
 
 impl fmt::LowerHex for Script {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        for &ch in self.0.iter() {
+        for ch in self.bytes() {
             write!(f, "{:02x}", ch)?;
         }
         Ok(())
@@ -100,24 +665,26 @@ impl fmt::LowerHex for Script {
 
 impl fmt::UpperHex for Script {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        for &ch in self.0.iter() {
+        for ch in self.bytes() {
             write!(f, "{:02X}", ch)?;
         }
         Ok(())
     }
 }
 
-impl hex::FromHex for Script {
+impl hex::FromHex for ScriptBuf {
+    #[inline]
     fn from_byte_iter<I>(iter: I) -> Result<Self, hex::Error>
     where
         I: Iterator<Item=Result<u8, hex::Error>> + ExactSizeIterator + DoubleEndedIterator,
     {
-        Vec::from_byte_iter(iter).map(|v| Script(Box::<[u8]>::from(v)))
+        Vec::from_byte_iter(iter).map(ScriptBuf)
     }
 }
 
-impl core::str::FromStr for Script {
+impl core::str::FromStr for ScriptBuf {
     type Err = hex::Error;
+    #[inline]
     fn from_str(s: &str) -> Result<Self, hex::Error> {
         hex::FromHex::from_hex(s)
     }
@@ -125,28 +692,16 @@ impl core::str::FromStr for Script {
 
 /// An object which can be used to construct a script piece by piece.
 #[derive(PartialEq, Eq, Clone)]
-pub struct Builder(Vec<u8>, Option<opcodes::All>);
+pub struct Builder(ScriptBuf, Option<opcodes::All>);
 
 impl fmt::Display for Builder {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        Script::bytes_to_asm_fmt(self.0.as_ref(), f)
+        self.0.fmt_asm(f)
     }
 }
 
 debug_from_display!(Builder);
 
-impl<I> Index<I> for Builder
-where
-    Vec<u8>: Index<I>,
-{
-    type Output = <Vec<u8> as Index<I>>::Output;
-
-    #[inline]
-    fn index(&self, index: I) -> &Self::Output {
-        &self.0[index]
-    }
-}
-
 /// Ways that a script might fail. Not everything is split up as
 /// much as it could be; patches welcome if more detailed errors
 /// would help you.
@@ -212,6 +767,9 @@ mod bitcoinconsensus_hack {
 
 impl fmt::Display for Error {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        #[cfg(feature = "bitcoinconsensus")]
+        use bitcoin_internals::write_err;
+
         match *self {
             Error::NonMinimalPush => f.write_str("non-minimal datapush"),
             Error::EarlyEndOfScript => f.write_str("unexpected end of script"),
@@ -369,6 +927,7 @@ pub fn read_scriptbool(v: &[u8]) -> bool {
 ///
 /// Note that this does **not** return an error for `size` between `core::size_of::<usize>()`
 /// and `u16::max_value / 8` if there's no overflow.
+#[inline]
 pub fn read_uint(data: &[u8], size: usize) -> Result<usize, Error> {
     read_uint_iter(&mut data.iter(), size).map_err(Into::into)
 }
@@ -395,41 +954,145 @@ fn read_uint_iter(data: &mut core::slice::Iter<'_, u8>, size: usize) -> Result<u
     }
 }
 
-impl Script {
-    /// Creates a new empty script.
-    pub fn new() -> Script { Script(vec![].into_boxed_slice()) }
+/// Writes the assembly decoding of the script bytes to the formatter.
+fn bytes_to_asm_fmt(script: &[u8], f: &mut dyn fmt::Write) -> fmt::Result {
+    // This has to be a macro because it needs to break the loop
+    macro_rules! read_push_data_len {
+        ($iter:expr, $len:literal, $formatter:expr) => {
+            match read_uint_iter($iter, $len) {
+                Ok(n) => {
+                    n
+                },
+                Err(UintError::EarlyEndOfScript) => {
+                    $formatter.write_str("<unexpected end>")?;
+                    break;
+                }
+                // We got the data in a slice which implies it being shorter than `usize::max_value()`
+                // So if we got overflow, we can confidently say the number is higher than length of
+                // the slice even though we don't know the exact number. This implies attempt to push
+                // past end.
+                Err(UintError::NumericOverflow) => {
+                    $formatter.write_str("<push past end>")?;
+                    break;
+                }
+            }
+        }
+    }
 
-    /// Creates a new script builder.
+    let mut iter = script.iter();
+    // Was at least one opcode emitted?
+    let mut at_least_one = false;
+    // `iter` needs to be borrowed in `read_push_data_len`, so we have to use `while let` instead
+    // of `for`.
+    while let Some(byte) = iter.next() {
+        let opcode = opcodes::All::from(*byte);
+
+        let data_len = if let opcodes::Class::PushBytes(n) = opcode.classify(opcodes::ClassifyContext::Legacy) {
+            n as usize
+        } else {
+            match opcode {
+                OP_PUSHDATA1 => {
+                    // side effects: may write and break from the loop
+                    read_push_data_len!(&mut iter, 1, f)
+                }
+                OP_PUSHDATA2 => {
+                    // side effects: may write and break from the loop
+                    read_push_data_len!(&mut iter, 2, f)
+                }
+                OP_PUSHDATA4 => {
+                    // side effects: may write and break from the loop
+                    read_push_data_len!(&mut iter, 4, f)
+                }
+                _ => 0
+            }
+        };
+
+        if at_least_one {
+            f.write_str(" ")?;
+        } else {
+            at_least_one = true;
+        }
+        // Write the opcode
+        if opcode == OP_PUSHBYTES_0 {
+            f.write_str("OP_0")?;
+        } else {
+            write!(f, "{:?}", opcode)?;
+        }
+        // Write any pushdata
+        if data_len > 0 {
+            f.write_str(" ")?;
+            if data_len <= iter.len() {
+                for ch in iter.by_ref().take(data_len) {
+                    write!(f, "{:02x}", ch)?;
+                }
+            } else {
+                f.write_str("<push past end>")?;
+                break;
+            }
+        }
+    }
+    Ok(())
+}
+
+impl ScriptBuf {
+    /// Creates a new empty script.
+    pub fn new() -> Self {
+        ScriptBuf(Vec::new())
+    }
+
+    /// Creates a new empty script with pre-allocated capacity.
+    pub fn with_capacity(capacity: usize) -> Self {
+        ScriptBuf(Vec::with_capacity(capacity))
+    }
+
+    /// Pre-allocates at least `additional_len` bytes if needed.
+    ///
+    /// Reserves capacity for at least `additional_len` more bytes to be inserted in the given
+    /// script. The script may reserve more space to speculatively avoid frequent reallocations.
+    /// After calling `reserve`, capacity will be greater than or equal to
+    /// `self.len() + additional_len`. Does nothing if capacity is already sufficient.
+    ///
+    /// # Panics
+    ///
+    /// Panics if the new capacity exceeds `isize::MAX bytes`.
+    pub fn reserve(&mut self, additional_len: usize) {
+        self.0.reserve(additional_len);
+    }
+
+    /// Pre-allocates exactly `additional_len` bytes if needed.
+    ///
+    /// Unlike `reserve`, this will not deliberately over-allocate to speculatively avoid frequent
+    /// allocations. After calling `reserve_exact`, capacity will be greater than or equal to
+    /// `self.len() + additional`. Does nothing if the capacity is already sufficient.
+    ///
+    /// Note that the allocator may give the collection more space than it requests. Therefore,
+    /// capacity can not be relied upon to be precisely minimal. Prefer [`reserve`](Self::reserve)
+    /// if future insertions are expected.
+    ///
+    /// # Panics
+    ///
+    /// Panics if the new capacity exceeds `isize::MAX bytes`.
+    pub fn reserve_exact(&mut self, additional_len: usize) {
+        self.0.reserve_exact(additional_len);
+    }
+
+    /// Returns a reference to unsized script.
+    pub fn as_script(&self) -> &Script {
+        Script::from_bytes(&self.0)
+    }
+
+    /// Returns a mutable reference to unsized script.
+    pub fn as_mut_script(&mut self) -> &mut Script {
+        Script::from_bytes_mut(&mut self.0)
+    }
+
+    /// Creates a new script builder
     pub fn builder() -> Builder {
       Builder::new()
     }
 
-    /// Returns the public key if this script is P2PK with a **valid** public key.
-    ///
-    /// This may return `None` even when [`is_p2pk()`](Self::is_p2pk) returns true.
-    /// This happens when the public key is invalid (e.g. the point not being on the curve).
-    /// It also implies the script is unspendable.
-    pub fn p2pk_public_key(&self) -> Option<PublicKey> {
-        PublicKey::from_slice(self.p2pk_pubkey_bytes()?).ok()
-    }
-
-    /// Returns the bytes of the (possibly invalid) public key if this script is P2PK.
-    fn p2pk_pubkey_bytes(&self) -> Option<&[u8]> {
-        match self.len() {
-            67 if self.0[0] == OP_PUSHBYTES_65.to_u8()
-                    && self.0[66] == OP_CHECKSIG.to_u8() =>  {
-                Some(&self.0[1..66])
-            }
-            35 if self.0[0] == OP_PUSHBYTES_33.to_u8()
-                    && self.0[34] == OP_CHECKSIG.to_u8() =>  {
-                Some(&self.0[1..34])
-            }
-            _ => None
-        }
-    }
-
     /// Generates P2PK-type of scriptPubkey.
-    pub fn new_p2pk(pubkey: &PublicKey) -> Script {
+    pub fn new_p2pk(pubkey: &PublicKey) -> Self {
         Builder::new()
             .push_key(pubkey)
             .push_opcode(OP_CHECKSIG)
@@ -437,7 +1100,7 @@ impl Script {
     }
 
     /// Generates P2PKH-type of scriptPubkey.
-    pub fn new_p2pkh(pubkey_hash: &PubkeyHash) -> Script {
+    pub fn new_p2pkh(pubkey_hash: &PubkeyHash) -> Self {
         Builder::new()
             .push_opcode(OP_DUP)
             .push_opcode(OP_HASH160)
@@ -448,7 +1111,7 @@ impl Script {
     }
 
     /// Generates P2SH-type of scriptPubkey with a given hash of the redeem script.
-    pub fn new_p2sh(script_hash: &ScriptHash) -> Script {
+    pub fn new_p2sh(script_hash: &ScriptHash) -> Self {
         Builder::new()
             .push_opcode(OP_HASH160)
             .push_slice(&script_hash[..])
@@ -457,29 +1120,29 @@ impl Script {
     }
 
     /// Generates P2WPKH-type of scriptPubkey.
-    pub fn new_v0_p2wpkh(pubkey_hash: &WPubkeyHash) -> Script {
-        Script::new_witness_program(WitnessVersion::V0, &pubkey_hash[..])
+    pub fn new_v0_p2wpkh(pubkey_hash: &WPubkeyHash) -> Self {
+        ScriptBuf::new_witness_program(WitnessVersion::V0, &pubkey_hash[..])
     }
 
     /// Generates P2WSH-type of scriptPubkey with a given hash of the redeem script.
-    pub fn new_v0_p2wsh(script_hash: &WScriptHash) -> Script {
-        Script::new_witness_program(WitnessVersion::V0, &script_hash[..])
+    pub fn new_v0_p2wsh(script_hash: &WScriptHash) -> Self {
+        ScriptBuf::new_witness_program(WitnessVersion::V0, &script_hash[..])
     }
 
     /// Generates P2TR for script spending path using an internal public key and some optional
     /// script tree merkle root.
-    pub fn new_v1_p2tr<C: Verification>(secp: &Secp256k1<C>, internal_key: UntweakedPublicKey, merkle_root: Option<TapBranchHash>) -> Script {
+    pub fn new_v1_p2tr<C: Verification>(secp: &Secp256k1<C>, internal_key: UntweakedPublicKey, merkle_root: Option<TapBranchHash>) -> Self {
         let (output_key, _) = internal_key.tap_tweak(secp, merkle_root);
-        Script::new_witness_program(WitnessVersion::V1, &output_key.serialize())
+        ScriptBuf::new_witness_program(WitnessVersion::V1, &output_key.serialize())
     }
 
     /// Generates P2TR for key spending path for a known [`TweakedPublicKey`].
-    pub fn new_v1_p2tr_tweaked(output_key: TweakedPublicKey) -> Script {
-        Script::new_witness_program(WitnessVersion::V1, &output_key.serialize())
+    pub fn new_v1_p2tr_tweaked(output_key: TweakedPublicKey) -> Self {
+        ScriptBuf::new_witness_program(WitnessVersion::V1, &output_key.serialize())
     }
 
     /// Generates P2WSH-type of scriptPubkey with a given hash of the redeem script.
-    pub fn new_witness_program(version: WitnessVersion, program: &[u8]) -> Script {
+    pub fn new_witness_program(version: WitnessVersion, program: &[u8]) -> Self {
         Builder::new()
             .push_opcode(version.into())
             .push_slice(program)
@@ -487,55 +1150,33 @@ impl Script {
     }
 
     /// Generates OP_RETURN-type of scriptPubkey for the given data.
-    pub fn new_op_return(data: &[u8]) -> Script {
+    pub fn new_op_return(data: &[u8]) -> Self {
         Builder::new()
             .push_opcode(OP_RETURN)
             .push_slice(data)
             .into_script()
     }
 
-    /// Returns 160-bit hash of the script.
-    pub fn script_hash(&self) -> ScriptHash {
-        ScriptHash::hash(self.as_bytes())
-    }
-
-    /// Returns 256-bit hash of the script for P2WSH outputs.
-    pub fn wscript_hash(&self) -> WScriptHash {
-        WScriptHash::hash(self.as_bytes())
-    }
-
-    /// Returns the length in bytes of the script.
-    pub fn len(&self) -> usize { self.0.len() }
-
-    /// Returns whether the script is the empty script.
-    pub fn is_empty(&self) -> bool { self.0.is_empty() }
-
-    /// Returns the script data as a byte slice.
-    pub fn as_bytes(&self) -> &[u8] { &self.0 }
-
-    /// Returns a copy of the script data.
-    pub fn to_bytes(&self) -> Vec<u8> { self.0.clone().into_vec() }
-
     /// Converts the script into a byte vector.
-    pub fn into_bytes(self) -> Vec<u8> { self.0.into_vec() }
+    pub fn into_bytes(self) -> Vec<u8> { self.0 }
 
     /// Computes the P2SH output corresponding to this redeem script.
-    pub fn to_p2sh(&self) -> Script {
-        Script::new_p2sh(&self.script_hash())
+    pub fn to_p2sh(&self) -> ScriptBuf {
+        ScriptBuf::new_p2sh(&self.script_hash())
     }
 
     /// Returns the script code used for spending a P2WPKH output if this script is a script pubkey
     /// for a P2WPKH output. The `scriptCode` is described in [BIP143].
     ///
     /// [BIP143]: <https://github.com/bitcoin/bips/blob/99701f68a88ce33b2d0838eb84e115cef505b4c2/bip-0143.mediawiki>
-    pub fn p2wpkh_script_code(&self) -> Option<Script> {
+    pub fn p2wpkh_script_code(&self) -> Option<ScriptBuf> {
         if !self.is_v0_p2wpkh() {
             return None
         }
         let script = Builder::new()
             .push_opcode(OP_DUP)
             .push_opcode(OP_HASH160)
-            .push_slice(&self[2..]) // The `self` script is 0x00, 0x14, <pubkey_hash>
+            .push_slice(&self.as_bytes()[2..]) // The `self` script is 0x00, 0x14, <pubkey_hash>
             .push_opcode(OP_EQUALVERIFY)
             .push_opcode(OP_CHECKSIG)
             .into_script();
@@ -543,292 +1184,281 @@ impl Script {
         Some(script)
     }
 
-    /// Computes the P2WSH output corresponding to this witnessScript (aka the "witness redeem
-    /// script").
-    pub fn to_v0_p2wsh(&self) -> Script {
-        Script::new_v0_p2wsh(&self.wscript_hash())
+    /// Adds a single opcode to the script.
+    pub fn push_opcode(&mut self, data: opcodes::All) {
+        self.0.push(data.to_u8());
     }
 
-    /// Computes P2TR output with a given internal key and a single script spending path equal to
-    /// the current script, assuming that the script is a Tapscript.
-    #[inline]
-    pub fn to_v1_p2tr<C: Verification>(&self, secp: &Secp256k1<C>, internal_key: UntweakedPublicKey) -> Script {
-        let leaf_hash = TapLeafHash::from_script(self, LeafVersion::TapScript);
-        let merkle_root = TapBranchHash::from_inner(leaf_hash.into_inner());
-        Script::new_v1_p2tr(secp, internal_key, Some(merkle_root))
-    }
-
-    /// Returns witness version of the script, if any, assuming the script is a `scriptPubkey`.
-    #[inline]
-    pub fn witness_version(&self) -> Option<WitnessVersion> {
-        self.0.first().and_then(|opcode| WitnessVersion::try_from(opcodes::All::from(*opcode)).ok())
-    }
-
-    /// Checks whether a script pubkey is a P2SH output.
-    #[inline]
-    pub fn is_p2sh(&self) -> bool {
-        self.0.len() == 23
-            && self.0[0] == OP_HASH160.to_u8()
-            && self.0[1] == OP_PUSHBYTES_20.to_u8()
-            && self.0[22] == OP_EQUAL.to_u8()
-    }
-
-    /// Checks whether a script pubkey is a P2PKH output.
-    #[inline]
-    pub fn is_p2pkh(&self) -> bool {
-        self.0.len() == 25
-            && self.0[0] == OP_DUP.to_u8()
-            && self.0[1] == OP_HASH160.to_u8()
-            && self.0[2] == OP_PUSHBYTES_20.to_u8()
-            && self.0[23] == OP_EQUALVERIFY.to_u8()
-            && self.0[24] == OP_CHECKSIG.to_u8()
-    }
-
-    /// Checks whether a script pubkey is a P2PK output.
+    /// Adds instructions to push some arbitrary data onto the stack.
     ///
-    /// You can obtain the public key, if its valid,
-    /// by calling [`p2pk_public_key()`](Self::p2pk_public_key)
-    #[inline]
-    pub fn is_p2pk(&self) -> bool {
-        self.p2pk_pubkey_bytes().is_some()
+    /// ## Panics
+    ///
+    /// The method panics if `data` length is greater or equal to 0x100000000.
+    pub fn push_slice(&mut self, data: &[u8]) {
+        self.reserve(Self::reserved_len_for_slice(data.len()));
+        self.push_slice_no_opt(data);
     }
 
-    /// Checks whether a script pubkey is a Segregated Witness (segwit) program.
-    #[inline]
-    pub fn is_witness_program(&self) -> bool {
-        // A scriptPubKey (or redeemScript as defined in BIP16/P2SH) that consists of a 1-byte
-        // push opcode (for 0 to 16) followed by a data push between 2 and 40 bytes gets a new
-        // special meaning. The value of the first push is called the "version byte". The following
-        // byte vector pushed is called the "witness program".
-        let script_len = self.0.len();
-        if !(4..=42).contains(&script_len) {
-            return false
-        }
-        let ver_opcode = opcodes::All::from(self.0[0]); // Version 0 or PUSHNUM_1-PUSHNUM_16
-        let push_opbyte = self.0[1]; // Second byte push opcode 2-40 bytes
-        WitnessVersion::try_from(ver_opcode).is_ok()
-            && push_opbyte >= OP_PUSHBYTES_2.to_u8()
-            && push_opbyte <= OP_PUSHBYTES_40.to_u8()
-            // Check that the rest of the script has the correct size
-            && script_len - 2 == push_opbyte as usize
-    }
-
-    /// Checks whether a script pubkey is a P2WSH output.
-    #[inline]
-    pub fn is_v0_p2wsh(&self) -> bool {
-        self.0.len() == 34
-            && self.witness_version() == Some(WitnessVersion::V0)
-            && self.0[1] == OP_PUSHBYTES_32.to_u8()
-    }
-
-    /// Checks whether a script pubkey is a P2WPKH output.
-    #[inline]
-    pub fn is_v0_p2wpkh(&self) -> bool {
-        self.0.len() == 22
-            && self.witness_version() == Some(WitnessVersion::V0)
-            && self.0[1] == OP_PUSHBYTES_20.to_u8()
-    }
-
-    /// Checks whether a script pubkey is a P2TR output.
-    #[inline]
-    pub fn is_v1_p2tr(&self) -> bool {
-        self.0.len() == 34
-            && self.witness_version() == Some(WitnessVersion::V1)
-            && self.0[1] == OP_PUSHBYTES_32.to_u8()
-    }
-
-    /// Check if this is an OP_RETURN output.
-    pub fn is_op_return (&self) -> bool {
-        match self.0.first() {
-            Some(b) => *b == OP_RETURN.to_u8(),
-            None => false
-        }
-    }
-
-    /// Checks whether a script can be proven to have no satisfying input.
-    pub fn is_provably_unspendable(&self) -> bool {
-        use crate::blockdata::opcodes::Class::{ReturnOp, IllegalOp};
-
-        match self.0.first() {
-            Some(b) => {
-                let first = opcodes::All::from(*b);
-                let class = first.classify(opcodes::ClassifyContext::Legacy);
-
-                class == ReturnOp || class == IllegalOp
+    /// Pushes the slice without reserving
+    fn push_slice_no_opt(&mut self, data: &[u8]) {
+        // Start with a PUSH opcode
+        match data.len() as u64 {
+            n if n < opcodes::Ordinary::OP_PUSHDATA1 as u64 => { self.0.push(n as u8); },
+            n if n < 0x100 => {
+                self.0.push(opcodes::Ordinary::OP_PUSHDATA1.to_u8());
+                self.0.push(n as u8);
             },
-            None => false,
+            n if n < 0x10000 => {
+                self.0.push(opcodes::Ordinary::OP_PUSHDATA2.to_u8());
+                self.0.push((n % 0x100) as u8);
+                self.0.push((n / 0x100) as u8);
+            },
+            n if n < 0x100000000 => {
+                self.0.push(opcodes::Ordinary::OP_PUSHDATA4.to_u8());
+                self.0.push((n % 0x100) as u8);
+                self.0.push(((n / 0x100) % 0x100) as u8);
+                self.0.push(((n / 0x10000) % 0x100) as u8);
+                self.0.push((n / 0x1000000) as u8);
+            }
+            _ => panic!("tried to put a 4bn+ sized object into a script!")
+        }
+        // Then push the raw bytes
+        self.0.extend_from_slice(data);
+    }
+
+    /// Computes the sum of `len` and the lenght of an appropriate push opcode.
+    fn reserved_len_for_slice(len: usize) -> usize {
+        len + match len {
+            0..=0x4b => 1,
+            0x4c..=0xff => 2,
+            0x100..=0xffff => 3,
+            // we don't care about oversized, the other fn will panic anyway
+            _ => 5,
         }
     }
 
-    /// Returns the minimum value an output with this script should have in order to be
-    /// broadcastable on today's Bitcoin network.
-    pub fn dust_value(&self) -> crate::Amount {
-        // This must never be lower than Bitcoin Core's GetDustThreshold() (as of v0.21) as it may
-        // otherwise allow users to create transactions which likely can never be broadcast/confirmed.
-        let sats = DUST_RELAY_TX_FEE as u64 / 1000 * // The default dust relay fee is 3000 satoshi/kB (i.e. 3 sat/vByte)
-        if self.is_op_return() {
-            0
-        } else if self.is_witness_program() {
-            32 + 4 + 1 + (107 / 4) + 4 + // The spend cost copied from Core
-            8 + // The serialized size of the TxOut's amount field
-            self.consensus_encode(&mut sink()).expect("sinks don't error") as u64 // The serialized size of this script_pubkey
+    /// Add a single instruction to the script.
+    ///
+    /// ## Panics
+    ///
+    /// The method panics if the instruction is a data push with length greater or equal to
+    /// 0x100000000.
+    pub fn push_instruction(&mut self, instruction: Instruction<'_>) {
+        match instruction {
+            Instruction::Op(opcode) => self.push_opcode(opcode),
+            Instruction::PushBytes(bytes) => self.push_slice(bytes),
+        }
+    }
+
+    /// Like push_instruction, but avoids calling `reserve` to not re-check the length.
+    pub fn push_instruction_no_opt(&mut self, instruction: Instruction<'_>) {
+        match instruction {
+            Instruction::Op(opcode) => self.push_opcode(opcode),
+            Instruction::PushBytes(bytes) => self.push_slice_no_opt(bytes),
+        }
+    }
+
+    /// Adds an `OP_VERIFY` to the script or replaces the last opcode with VERIFY form.
+    ///
+    /// Some opcodes such as `OP_CHECKSIG` have a verify variant that works as if `VERIFY` was
+    /// in the script right after. To save space this function appends `VERIFY` only if
+    /// the most-recently-added opcode *does not* have an alternate `VERIFY` form. If it does
+    /// the last opcode is replaced. E.g., `OP_CHECKSIG` will become `OP_CHECKSIGVERIFY`.
+    ///
+    /// Note that existing `OP_*VERIFY` opcodes do not lead to the instruction being ignored
+    /// because `OP_VERIFY` consumes an item from the stack so ignoring them would change the
+    /// semantics.
+    ///
+    /// This function needs to iterate over the script to find the last instruction. Prefer
+    /// `Builder` if you're creating the script from scratch or if you want to push `OP_VERIFY`
+    /// multiple times.
+    pub fn scan_and_push_verify(&mut self) {
+        self.push_verify(self.last_opcode());
+    }
+
+    /// Adds an `OP_VERIFY` to the script or changes the most-recently-added opcode to `VERIFY`
+    /// alternative.
+    ///
+    /// See the public fn [`Self::scan_and_push_verify`] to learn more.
+    fn push_verify(&mut self, last_opcode: Option<opcodes::All>) {
+        match opcode_to_verify(last_opcode) {
+            Some(opcode) => {
+                self.0.pop();
+                self.push_opcode(opcode);
+            },
+            None => self.push_opcode(OP_VERIFY),
+        }
+    }
+
+    /// Converts this `ScriptBuf` into a [boxed](Box) [`Script`].
+    ///
+    /// This method reallocates if the capacity is greater than lenght of the script but should not
+    /// when they are equal. If you know beforehand that you need to create a script of exact size
+    /// use [`reserve_exact`](Self::reserve_exact) before adding data to the script so that the
+    /// reallocation can be avoided.
+    #[must_use = "`self` will be dropped if the result is not used"]
+    #[inline]
+    pub fn into_boxed_script(self) -> Box<Script> {
+        // Copied from PathBuf::into_boxed_path
+        let rw = Box::into_raw(self.0.into_boxed_slice()) as *mut Script;
+        unsafe { Box::from_raw(rw) }
+    }
+}
+
+impl Deref for ScriptBuf {
+    type Target = Script;
+
+    fn deref(&self) -> &Self::Target {
+        Script::from_bytes(&self.0)
+    }
+}
+
+impl DerefMut for ScriptBuf {
+    fn deref_mut(&mut self) -> &mut Self::Target {
+        Script::from_bytes_mut(&mut self.0)
+    }
+}
+
+impl Borrow<Script> for ScriptBuf {
+    fn borrow(&self) -> &Script {
+        self
+    }
+}
+
+impl BorrowMut<Script> for ScriptBuf {
+    fn borrow_mut(&mut self) -> &mut Script {
+        self
+    }
+}
+
+impl AsRef<Script> for ScriptBuf {
+    fn as_ref(&self) -> &Script {
+        self
+    }
+}
+
+impl AsMut<Script> for ScriptBuf {
+    fn as_mut(&mut self) -> &mut Script {
+        self
+    }
+}
+
+impl AsRef<[u8]> for ScriptBuf {
+    fn as_ref(&self) -> &[u8] {
+        self.as_bytes()
+    }
+}
+
+impl AsMut<[u8]> for ScriptBuf {
+    fn as_mut(&mut self) -> &mut [u8] {
+        self.as_mut_bytes()
+    }
+}
+
+impl From<Vec<u8>> for ScriptBuf {
+    fn from(v: Vec<u8>) -> Self { ScriptBuf(v) }
+}
+
+impl From<ScriptBuf> for Vec<u8> {
+    fn from(v: ScriptBuf) -> Self { v.0 }
+}
+
+impl From<ScriptBuf> for Box<Script> {
+    fn from(v: ScriptBuf) -> Self {
+        v.into_boxed_script()
+    }
+}
+
+impl From<ScriptBuf> for Cow<'_, Script> {
+    fn from(value: ScriptBuf) -> Self {
+        Cow::Owned(value)
+    }
+}
+
+impl<'a> From<Cow<'a, Script>> for ScriptBuf {
+    fn from(value: Cow<'a, Script>) -> Self {
+        match value {
+            Cow::Owned(owned) => owned,
+            Cow::Borrowed(borrwed) => borrwed.into(),
+        }
+    }
+}
+
+impl<'a> From<Cow<'a, Script>> for Box<Script> {
+    fn from(value: Cow<'a, Script>) -> Self {
+        match value {
+            Cow::Owned(owned) => owned.into(),
+            Cow::Borrowed(borrwed) => borrwed.into(),
+        }
+    }
+}
+
+impl PartialEq<Script> for ScriptBuf {
+    fn eq(&self, other: &Script) -> bool {
+        self.as_script().eq(other)
+    }
+}
+
+impl PartialOrd<Script> for ScriptBuf {
+    fn partial_cmp(&self, other: &Script) -> Option<Ordering> {
+        self.as_script().partial_cmp(other)
+    }
+}
+
+impl PartialEq<ScriptBuf> for Script {
+    fn eq(&self, other: &ScriptBuf) -> bool {
+        self.eq(other.as_script())
+    }
+}
+
+impl PartialOrd<ScriptBuf> for Script {
+    fn partial_cmp(&self, other: &ScriptBuf) -> Option<Ordering> {
+        self.partial_cmp(other.as_script())
+    }
+}
+
+impl<'a> core::iter::FromIterator<Instruction<'a>> for ScriptBuf {
+    fn from_iter<T>(iter: T) -> Self where T: IntoIterator<Item = Instruction<'a>> {
+        let mut script = ScriptBuf::new();
+        script.extend(iter);
+        script
+    }
+}
+
+impl<'a> Extend<Instruction<'a>> for ScriptBuf {
+    fn extend<T>(&mut self, iter: T) where T: IntoIterator<Item = Instruction<'a>> {
+        let mut iter = iter.into_iter();
+        // Most of Bitcoin scripts have only a few opcodes, so we can avoid reallocations in many
+        // cases.
+        if iter.size_hint().1.map(|max| max < 6).unwrap_or(false) {
+            // `MaybeUninit` might be faster but we don't want to introduce more `unsafe` than
+            // required.
+            let mut head = [None; 5];
+            let mut total_size = 0;
+            for (head, instr) in head.iter_mut().zip(&mut iter) {
+                total_size += instr.script_serialized_len();
+                *head = Some(instr);
+            }
+            self.reserve(total_size);
+            for instr in iter {
+                self.push_instruction_no_opt(instr);
+            }
         } else {
-            32 + 4 + 1 + 107 + 4 + // The spend cost copied from Core
-            8 + // The serialized size of the TxOut's amount field
-            self.consensus_encode(&mut sink()).expect("sinks don't error") as u64 // The serialized size of this script_pubkey
-        };
-
-        crate::Amount::from_sat(sats)
-    }
-
-    /// Iterates over the script in the form of `Instruction`s, which are an enum covering opcodes,
-    /// datapushes and errors.
-    ///
-    /// At most one error will be returned and then the iterator will end. To instead iterate over
-    /// the script as sequence of bytes, treat it as a slice using `script[..]` or convert it to a
-    /// vector using `into_bytes()`.
-    ///
-    /// To force minimal pushes, use [`Self::instructions_minimal`].
-    pub fn instructions(&self) -> Instructions {
-        Instructions {
-            data: self.0.iter(),
-            enforce_minimal: false,
-        }
-    }
-
-    /// Iterates over the script in the form of `Instruction`s while enforcing minimal pushes.
-    pub fn instructions_minimal(&self) -> Instructions {
-        Instructions {
-            data: self.0.iter(),
-            enforce_minimal: true,
-        }
-    }
-
-    /// Shorthand for [`Self::verify_with_flags`] with flag [bitcoinconsensus::VERIFY_ALL].
-    #[cfg(feature="bitcoinconsensus")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "bitcoinconsensus")))]
-    pub fn verify (&self, index: usize, amount: crate::Amount, spending: &[u8]) -> Result<(), Error> {
-        self.verify_with_flags(index, amount, spending, bitcoinconsensus::VERIFY_ALL)
-    }
-
-    /// Verifies spend of an input script.
-    ///
-    /// # Parameters
-    ///  * `index` - The input index in spending which is spending this transaction.
-    ///  * `amount` - The amount this script guards.
-    ///  * `spending` - The transaction that attempts to spend the output holding this script.
-    ///  * `flags` - Verification flags, see [`bitcoinconsensus::VERIFY_ALL`] and similar.
-    #[cfg(feature="bitcoinconsensus")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "bitcoinconsensus")))]
-    pub fn verify_with_flags<F: Into<u32>>(&self, index: usize, amount: crate::Amount, spending: &[u8], flags: F) -> Result<(), Error> {
-        Ok(bitcoinconsensus::verify_with_flags (&self.0[..], amount.to_sat(), spending, index, flags.into())?)
-    }
-
-    /// Writes the assembly decoding of the script bytes to the formatter.
-    pub fn bytes_to_asm_fmt(script: &[u8], f: &mut dyn fmt::Write) -> fmt::Result {
-        // This has to be a macro because it needs to break the loop
-        macro_rules! read_push_data_len {
-            ($iter:expr, $len:literal, $formatter:expr) => {
-                match read_uint_iter($iter, $len) {
-                    Ok(n) => {
-                        n
-                    },
-                    Err(UintError::EarlyEndOfScript) => {
-                        $formatter.write_str("<unexpected end>")?;
-                        break;
-                    }
-                    // We got the data in a slice which implies it being shorter than `usize::max_value()`
-                    // So if we got overflow, we can confidently say the number is higher than length of
-                    // the slice even though we don't know the exact number. This implies attempt to push
-                    // past end.
-                    Err(UintError::NumericOverflow) => {
-                        $formatter.write_str("<push past end>")?;
-                        break;
-                    }
-                }
+            for instr in iter {
+                self.push_instruction(instr);
             }
         }
-
-        let mut iter = script.iter();
-        // Was at least one opcode emitted?
-        let mut at_least_one = false;
-        // `iter` needs to be borrowed in `read_push_data_len`, so we have to use `while let` instead
-        // of `for`.
-        while let Some(byte) = iter.next() {
-            let opcode = opcodes::All::from(*byte);
-
-            let data_len = if let opcodes::Class::PushBytes(n) = opcode.classify(opcodes::ClassifyContext::Legacy) {
-                n as usize
-            } else {
-                match opcode {
-                    OP_PUSHDATA1 => {
-                        // side effects: may write and break from the loop
-                        read_push_data_len!(&mut iter, 1, f)
-                    }
-                    OP_PUSHDATA2 => {
-                        // side effects: may write and break from the loop
-                        read_push_data_len!(&mut iter, 2, f)
-                    }
-                    OP_PUSHDATA4 => {
-                        // side effects: may write and break from the loop
-                        read_push_data_len!(&mut iter, 4, f)
-                    }
-                    _ => 0
-                }
-            };
-
-            if at_least_one {
-                f.write_str(" ")?;
-            } else {
-                at_least_one = true;
-            }
-            // Write the opcode
-            if opcode == OP_PUSHBYTES_0 {
-                f.write_str("OP_0")?;
-            } else {
-                write!(f, "{:?}", opcode)?;
-            }
-            // Write any pushdata
-            if data_len > 0 {
-                f.write_str(" ")?;
-                if data_len <= iter.len() {
-                    for ch in iter.by_ref().take(data_len) {
-                        write!(f, "{:02x}", ch)?;
-                    }
-                } else {
-                    f.write_str("<push past end>")?;
-                    break;
-                }
-            }
-        }
-        Ok(())
-    }
-
-    /// Writes the assembly decoding of the script to the formatter.
-    pub fn fmt_asm(&self, f: &mut dyn fmt::Write) -> fmt::Result {
-        Script::bytes_to_asm_fmt(self.as_ref(), f)
-    }
-
-    /// Creates an assembly decoding of the script in the given byte slice.
-    pub fn bytes_to_asm(script: &[u8]) -> String {
-        let mut buf = String::new();
-        Script::bytes_to_asm_fmt(script, &mut buf).unwrap();
-        buf
-    }
-
-    /// Returns the assembly decoding of the script.
-    pub fn asm(&self) -> String {
-        Script::bytes_to_asm(self.as_ref())
     }
 }
 
-/// Creates a new script from an existing vector.
-impl From<Vec<u8>> for Script {
-    fn from(v: Vec<u8>) -> Script { Script(v.into_boxed_slice()) }
+impl From<ScriptBuf> for ScriptHash {
+    fn from(script: ScriptBuf) -> ScriptHash {
+        script.script_hash()
+    }
 }
 
-impl From<Script> for ScriptHash {
-    fn from(script: Script) -> ScriptHash {
+impl From<&ScriptBuf> for ScriptHash {
+    fn from(script: &ScriptBuf) -> ScriptHash {
         script.script_hash()
     }
 }
@@ -839,8 +1469,14 @@ impl From<&Script> for ScriptHash {
     }
 }
 
-impl From<Script> for WScriptHash {
-    fn from(script: Script) -> WScriptHash {
+impl From<ScriptBuf> for WScriptHash {
+    fn from(script: ScriptBuf) -> WScriptHash {
+        script.wscript_hash()
+    }
+}
+
+impl From<&ScriptBuf> for WScriptHash {
+    fn from(script: &ScriptBuf) -> WScriptHash {
         script.wscript_hash()
     }
 }
@@ -860,13 +1496,47 @@ pub enum Instruction<'a> {
     Op(opcodes::All),
 }
 
+impl<'a> Instruction<'a> {
+    /// Returns the opcode if the instruction is not a data push.
+    pub fn opcode(&self) -> Option<opcodes::All> {
+        match self {
+            Instruction::Op(op) => Some(*op),
+            Instruction::PushBytes(_) => None,
+        }
+    }
+
+    /// Returns the opcode if the instruction is not a data push.
+    pub fn push_bytes(&self) -> Option<&[u8]> {
+        match self {
+            Instruction::Op(_) => None,
+            Instruction::PushBytes(bytes) => Some(bytes),
+        }
+    }
+
+    /// Returns the number of bytes required to encode the instruction in script.
+    fn script_serialized_len(&self) -> usize {
+        match self {
+            Instruction::Op(_) => 1,
+            Instruction::PushBytes(bytes) => ScriptBuf::reserved_len_for_slice(bytes.len()),
+        }
+    }
+}
+
 /// Iterator over a script returning parsed opcodes.
+#[derive(Debug, Clone)]
 pub struct Instructions<'a> {
     data: core::slice::Iter<'a, u8>,
     enforce_minimal: bool,
 }
 
 impl<'a> Instructions<'a> {
+    /// Views the remaining script as a slice.
+    ///
+    /// This is analogous to what [`core::str::Chars::as_str`] does.
+    pub fn as_script(&self) -> &'a Script {
+        Script::from_bytes(self.data.as_slice())
+    }
+
     /// Sets the iterator to end so that it won't iterate any longer.
     fn kill(&mut self) {
         let len = self.data.len();
@@ -957,14 +1627,93 @@ impl<'a> Iterator for Instructions<'a> {
             }
         }
     }
+
+    #[inline]
+    fn size_hint(&self) -> (usize, Option<usize>) {
+        if self.data.len() == 0 {
+            (0, Some(0))
+        } else {
+            // There will not be more instructions than bytes
+            (1, Some(self.data.len()))
+        }
+    }
 }
 
 impl<'a> core::iter::FusedIterator for Instructions<'a> {}
 
+/// Iterator over script instructions with their positions.
+///
+/// The returned indices can be used for slicing [`Script`] [safely](Script#slicing-safety).
+///
+/// This is analogous to [`core::str::CharIndices`].
+#[derive(Debug, Clone)]
+pub struct InstructionIndices<'a> {
+    instructions: Instructions<'a>,
+    pos: usize,
+}
+
+impl<'a> InstructionIndices<'a> {
+    /// Views the remaining script as a slice.
+    ///
+    /// This is analogous to what [`core::str::Chars::as_str`] does.
+    #[inline]
+    pub fn as_script(&self) -> &'a Script {
+        self.instructions.as_script()
+    }
+
+    /// Creates `Self` setting `pos` to 0.
+    fn from_instructions(instructions: Instructions<'a>) -> Self {
+        InstructionIndices {
+            instructions,
+            pos: 0,
+        }
+    }
+
+    fn remaining_bytes(&self) -> usize {
+        self.instructions.as_script().len()
+    }
+
+    /// Modifies the iterator using `next_fn` returning the next item.
+    ///
+    /// This generically computes the new position and maps the value to be returned from iterator
+    /// method.
+    fn next_with<F: FnOnce(&mut Self) -> Option<Result<Instruction<'a>, Error>>>(&mut self, next_fn: F) -> Option<<Self as Iterator>::Item> {
+        let prev_remaining = self.remaining_bytes();
+        let prev_pos = self.pos;
+        let instruction = next_fn(self)?;
+        // No underflow: there must be less remaining bytes now than previously
+        let consumed = prev_remaining - self.remaining_bytes();
+        // No overflow: sum will never exceed slice length which itself can't exceed `usize`
+        self.pos += consumed;
+        Some(instruction.map(move |instruction| (prev_pos, instruction)))
+    }
+}
+
+impl<'a> Iterator for InstructionIndices<'a> {
+    /// The `usize` in the tuple represents index at which the returned `Instruction` is located.
+    type Item = Result<(usize, Instruction<'a>), Error>;
+
+    fn next(&mut self) -> Option<Self::Item> {
+        self.next_with(|this| this.instructions.next())
+    }
+
+    #[inline]
+    fn size_hint(&self) -> (usize, Option<usize>) {
+        self.instructions.size_hint()
+    }
+
+    // the override avoids computing pos multiple times
+    fn nth(&mut self, n: usize) -> Option<Self::Item> {
+        self.next_with(|this| this.instructions.nth(n))
+    }
+}
+
+impl core::iter::FusedIterator for InstructionIndices<'_> {}
+
 impl Builder {
     /// Creates a new empty script.
     pub fn new() -> Self {
-        Builder(vec![], None)
+        Builder(ScriptBuf::new(), None)
     }
 
     /// Returns the length in bytes of the script.
@@ -1003,29 +1752,7 @@ impl Builder {
 
     /// Adds instructions to push some arbitrary data onto the stack.
     pub fn push_slice(mut self, data: &[u8]) -> Builder {
-        // Start with a PUSH opcode
-        match data.len() as u64 {
-            n if n < opcodes::Ordinary::OP_PUSHDATA1 as u64 => { self.0.push(n as u8); },
-            n if n < 0x100 => {
-                self.0.push(opcodes::Ordinary::OP_PUSHDATA1.to_u8());
-                self.0.push(n as u8);
-            },
-            n if n < 0x10000 => {
-                self.0.push(opcodes::Ordinary::OP_PUSHDATA2.to_u8());
-                self.0.push((n % 0x100) as u8);
-                self.0.push((n / 0x100) as u8);
-            },
-            n if n < 0x100000000 => {
-                self.0.push(opcodes::Ordinary::OP_PUSHDATA4.to_u8());
-                self.0.push((n % 0x100) as u8);
-                self.0.push(((n / 0x100) % 0x100) as u8);
-                self.0.push(((n / 0x10000) % 0x100) as u8);
-                self.0.push((n / 0x1000000) as u8);
-            }
-            _ => panic!("tried to put a 4bn+ sized object into a script!")
-        }
-        // Then push the raw bytes
-        self.0.extend(data.iter().cloned());
+        self.0.push_slice(data);
         self.1 = None;
         self
     }
@@ -1046,7 +1773,7 @@ impl Builder {
 
     /// Adds a single opcode to the script.
     pub fn push_opcode(mut self, data: opcodes::All) -> Builder {
-        self.0.push(data.to_u8());
+        self.0.push_opcode(data);
         self.1 = Some(data);
         self
     }
@@ -1057,36 +1784,52 @@ impl Builder {
     /// in the script right after. To save space this function appends `VERIFY` only if
     /// the most-recently-added opcode *does not* have an alternate `VERIFY` form. If it does
     /// the last opcode is replaced. E.g., `OP_CHECKSIG` will become `OP_CHECKSIGVERIFY`.
-    /// 
+    ///
     /// Note that existing `OP_*VERIFY` opcodes do not lead to the instruction being ignored
     /// because `OP_VERIFY` consumes an item from the stack so ignoring them would change the
     /// semantics.
     pub fn push_verify(mut self) -> Builder {
-        match self.1 {
-            Some(OP_EQUAL) => {
-                self.0.pop();
-                self.push_opcode(OP_EQUALVERIFY)
+        // "duplicated code" because we need to update `1` field
+        match opcode_to_verify(self.1) {
+            Some(opcode) => {
+                (self.0).0.pop();
+                self.push_opcode(opcode)
             },
-            Some(OP_NUMEQUAL) => {
-                self.0.pop();
-                self.push_opcode(OP_NUMEQUALVERIFY)
-            },
-            Some(OP_CHECKSIG) => {
-                self.0.pop();
-                self.push_opcode(OP_CHECKSIGVERIFY)
-            },
-            Some(OP_CHECKMULTISIG) => {
-                self.0.pop();
-                self.push_opcode(OP_CHECKMULTISIGVERIFY)
-            },
-            _ => self.push_opcode(OP_VERIFY),
+            None => self.push_opcode(OP_VERIFY),
         }
     }
 
-    /// Converts the `Builder` into an unmodifiable `Script`.
-    pub fn into_script(self) -> Script {
-        Script(self.0.into_boxed_slice())
+    /// Converts the `Builder` into `ScriptBuf`.
+    pub fn into_script(self) -> ScriptBuf {
+        self.0
     }
+
+    /// Converts the `Builder` into script bytes
+    pub fn into_bytes(self) -> Vec<u8> {
+        self.0.into()
+    }
+
+    /// Returns the internal script
+    pub fn as_script(&self) -> &Script {
+        &self.0
+    }
+
+    /// Returns script bytes
+    pub fn as_bytes(&self) -> &[u8] {
+        self.0.as_bytes()
+    }
+}
+
+fn opcode_to_verify(opcode: Option<opcodes::All>) -> Option<opcodes::All> {
+    opcode.and_then(|opcode| {
+        match opcode {
+            OP_EQUAL => Some(OP_EQUALVERIFY),
+            OP_NUMEQUAL => Some(OP_NUMEQUALVERIFY),
+            OP_CHECKSIG => Some(OP_CHECKSIGVERIFY),
+            OP_CHECKMULTISIG => Some(OP_CHECKMULTISIGVERIFY),
+            _ => None,
+        }
+    })
 }
 
 impl Default for Builder {
@@ -1096,70 +1839,9 @@ impl Default for Builder {
 /// Creates a new builder from an existing vector.
 impl From<Vec<u8>> for Builder {
     fn from(v: Vec<u8>) -> Builder {
-        let script = Script(v.into_boxed_slice());
-        let last_op = match script.instructions().last() {
-            Some(Ok(Instruction::Op(op))) => Some(op),
-            _ => None,
-        };
-        Builder(script.into_bytes(), last_op)
-    }
-}
-
-#[cfg(feature = "serde")]
-#[cfg_attr(docsrs, doc(cfg(feature = "serde")))]
-impl<'de> serde::Deserialize<'de> for Script {
-    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
-    where
-        D: serde::Deserializer<'de>,
-    {
-        use core::fmt::Formatter;
-        use crate::hashes::hex::FromHex;
-
-        if deserializer.is_human_readable() {
-
-            struct Visitor;
-            impl<'de> serde::de::Visitor<'de> for Visitor {
-                type Value = Script;
-
-                fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
-                    formatter.write_str("a script hex")
-                }
-
-                fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
-                where
-                    E: serde::de::Error,
-                {
-                    let v = Vec::from_hex(v).map_err(E::custom)?;
-                    Ok(Script::from(v))
-                }
-            }
-            deserializer.deserialize_str(Visitor)
-        } else {
-            struct BytesVisitor;
-
-            impl<'de> serde::de::Visitor<'de> for BytesVisitor {
-                type Value = Script;
-
-                fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
-                    formatter.write_str("a script Vec<u8>")
-                }
-
-                fn visit_bytes<E>(self, v: &[u8]) -> Result<Self::Value, E>
-                where
-                    E: serde::de::Error,
-                {
-                    Ok(Script::from(v.to_vec()))
-                }
-
-                fn visit_byte_buf<E>(self, v: Vec<u8>) -> Result<Self::Value, E>
-                where
-                    E: serde::de::Error,
-                {
-                    Ok(Script::from(v))
-                }
-            }
-            deserializer.deserialize_bytes(BytesVisitor)
-        }
+        let script = ScriptBuf::from(v);
+        let last_op = script.last_opcode();
+        Builder(script, last_op)
     }
 }
 
@@ -1171,8 +1853,6 @@ impl serde::Serialize for Script {
     where
         S: serde::Serializer,
     {
-        use crate::hashes::hex::ToHex;
-
         if serializer.is_human_readable() {
             serializer.serialize_str(&self.to_hex())
         } else {
@@ -1181,17 +1861,127 @@ impl serde::Serialize for Script {
     }
 }
 
+/// Can only deserialize borrowed bytes.
+#[cfg(feature = "serde")]
+#[cfg_attr(docsrs, doc(cfg(feature = "serde")))]
+impl<'de> serde::Deserialize<'de> for &'de Script {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: serde::Deserializer<'de>,
+    {
+        if deserializer.is_human_readable() {
+            use crate::serde::de::Error;
+
+            return Err(D::Error::custom("deserialization of `&Script` from human-readable formats is not possible"));
+        }
+
+        struct Visitor;
+        impl<'de> serde::de::Visitor<'de> for Visitor {
+            type Value = &'de Script;
+
+            fn expecting(&self, formatter: &mut fmt::Formatter) -> fmt::Result {
+                formatter.write_str("borrowed bytes")
+            }
+
+            fn visit_borrowed_bytes<E>(self, v: &'de [u8]) -> Result<Self::Value, E>
+            where
+                E: serde::de::Error,
+            {
+                Ok(Script::from_bytes(v))
+            }
+        }
+        deserializer.deserialize_bytes(Visitor)
+    }
+}
+
+#[cfg(feature = "serde")]
+#[cfg_attr(docsrs, doc(cfg(feature = "serde")))]
+impl<'de> serde::Deserialize<'de> for ScriptBuf {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: serde::Deserializer<'de>,
+    {
+        use core::fmt::Formatter;
+        use crate::hashes::hex::FromHex;
+
+        if deserializer.is_human_readable() {
+
+            struct Visitor;
+            impl<'de> serde::de::Visitor<'de> for Visitor {
+                type Value = ScriptBuf;
+
+                fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
+                    formatter.write_str("a script hex")
+                }
+
+                fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
+                where
+                    E: serde::de::Error,
+                {
+                    let v = Vec::from_hex(v).map_err(E::custom)?;
+                    Ok(ScriptBuf::from(v))
+                }
+            }
+            deserializer.deserialize_str(Visitor)
+        } else {
+            struct BytesVisitor;
+
+            impl<'de> serde::de::Visitor<'de> for BytesVisitor {
+                type Value = ScriptBuf;
+
+                fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
+                    formatter.write_str("a script Vec<u8>")
+                }
+
+                fn visit_bytes<E>(self, v: &[u8]) -> Result<Self::Value, E>
+                where
+                    E: serde::de::Error,
+                {
+                    Ok(ScriptBuf::from(v.to_vec()))
+                }
+
+                fn visit_byte_buf<E>(self, v: Vec<u8>) -> Result<Self::Value, E>
+                where
+                    E: serde::de::Error,
+                {
+                    Ok(ScriptBuf::from(v))
+                }
+            }
+            deserializer.deserialize_byte_buf(BytesVisitor)
+        }
+    }
+}
+
+#[cfg(feature = "serde")]
+#[cfg_attr(docsrs, doc(cfg(feature = "serde")))]
+impl serde::Serialize for ScriptBuf {
+    /// User-facing serialization for `Script`.
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        (**self).serialize(serializer)
+    }
+}
+
 impl Encodable for Script {
+    #[inline]
+    fn consensus_encode<W: io::Write + ?Sized>(&self, w: &mut W) -> Result<usize, io::Error> {
+        crate::consensus::encode::consensus_encode_with_size(&self.0, w)
+    }
+}
+
+impl Encodable for ScriptBuf {
     #[inline]
     fn consensus_encode<W: io::Write + ?Sized>(&self, w: &mut W) -> Result<usize, io::Error> {
         self.0.consensus_encode(w)
     }
 }
 
-impl Decodable for Script {
+impl Decodable for ScriptBuf {
     #[inline]
     fn consensus_decode_from_finite_reader<R: io::Read + ?Sized>(r: &mut R) -> Result<Self, encode::Error> {
-        Ok(Script(Decodable::consensus_decode_from_finite_reader(r)?))
+        Ok(ScriptBuf(Decodable::consensus_decode_from_finite_reader(r)?))
     }
 }
 
@@ -1213,36 +2003,36 @@ mod test {
     fn script() {
         let mut comp = vec![];
         let mut script = Builder::new();
-        assert_eq!(&script[..], &comp[..]);
+        assert_eq!(script.as_bytes(), &comp[..]);
 
         // small ints
-        script = script.push_int(1);  comp.push(81u8); assert_eq!(&script[..], &comp[..]);
-        script = script.push_int(0);  comp.push(0u8);  assert_eq!(&script[..], &comp[..]);
-        script = script.push_int(4);  comp.push(84u8); assert_eq!(&script[..], &comp[..]);
-        script = script.push_int(-1); comp.push(79u8); assert_eq!(&script[..], &comp[..]);
+        script = script.push_int(1);  comp.push(81u8); assert_eq!(script.as_bytes(), &comp[..]);
+        script = script.push_int(0);  comp.push(0u8);  assert_eq!(script.as_bytes(), &comp[..]);
+        script = script.push_int(4);  comp.push(84u8); assert_eq!(script.as_bytes(), &comp[..]);
+        script = script.push_int(-1); comp.push(79u8); assert_eq!(script.as_bytes(), &comp[..]);
         // forced scriptint
-        script = script.push_scriptint(4); comp.extend([1u8, 4].iter().cloned()); assert_eq!(&script[..], &comp[..]);
+        script = script.push_scriptint(4); comp.extend([1u8, 4].iter().cloned()); assert_eq!(script.as_bytes(), &comp[..]);
         // big ints
-        script = script.push_int(17); comp.extend([1u8, 17].iter().cloned()); assert_eq!(&script[..], &comp[..]);
-        script = script.push_int(10000); comp.extend([2u8, 16, 39].iter().cloned()); assert_eq!(&script[..], &comp[..]);
+        script = script.push_int(17); comp.extend([1u8, 17].iter().cloned()); assert_eq!(script.as_bytes(), &comp[..]);
+        script = script.push_int(10000); comp.extend([2u8, 16, 39].iter().cloned()); assert_eq!(script.as_bytes(), &comp[..]);
         // notice the sign bit set here, hence the extra zero/128 at the end
-        script = script.push_int(10000000); comp.extend([4u8, 128, 150, 152, 0].iter().cloned()); assert_eq!(&script[..], &comp[..]);
-        script = script.push_int(-10000000); comp.extend([4u8, 128, 150, 152, 128].iter().cloned()); assert_eq!(&script[..], &comp[..]);
+        script = script.push_int(10000000); comp.extend([4u8, 128, 150, 152, 0].iter().cloned()); assert_eq!(script.as_bytes(), &comp[..]);
+        script = script.push_int(-10000000); comp.extend([4u8, 128, 150, 152, 128].iter().cloned()); assert_eq!(script.as_bytes(), &comp[..]);
 
         // data
-        script = script.push_slice("NRA4VR".as_bytes()); comp.extend([6u8, 78, 82, 65, 52, 86, 82].iter().cloned()); assert_eq!(&script[..], &comp[..]);
+        script = script.push_slice("NRA4VR".as_bytes()); comp.extend([6u8, 78, 82, 65, 52, 86, 82].iter().cloned()); assert_eq!(script.as_bytes(), &comp[..]);
 
         // keys
         let keystr = "21032e58afe51f9ed8ad3cc7897f634d881fdbe49a81564629ded8156bebd2ffd1af";
         let key = PublicKey::from_str(&keystr[2..]).unwrap();
-        script = script.push_key(&key); comp.extend(Vec::from_hex(keystr).unwrap().iter().cloned()); assert_eq!(&script[..], &comp[..]);
+        script = script.push_key(&key); comp.extend(Vec::from_hex(keystr).unwrap().iter().cloned()); assert_eq!(script.as_bytes(), &comp[..]);
         let keystr = "41042e58afe51f9ed8ad3cc7897f634d881fdbe49a81564629ded8156bebd2ffd1af191923a2964c177f5b5923ae500fca49e99492d534aa3759d6b25a8bc971b133";
         let key = PublicKey::from_str(&keystr[2..]).unwrap();
-        script = script.push_key(&key); comp.extend(Vec::from_hex(keystr).unwrap().iter().cloned()); assert_eq!(&script[..], &comp[..]);
+        script = script.push_key(&key); comp.extend(Vec::from_hex(keystr).unwrap().iter().cloned()); assert_eq!(script.as_bytes(), &comp[..]);
 
         // opcodes
-        script = script.push_opcode(OP_CHECKSIG); comp.push(0xACu8); assert_eq!(&script[..], &comp[..]);
-        script = script.push_opcode(OP_CHECKSIG); comp.push(0xACu8); assert_eq!(&script[..], &comp[..]);
+        script = script.push_opcode(OP_CHECKSIG); comp.push(0xACu8); assert_eq!(script.as_bytes(), &comp[..]);
+        script = script.push_opcode(OP_CHECKSIG); comp.push(0xACu8); assert_eq!(script.as_bytes(), &comp[..]);
     }
 
     #[test]
@@ -1388,7 +2178,7 @@ mod test {
         let keystr = "209997a497d964fc1a62885b05a51166a65a90df00492c8d7cf61d6accf54803be";
         let x_only_key = XOnlyPublicKey::from_str(&keystr[2..]).unwrap();
         let script = Builder::new().push_x_only_key(&x_only_key);
-        assert_eq!(script.0, Vec::from_hex(keystr).unwrap());
+        assert_eq!(script.into_bytes(), Vec::from_hex(keystr).unwrap());
     }
 
     #[test]
@@ -1406,31 +2196,31 @@ mod test {
     #[test]
     fn script_generators() {
         let pubkey = PublicKey::from_str("0234e6a79c5359c613762d537e0e19d86c77c1666d8c9ab050f23acd198e97f93e").unwrap();
-        assert!(Script::new_p2pk(&pubkey).is_p2pk());
+        assert!(ScriptBuf::new_p2pk(&pubkey).is_p2pk());
 
         let pubkey_hash = PubkeyHash::hash(&pubkey.inner.serialize());
-        assert!(Script::new_p2pkh(&pubkey_hash).is_p2pkh());
+        assert!(ScriptBuf::new_p2pkh(&pubkey_hash).is_p2pkh());
 
         let wpubkey_hash = WPubkeyHash::hash(&pubkey.inner.serialize());
-        assert!(Script::new_v0_p2wpkh(&wpubkey_hash).is_v0_p2wpkh());
+        assert!(ScriptBuf::new_v0_p2wpkh(&wpubkey_hash).is_v0_p2wpkh());
 
         let script = Builder::new().push_opcode(OP_NUMEQUAL)
                                    .push_verify()
                                    .into_script();
         let script_hash = ScriptHash::hash(&script.serialize());
-        let p2sh = Script::new_p2sh(&script_hash);
+        let p2sh = ScriptBuf::new_p2sh(&script_hash);
         assert!(p2sh.is_p2sh());
         assert_eq!(script.to_p2sh(), p2sh);
 
         let wscript_hash = WScriptHash::hash(&script.serialize());
-        let p2wsh = Script::new_v0_p2wsh(&wscript_hash);
+        let p2wsh = ScriptBuf::new_v0_p2wsh(&wscript_hash);
         assert!(p2wsh.is_v0_p2wsh());
         assert_eq!(script.to_v0_p2wsh(), p2wsh);
 
         // Test data are taken from the second output of
         // 2ccb3a1f745eb4eefcf29391460250adda5fab78aaddb902d25d3cd97d9d8e61 transaction
         let data = Vec::<u8>::from_hex("aa21a9ed20280f53f2d21663cac89e6bd2ad19edbabb048cda08e73ed19e9268d0afea2a").unwrap();
-        let op_return = Script::new_op_return(&data);
+        let op_return = ScriptBuf::new_op_return(&data);
         assert!(op_return.is_op_return());
         assert_eq!(op_return.to_hex(), "6a24aa21a9ed20280f53f2d21663cac89e6bd2ad19edbabb048cda08e73ed19e9268d0afea2a");
     }
@@ -1510,7 +2300,7 @@ mod test {
     #[test]
     fn script_serialize() {
         let hex_script = Vec::from_hex("6c493046022100f93bb0e7d8db7bd46e40132d1f8242026e045f03a0efe71bbb8e3f475e970d790221009337cd7f1f929f00cc6ff01f03729b069a7c21b59b1736ddfee5db5946c5da8c0121033b9b137ee87d5a812d6f506efdd37f0affa7ffc310711c06c7f3e097c9447c52").unwrap();
-        let script: Result<Script, _> = deserialize(&hex_script);
+        let script: Result<ScriptBuf, _> = deserialize(&hex_script);
         assert!(script.is_ok());
         assert_eq!(serialize(&script.unwrap()), hex_script);
     }
@@ -1581,39 +2371,46 @@ mod test {
         let original = hex_script!("827651a0698faaa9a8a7a687");
         let json = serde_json::to_value(&original).unwrap();
         assert_eq!(json, serde_json::Value::String("827651a0698faaa9a8a7a687".to_owned()));
-        let des = serde_json::from_value(json).unwrap();
+        let des = serde_json::from_value::<ScriptBuf>(json).unwrap();
         assert_eq!(original, des);
     }
 
     #[test]
     fn script_asm() {
-        assert_eq!(hex_script!("6363636363686868686800").asm(),
+        assert_eq!(hex_script!("6363636363686868686800").to_asm_string(),
                    "OP_IF OP_IF OP_IF OP_IF OP_IF OP_ENDIF OP_ENDIF OP_ENDIF OP_ENDIF OP_ENDIF OP_0");
-        assert_eq!(hex_script!("6363636363686868686800").asm(),
+        assert_eq!(hex_script!("6363636363686868686800").to_asm_string(),
                    "OP_IF OP_IF OP_IF OP_IF OP_IF OP_ENDIF OP_ENDIF OP_ENDIF OP_ENDIF OP_ENDIF OP_0");
-        assert_eq!(hex_script!("2102715e91d37d239dea832f1460e91e368115d8ca6cc23a7da966795abad9e3b699ac").asm(),
+        assert_eq!(hex_script!("2102715e91d37d239dea832f1460e91e368115d8ca6cc23a7da966795abad9e3b699ac").to_asm_string(),
                    "OP_PUSHBYTES_33 02715e91d37d239dea832f1460e91e368115d8ca6cc23a7da966795abad9e3b699 OP_CHECKSIG");
         // Elements Alpha peg-out transaction with some signatures removed for brevity. Mainly to test PUSHDATA1
-        assert_eq!(hex_script!("0047304402202457e78cc1b7f50d0543863c27de75d07982bde8359b9e3316adec0aec165f2f02200203fd331c4e4a4a02f48cf1c291e2c0d6b2f7078a784b5b3649fca41f8794d401004cf1552103244e602b46755f24327142a0517288cebd159eccb6ccf41ea6edf1f601e9af952103bbbacc302d19d29dbfa62d23f37944ae19853cf260c745c2bea739c95328fcb721039227e83246bd51140fe93538b2301c9048be82ef2fb3c7fc5d78426ed6f609ad210229bf310c379b90033e2ecb07f77ecf9b8d59acb623ab7be25a0caed539e2e6472103703e2ed676936f10b3ce9149fa2d4a32060fb86fa9a70a4efe3f21d7ab90611921031e9b7c6022400a6bb0424bbcde14cff6c016b91ee3803926f3440abf5c146d05210334667f975f55a8455d515a2ef1c94fdfa3315f12319a14515d2a13d82831f62f57ae").asm(),
+        assert_eq!(hex_script!("0047304402202457e78cc1b7f50d0543863c27de75d07982bde8359b9e3316adec0aec165f2f02200203fd331c4e4a4a02f48cf1c291e2c0d6b2f7078a784b5b3649fca41f8794d401004cf1552103244e602b46755f24327142a0517288cebd159eccb6ccf41ea6edf1f601e9af952103bbbacc302d19d29dbfa62d23f37944ae19853cf260c745c2bea739c95328fcb721039227e83246bd51140fe93538b2301c9048be82ef2fb3c7fc5d78426ed6f609ad210229bf310c379b90033e2ecb07f77ecf9b8d59acb623ab7be25a0caed539e2e6472103703e2ed676936f10b3ce9149fa2d4a32060fb86fa9a70a4efe3f21d7ab90611921031e9b7c6022400a6bb0424bbcde14cff6c016b91ee3803926f3440abf5c146d05210334667f975f55a8455d515a2ef1c94fdfa3315f12319a14515d2a13d82831f62f57ae").to_asm_string(),
                    "OP_0 OP_PUSHBYTES_71 304402202457e78cc1b7f50d0543863c27de75d07982bde8359b9e3316adec0aec165f2f02200203fd331c4e4a4a02f48cf1c291e2c0d6b2f7078a784b5b3649fca41f8794d401 OP_0 OP_PUSHDATA1 552103244e602b46755f24327142a0517288cebd159eccb6ccf41ea6edf1f601e9af952103bbbacc302d19d29dbfa62d23f37944ae19853cf260c745c2bea739c95328fcb721039227e83246bd51140fe93538b2301c9048be82ef2fb3c7fc5d78426ed6f609ad210229bf310c379b90033e2ecb07f77ecf9b8d59acb623ab7be25a0caed539e2e6472103703e2ed676936f10b3ce9149fa2d4a32060fb86fa9a70a4efe3f21d7ab90611921031e9b7c6022400a6bb0424bbcde14cff6c016b91ee3803926f3440abf5c146d05210334667f975f55a8455d515a2ef1c94fdfa3315f12319a14515d2a13d82831f62f57ae");
         // Various weird scripts found in transaction 6d7ed9914625c73c0288694a6819196a27ef6c08f98e1270d975a8e65a3dc09a
         // which triggerred overflow bugs on 32-bit machines in script formatting in the past.
-        assert_eq!(hex_script!("01").asm(),
+        assert_eq!(hex_script!("01").to_asm_string(),
                    "OP_PUSHBYTES_1 <push past end>");
-        assert_eq!(hex_script!("0201").asm(),
+        assert_eq!(hex_script!("0201").to_asm_string(),
                    "OP_PUSHBYTES_2 <push past end>");
-        assert_eq!(hex_script!("4c").asm(),
+        assert_eq!(hex_script!("4c").to_asm_string(),
                    "<unexpected end>");
-        assert_eq!(hex_script!("4c0201").asm(),
+        assert_eq!(hex_script!("4c0201").to_asm_string(),
                    "OP_PUSHDATA1 <push past end>");
-        assert_eq!(hex_script!("4d").asm(),
+        assert_eq!(hex_script!("4d").to_asm_string(),
                    "<unexpected end>");
-        assert_eq!(hex_script!("4dffff01").asm(),
+        assert_eq!(hex_script!("4dffff01").to_asm_string(),
                    "OP_PUSHDATA2 <push past end>");
-        assert_eq!(hex_script!("4effffffff01").asm(),
+        assert_eq!(hex_script!("4effffffff01").to_asm_string(),
                    "OP_PUSHDATA4 <push past end>");
     }
 
+    #[test]
+    fn script_buf_collect() {
+        assert_eq!(&core::iter::empty::<Instruction<'_>>().collect::<ScriptBuf>(), Script::empty());
+        let script = hex_script!("0047304402202457e78cc1b7f50d0543863c27de75d07982bde8359b9e3316adec0aec165f2f02200203fd331c4e4a4a02f48cf1c291e2c0d6b2f7078a784b5b3649fca41f8794d401004cf1552103244e602b46755f24327142a0517288cebd159eccb6ccf41ea6edf1f601e9af952103bbbacc302d19d29dbfa62d23f37944ae19853cf260c745c2bea739c95328fcb721039227e83246bd51140fe93538b2301c9048be82ef2fb3c7fc5d78426ed6f609ad210229bf310c379b90033e2ecb07f77ecf9b8d59acb623ab7be25a0caed539e2e6472103703e2ed676936f10b3ce9149fa2d4a32060fb86fa9a70a4efe3f21d7ab90611921031e9b7c6022400a6bb0424bbcde14cff6c016b91ee3803926f3440abf5c146d05210334667f975f55a8455d515a2ef1c94fdfa3315f12319a14515d2a13d82831f62f57ae");
+        assert_eq!(script.instructions().collect::<Result<ScriptBuf, _>>().unwrap(), script);
+    }
+
     #[test]
     fn script_p2sh_p2p2k_template() {
         // random outputs I picked out of the mempool
@@ -1657,6 +2454,14 @@ mod test {
         assert_eq!(redeem_script.to_v0_p2wsh().to_p2sh(), expected_out);
     }
 
+    macro_rules! unwrap_all {
+        ($($var:ident),*) => {
+            $(
+            let $var = $var.unwrap();
+            )*
+        }
+    }
+
     #[test]
     fn test_iterator() {
         let zero = hex_script!("00");
@@ -1666,34 +2471,41 @@ mod test {
         let minimal = hex_script!("0169b2");           // minimal
         let nonminimal_alt = hex_script!("026900b2");  // non-minimal number but minimal push (should be OK)
 
-        let v_zero: Result<Vec<Instruction>, Error> = zero.instructions_minimal().collect();
-        let v_zeropush: Result<Vec<Instruction>, Error> = zeropush.instructions_minimal().collect();
+        let v_zero: Result<Vec<_>, Error> = zero.instruction_indices_minimal().collect();
+        let v_zeropush: Result<Vec<_>, Error> = zeropush.instruction_indices_minimal().collect();
 
-        let v_min: Result<Vec<Instruction>, Error> = minimal.instructions_minimal().collect();
-        let v_nonmin: Result<Vec<Instruction>, Error> = nonminimal.instructions_minimal().collect();
-        let v_nonmin_alt: Result<Vec<Instruction>, Error> = nonminimal_alt.instructions_minimal().collect();
-        let slop_v_min: Result<Vec<Instruction>, Error> = minimal.instructions().collect();
-        let slop_v_nonmin: Result<Vec<Instruction>, Error> = nonminimal.instructions().collect();
-        let slop_v_nonmin_alt: Result<Vec<Instruction>, Error> = nonminimal_alt.instructions().collect();
+        let v_min: Result<Vec<_>, Error> = minimal.instruction_indices_minimal().collect();
+        let v_nonmin: Result<Vec<_>, Error> = nonminimal.instruction_indices_minimal().collect();
+        let v_nonmin_alt: Result<Vec<_>, Error> = nonminimal_alt.instruction_indices_minimal().collect();
+        let slop_v_min: Result<Vec<_>, Error> = minimal.instruction_indices().collect();
+        let slop_v_nonmin: Result<Vec<_>, Error> = nonminimal.instruction_indices().collect();
+        let slop_v_nonmin_alt: Result<Vec<_>, Error> = nonminimal_alt.instruction_indices().collect();
 
-        assert_eq!(v_zero.unwrap(), vec![Instruction::PushBytes(&[])]);
-        assert_eq!(v_zeropush.unwrap(), vec![Instruction::PushBytes(&[0])]);
+        unwrap_all!(v_zero, v_zeropush, v_min, v_nonmin_alt, slop_v_min, slop_v_nonmin, slop_v_nonmin_alt);
+
+        assert_eq!(v_zero, vec![(0, Instruction::PushBytes(&[]))]);
+        assert_eq!(v_zeropush, vec![(0, Instruction::PushBytes(&[0]))]);
 
         assert_eq!(
-            v_min.clone().unwrap(),
-            vec![Instruction::PushBytes(&[105]), Instruction::Op(opcodes::OP_NOP3)]
+            v_min,
+            vec![(0, Instruction::PushBytes(&[105])), (2, Instruction::Op(opcodes::OP_NOP3))]
         );
 
-        assert_eq!(v_nonmin.err().unwrap(), Error::NonMinimalPush);
+        assert_eq!(v_nonmin.unwrap_err(), Error::NonMinimalPush);
 
         assert_eq!(
-            v_nonmin_alt.clone().unwrap(),
-            vec![Instruction::PushBytes(&[105, 0]), Instruction::Op(opcodes::OP_NOP3)]
+            v_nonmin_alt,
+            vec![(0, Instruction::PushBytes(&[105, 0])), (3, Instruction::Op(opcodes::OP_NOP3))]
         );
 
-        assert_eq!(v_min.clone().unwrap(), slop_v_min.unwrap());
-        assert_eq!(v_min.unwrap(), slop_v_nonmin.unwrap());
-        assert_eq!(v_nonmin_alt.unwrap(), slop_v_nonmin_alt.unwrap());
+        assert_eq!(v_min, slop_v_min);
+        // indices must differ
+        assert_ne!(v_min, slop_v_nonmin);
+        // but the instructions must be equal
+        for ((_, v_min_instr), (_, slop_v_nomin_instr)) in v_min.iter().zip(&slop_v_nonmin) {
+            assert_eq!(v_min_instr, slop_v_nomin_instr);
+        }
+        assert_eq!(v_nonmin_alt, slop_v_nonmin_alt);
     }
 
 	#[test]
@@ -1746,7 +2558,7 @@ mod test {
     #[test]
     #[cfg(feature = "serde")]
     fn test_script_serde_human_and_not() {
-        let script = Script::from(vec![0u8, 1u8, 2u8]);
+        let script = ScriptBuf::from(vec![0u8, 1u8, 2u8]);
 
         // Serialize
         let json = serde_json::to_string(&script).unwrap();
@@ -1755,13 +2567,13 @@ mod test {
         assert_eq!(bincode, [3, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2]); // bincode adds u64 for length, serde_cbor use varint
 
         // Deserialize
-        assert_eq!(script, serde_json::from_str(&json).unwrap());
-        assert_eq!(script, bincode::deserialize(&bincode).unwrap());
+        assert_eq!(script, serde_json::from_str::<ScriptBuf>(&json).unwrap());
+        assert_eq!(script, bincode::deserialize::<ScriptBuf>(&bincode).unwrap());
     }
 
     #[test]
     fn test_instructions_are_fused() {
-        let script = Script::new();
+        let script = ScriptBuf::new();
         let mut instructions = script.instructions();
         assert!(instructions.next().is_none());
         assert!(instructions.next().is_none());
diff --git a/bitcoin/src/blockdata/transaction.rs b/bitcoin/src/blockdata/transaction.rs
index e580307c..2a4b374b 100644
--- a/bitcoin/src/blockdata/transaction.rs
+++ b/bitcoin/src/blockdata/transaction.rs
@@ -26,7 +26,7 @@ use crate::hashes::hex::FromHex;
 
 use crate::blockdata::constants::WITNESS_SCALE_FACTOR;
 #[cfg(feature="bitcoinconsensus")] use crate::blockdata::script;
-use crate::blockdata::script::Script;
+use crate::blockdata::script::{ScriptBuf, Script};
 use crate::blockdata::witness::Witness;
 use crate::blockdata::locktime::absolute::{self, Height, Time};
 use crate::blockdata::locktime::relative;
@@ -198,7 +198,7 @@ pub struct TxIn {
     pub previous_output: OutPoint,
     /// The script which pushes values on the stack which will cause
     /// the referenced output's script to be accepted.
-    pub script_sig: Script,
+    pub script_sig: ScriptBuf,
     /// The sequence number, which suggests to miners which of two
     /// conflicting transactions should be preferred, or 0xFFFFFFFF
     /// to ignore this feature. This is generally never used since
@@ -231,7 +231,7 @@ impl Default for TxIn {
     fn default() -> TxIn {
         TxIn {
             previous_output: OutPoint::default(),
-            script_sig: Script::new(),
+            script_sig: ScriptBuf::new(),
             sequence: Sequence::MAX,
             witness: Witness::default(),
         }
@@ -466,13 +466,13 @@ pub struct TxOut {
     /// The value of the output, in satoshis.
     pub value: u64,
     /// The script which must be satisfied for the output to be spent.
-    pub script_pubkey: Script
+    pub script_pubkey: ScriptBuf
 }
 
 // This is used as a "null txout" in consensus signing code.
 impl Default for TxOut {
     fn default() -> TxOut {
-        TxOut { value: 0xffffffffffffffff, script_pubkey: Script::new() }
+        TxOut { value: 0xffffffffffffffff, script_pubkey: ScriptBuf::new() }
     }
 }
 
@@ -505,7 +505,7 @@ impl<E> EncodeSigningDataResult<E> {
     /// # use bitcoin_hashes::{Hash, hex::FromHex};
     /// # let mut writer = Sighash::engine();
     /// # let input_index = 0;
-    /// # let script_pubkey = bitcoin::Script::new();
+    /// # let script_pubkey = bitcoin::ScriptBuf::new();
     /// # let sighash_u32 = 0u32;
     /// # const SOME_TX: &'static str = "0100000001a15d57094aa7a21a28cb20b59aab8fc7d1149a3bdbcddba9c622e4f5f6a99ece010000006c493046022100f93bb0e7d8db7bd46e40132d1f8242026e045f03a0efe71bbb8e3f475e970d790221009337cd7f1f929f00cc6ff01f03729b069a7c21b59b1736ddfee5db5946c5da8c0121033b9b137ee87d5a812d6f506efdd37f0affa7ffc310711c06c7f3e097c9447c52ffffffff0100e1f505000000001976a9140389035a9225b3839e2bbf32d826a1e222031fd888ac00000000";
     /// # let raw_tx = Vec::from_hex(SOME_TX).unwrap();
@@ -622,7 +622,7 @@ impl Transaction {
         let cloned_tx = Transaction {
             version: self.version,
             lock_time: self.lock_time,
-            input: self.input.iter().map(|txin| TxIn { script_sig: Script::new(), witness: Witness::default(), .. *txin }).collect(),
+            input: self.input.iter().map(|txin| TxIn { script_sig: ScriptBuf::new(), witness: Witness::default(), .. *txin }).collect(),
             output: self.output.clone(),
         };
         cloned_tx.txid().into()
@@ -1073,7 +1073,7 @@ mod tests {
     use core::str::FromStr;
 
     use crate::blockdata::constants::WITNESS_SCALE_FACTOR;
-    use crate::blockdata::script::Script;
+    use crate::blockdata::script::ScriptBuf;
     use crate::blockdata::locktime::absolute;
     use crate::consensus::encode::serialize;
     use crate::consensus::encode::deserialize;
@@ -1139,7 +1139,7 @@ mod tests {
     fn test_txin_default() {
         let txin = TxIn::default();
         assert_eq!(txin.previous_output, OutPoint::default());
-        assert_eq!(txin.script_sig, Script::new());
+        assert_eq!(txin.script_sig, ScriptBuf::new());
         assert_eq!(txin.sequence, Sequence::from_consensus(0xFFFFFFFF));
         assert_eq!(txin.previous_output, OutPoint::default());
         assert_eq!(txin.witness.len(), 0);
@@ -1288,10 +1288,10 @@ mod tests {
         let old_ntxid = tx.ntxid();
         assert_eq!(format!("{:x}", old_ntxid), "c3573dbea28ce24425c59a189391937e00d255150fa973d59d61caf3a06b601d");
         // changing sigs does not affect it
-        tx.input[0].script_sig = Script::new();
+        tx.input[0].script_sig = ScriptBuf::new();
         assert_eq!(old_ntxid, tx.ntxid());
         // changing pks does
-        tx.output[0].script_pubkey = Script::new();
+        tx.output[0].script_pubkey = ScriptBuf::new();
         assert!(old_ntxid != tx.ntxid());
     }
 
diff --git a/bitcoin/src/internal_macros.rs b/bitcoin/src/internal_macros.rs
index 0d8f4828..1ad769f4 100644
--- a/bitcoin/src/internal_macros.rs
+++ b/bitcoin/src/internal_macros.rs
@@ -88,7 +88,7 @@ mod test_macros {
     pub(crate) use hex_into;
 
     // Script is commonly used in places where inference may fail
-    macro_rules! hex_script (($hex:expr) => ($crate::internal_macros::hex_into!($crate::Script, $hex)));
+    macro_rules! hex_script (($hex:expr) => ($crate::internal_macros::hex_into!($crate::ScriptBuf, $hex)));
     pub(crate) use hex_script;
 
     // For types that can't use TestFromHex due to coherence rules or reversed hex
diff --git a/bitcoin/src/lib.rs b/bitcoin/src/lib.rs
index e781e3d8..063831da 100644
--- a/bitcoin/src/lib.rs
+++ b/bitcoin/src/lib.rs
@@ -59,7 +59,6 @@ compile_error!(
 #[cfg(bench)]
 extern crate test;
 
-#[cfg(feature = "no-std")]
 #[macro_use]
 extern crate alloc;
 
@@ -128,7 +127,7 @@ pub use crate::address::{Address, AddressType};
 pub use crate::amount::{Amount, Denomination, SignedAmount};
 pub use crate::blockdata::block::{self, Block};
 pub use crate::blockdata::locktime::{self, absolute, relative};
-pub use crate::blockdata::script::{self, Script};
+pub use crate::blockdata::script::{self, Script, ScriptBuf};
 pub use crate::blockdata::transaction::{self, OutPoint, Sequence, Transaction, TxIn, TxOut};
 pub use crate::blockdata::witness::{self, Witness};
 pub use crate::blockdata::{constants, opcodes};
diff --git a/bitcoin/src/network/message.rs b/bitcoin/src/network/message.rs
index 22479796..1f533fa6 100644
--- a/bitcoin/src/network/message.rs
+++ b/bitcoin/src/network/message.rs
@@ -516,7 +516,7 @@ mod test {
     use super::{CommandString, NetworkMessage, RawNetworkMessage, *};
     use crate::bip152::BlockTransactionsRequest;
     use crate::blockdata::block::{self, Block};
-    use crate::blockdata::script::Script;
+    use crate::blockdata::script::ScriptBuf;
     use crate::blockdata::transaction::Transaction;
     use crate::consensus::encode::{deserialize, deserialize_partial, serialize};
     use crate::hashes::hex::FromHex;
@@ -540,7 +540,7 @@ mod test {
         let tx: Transaction = deserialize(&Vec::from_hex("0100000001a15d57094aa7a21a28cb20b59aab8fc7d1149a3bdbcddba9c622e4f5f6a99ece010000006c493046022100f93bb0e7d8db7bd46e40132d1f8242026e045f03a0efe71bbb8e3f475e970d790221009337cd7f1f929f00cc6ff01f03729b069a7c21b59b1736ddfee5db5946c5da8c0121033b9b137ee87d5a812d6f506efdd37f0affa7ffc310711c06c7f3e097c9447c52ffffffff0100e1f505000000001976a9140389035a9225b3839e2bbf32d826a1e222031fd888ac00000000").unwrap()).unwrap();
         let block: Block = deserialize(&include_bytes!("../../tests/data/testnet_block_000000000000045e0b1660b6445b5e5c5ab63c9a4f956be7e1e69be04fa4497b.raw")[..]).unwrap();
         let header: block::Header = deserialize(&Vec::from_hex("010000004ddccd549d28f385ab457e98d1b11ce80bfea2c5ab93015ade4973e400000000bf4473e53794beae34e64fccc471dace6ae544180816f89591894e0f417a914cd74d6e49ffff001d323b3a7b").unwrap()).unwrap();
-        let script: Script = deserialize(
+        let script: ScriptBuf = deserialize(
             &Vec::from_hex("1976a91431a420903c05a0a7de2de40c9f02ebedbacdc17288ac").unwrap(),
         )
         .unwrap();
diff --git a/bitcoin/src/psbt/map/input.rs b/bitcoin/src/psbt/map/input.rs
index 6e7dbb0f..b2cc5e23 100644
--- a/bitcoin/src/psbt/map/input.rs
+++ b/bitcoin/src/psbt/map/input.rs
@@ -9,7 +9,7 @@ use core::convert::TryFrom;
 
 use secp256k1::XOnlyPublicKey;
 
-use crate::blockdata::script::Script;
+use crate::blockdata::script::ScriptBuf;
 use crate::blockdata::witness::Witness;
 use crate::blockdata::transaction::{Transaction, TxOut};
 use crate::consensus::encode;
@@ -85,16 +85,16 @@ pub struct Input {
     /// must use the sighash type.
     pub sighash_type: Option<PsbtSighashType>,
     /// The redeem script for this input.
-    pub redeem_script: Option<Script>,
+    pub redeem_script: Option<ScriptBuf>,
     /// The witness script for this input.
-    pub witness_script: Option<Script>,
+    pub witness_script: Option<ScriptBuf>,
     /// A map from public keys needed to sign this input to their corresponding
     /// master key fingerprints and derivation paths.
     #[cfg_attr(feature = "serde", serde(with = "crate::serde_utils::btreemap_as_seq"))]
     pub bip32_derivation: BTreeMap<secp256k1::PublicKey, KeySource>,
     /// The finalized, fully-constructed scriptSig with signatures and any other
     /// scripts necessary for this input to pass validation.
-    pub final_script_sig: Option<Script>,
+    pub final_script_sig: Option<ScriptBuf>,
     /// The finalized, fully-constructed scriptWitness with signatures and any
     /// other scripts necessary for this input to pass validation.
     pub final_script_witness: Option<Witness>,
@@ -118,7 +118,7 @@ pub struct Input {
     pub tap_script_sigs: BTreeMap<(XOnlyPublicKey, TapLeafHash), schnorr::Signature>,
     /// Map of Control blocks to Script version pair.
     #[cfg_attr(feature = "serde", serde(with = "crate::serde_utils::btreemap_as_seq"))]
-    pub tap_scripts: BTreeMap<ControlBlock, (Script, LeafVersion)>,
+    pub tap_scripts: BTreeMap<ControlBlock, (ScriptBuf, LeafVersion)>,
     /// Map of tap root x only keys to origin info and leaf hashes contained in it.
     #[cfg_attr(feature = "serde", serde(with = "crate::serde_utils::btreemap_as_seq"))]
     pub tap_key_origins: BTreeMap<XOnlyPublicKey, (Vec<TapLeafHash>, KeySource)>,
@@ -277,12 +277,12 @@ impl Input {
             }
             PSBT_IN_REDEEM_SCRIPT => {
                 impl_psbt_insert_pair! {
-                    self.redeem_script <= <raw_key: _>|<raw_value: Script>
+                    self.redeem_script <= <raw_key: _>|<raw_value: ScriptBuf>
                 }
             }
             PSBT_IN_WITNESS_SCRIPT => {
                 impl_psbt_insert_pair! {
-                    self.witness_script <= <raw_key: _>|<raw_value: Script>
+                    self.witness_script <= <raw_key: _>|<raw_value: ScriptBuf>
                 }
             }
             PSBT_IN_BIP32_DERIVATION => {
@@ -292,7 +292,7 @@ impl Input {
             }
             PSBT_IN_FINAL_SCRIPTSIG => {
                 impl_psbt_insert_pair! {
-                    self.final_script_sig <= <raw_key: _>|<raw_value: Script>
+                    self.final_script_sig <= <raw_key: _>|<raw_value: ScriptBuf>
                 }
             }
             PSBT_IN_FINAL_SCRIPTWITNESS => {
@@ -324,7 +324,7 @@ impl Input {
             }
             PSBT_IN_TAP_LEAF_SCRIPT => {
                 impl_psbt_insert_pair! {
-                    self.tap_scripts <= <raw_key: ControlBlock>|< raw_value: (Script, LeafVersion)>
+                    self.tap_scripts <= <raw_key: ControlBlock>|< raw_value: (ScriptBuf, LeafVersion)>
                 }
             }
             PSBT_IN_TAP_BIP32_DERIVATION => {
diff --git a/bitcoin/src/psbt/map/output.rs b/bitcoin/src/psbt/map/output.rs
index 7f5557d1..b321fbfd 100644
--- a/bitcoin/src/psbt/map/output.rs
+++ b/bitcoin/src/psbt/map/output.rs
@@ -6,7 +6,7 @@ use core::convert::TryFrom;
 
 use crate::io;
 
-use crate::blockdata::script::Script;
+use crate::blockdata::script::ScriptBuf;
 use crate::consensus::encode;
 use secp256k1::XOnlyPublicKey;
 use crate::bip32::KeySource;
@@ -17,9 +17,9 @@ use crate::psbt::Error;
 
 use crate::taproot::{ScriptLeaf, TapLeafHash, NodeInfo, TaprootBuilder};
 
-/// Type: Redeem Script PSBT_OUT_REDEEM_SCRIPT = 0x00
+/// Type: Redeem ScriptBuf PSBT_OUT_REDEEM_SCRIPT = 0x00
 const PSBT_OUT_REDEEM_SCRIPT: u8 = 0x00;
-/// Type: Witness Script PSBT_OUT_WITNESS_SCRIPT = 0x01
+/// Type: Witness ScriptBuf PSBT_OUT_WITNESS_SCRIPT = 0x01
 const PSBT_OUT_WITNESS_SCRIPT: u8 = 0x01;
 /// Type: BIP 32 Derivation Path PSBT_OUT_BIP32_DERIVATION = 0x02
 const PSBT_OUT_BIP32_DERIVATION: u8 = 0x02;
@@ -39,9 +39,9 @@ const PSBT_OUT_PROPRIETARY: u8 = 0xFC;
 #[cfg_attr(feature = "serde", serde(crate = "actual_serde"))]
 pub struct Output {
     /// The redeem script for this output.
-    pub redeem_script: Option<Script>,
+    pub redeem_script: Option<ScriptBuf>,
     /// The witness script for this output.
-    pub witness_script: Option<Script>,
+    pub witness_script: Option<ScriptBuf>,
     /// A map from public keys needed to spend this output to their
     /// corresponding master key fingerprints and derivation paths.
     #[cfg_attr(feature = "serde", serde(with = "crate::serde_utils::btreemap_as_seq"))]
@@ -216,12 +216,12 @@ impl Output {
         match raw_key.type_value {
             PSBT_OUT_REDEEM_SCRIPT => {
                 impl_psbt_insert_pair! {
-                    self.redeem_script <= <raw_key: _>|<raw_value: Script>
+                    self.redeem_script <= <raw_key: _>|<raw_value: ScriptBuf>
                 }
             }
             PSBT_OUT_WITNESS_SCRIPT => {
                 impl_psbt_insert_pair! {
-                    self.witness_script <= <raw_key: _>|<raw_value: Script>
+                    self.witness_script <= <raw_key: _>|<raw_value: ScriptBuf>
                 }
             }
             PSBT_OUT_BIP32_DERIVATION => {
diff --git a/bitcoin/src/psbt/mod.rs b/bitcoin/src/psbt/mod.rs
index 58ae9bd8..f1d18f73 100644
--- a/bitcoin/src/psbt/mod.rs
+++ b/bitcoin/src/psbt/mod.rs
@@ -19,7 +19,7 @@ use bitcoin_internals::write_err;
 use crate::{prelude::*, Amount};
 use crate::io;
 
-use crate::blockdata::script::Script;
+use crate::blockdata::script::ScriptBuf;
 use crate::blockdata::transaction::{Transaction, TxOut};
 use crate::consensus::{encode, Encodable, Decodable};
 use crate::bip32::{self, ExtendedPrivKey, ExtendedPubKey, KeySource};
@@ -136,7 +136,7 @@ impl PartiallySignedTransaction {
         let mut tx: Transaction = self.unsigned_tx;
 
         for (vin, psbtin) in tx.input.iter_mut().zip(self.inputs.into_iter()) {
-            vin.script_sig = psbtin.final_script_sig.unwrap_or_else(Script::new);
+            vin.script_sig = psbtin.final_script_sig.unwrap_or_default();
             vin.witness = psbtin.final_script_witness.unwrap_or_default();
         }
 
@@ -339,11 +339,11 @@ impl PartiallySignedTransaction {
                 cache.legacy_signature_hash(input_index, script_code, hash_ty.to_u32())?
             },
             Wpkh => {
-                let script_code = Script::p2wpkh_script_code(spk).ok_or(SignError::NotWpkh)?;
+                let script_code = ScriptBuf::p2wpkh_script_code(spk).ok_or(SignError::NotWpkh)?;
                 cache.segwit_signature_hash(input_index, &script_code, utxo.value, hash_ty)?
             }
             ShWpkh => {
-                let script_code = Script::p2wpkh_script_code(input.redeem_script.as_ref().expect("checked above"))
+                let script_code = ScriptBuf::p2wpkh_script_code(input.redeem_script.as_ref().expect("checked above"))
                     .ok_or(SignError::NotWpkh)?;
                 cache.segwit_signature_hash(input_index, &script_code, utxo.value, hash_ty)?
             },
@@ -890,7 +890,7 @@ mod tests {
     #[cfg(feature = "rand")]
     use secp256k1::{All, SecretKey};
 
-    use crate::blockdata::script::Script;
+    use crate::blockdata::script::ScriptBuf;
     use crate::blockdata::transaction::{Transaction, TxIn, TxOut, OutPoint, Sequence};
     use crate::network::constants::Network::Bitcoin;
     use crate::consensus::encode::{deserialize, serialize, serialize_hex};
@@ -985,7 +985,7 @@ mod tests {
                         ).unwrap(),
                         vout: 0,
                     },
-                    script_sig: Script::new(),
+                    script_sig: ScriptBuf::new(),
                     sequence: Sequence::ENABLE_LOCKTIME_NO_RBF,
                     witness: Witness::default(),
                 }],
@@ -1096,7 +1096,7 @@ mod tests {
             },
             unsigned_tx: {
                 let mut unsigned = tx.clone();
-                unsigned.input[0].script_sig = Script::new();
+                unsigned.input[0].script_sig = ScriptBuf::new();
                 unsigned.input[0].witness = Witness::default();
                 unsigned
             },
@@ -1145,7 +1145,7 @@ mod tests {
         use crate::hashes::hex::FromHex;
         use crate::hash_types::Txid;
 
-        use crate::blockdata::script::Script;
+        use crate::blockdata::script::ScriptBuf;
         use crate::blockdata::transaction::{Transaction, TxIn, TxOut, OutPoint, Sequence};
         use crate::consensus::encode::serialize_hex;
         use crate::blockdata::locktime::absolute;
@@ -1245,7 +1245,7 @@ mod tests {
                             ).unwrap(),
                             vout: 0,
                         },
-                        script_sig: Script::new(),
+                        script_sig: ScriptBuf::new(),
                         sequence: Sequence::ENABLE_LOCKTIME_NO_RBF,
                         witness: Witness::default(),
                     }],
@@ -1557,7 +1557,7 @@ mod tests {
                         ).unwrap(),
                         vout: 0,
                     },
-                    script_sig: Script::new(),
+                    script_sig: ScriptBuf::new(),
                     sequence: Sequence::ENABLE_LOCKTIME_NO_RBF,
                     witness: Witness::default(),
                 }],
@@ -1834,7 +1834,7 @@ mod tests {
         // First input we can spend. See comment above on key_map for why we use defaults here.
         let txout_wpkh = TxOut{
             value: 10,
-            script_pubkey: Script::new_v0_p2wpkh(&WPubkeyHash::hash(&pk.to_bytes())),
+            script_pubkey: ScriptBuf::new_v0_p2wpkh(&WPubkeyHash::hash(&pk.to_bytes())),
         };
         psbt.inputs[0].witness_utxo = Some(txout_wpkh);
 
@@ -1845,7 +1845,7 @@ mod tests {
         // Second input is unspendable by us e.g., from another wallet that supports future upgrades.
         let txout_unknown_future = TxOut{
             value: 10,
-            script_pubkey: Script::new_witness_program(crate::address::WitnessVersion::V4, &[0xaa; 34]),
+            script_pubkey: ScriptBuf::new_witness_program(crate::address::WitnessVersion::V4, &[0xaa; 34]),
         };
         psbt.inputs[1].witness_utxo = Some(txout_unknown_future);
 
diff --git a/bitcoin/src/psbt/serialize.rs b/bitcoin/src/psbt/serialize.rs
index 46923f15..0fd909a7 100644
--- a/bitcoin/src/psbt/serialize.rs
+++ b/bitcoin/src/psbt/serialize.rs
@@ -10,7 +10,7 @@ use crate::prelude::*;
 
 use crate::io;
 
-use crate::blockdata::script::Script;
+use crate::blockdata::script::ScriptBuf;
 use crate::blockdata::witness::Witness;
 use crate::blockdata::transaction::{Transaction, TxOut};
 use crate::consensus::encode::{self, serialize, Decodable, Encodable, deserialize_partial};
@@ -51,13 +51,13 @@ impl_psbt_hash_de_serialize!(sha256d::Hash);
 // taproot
 impl_psbt_de_serialize!(Vec<TapLeafHash>);
 
-impl Serialize for Script {
+impl Serialize for ScriptBuf {
     fn serialize(&self) -> Vec<u8> {
         self.to_bytes()
     }
 }
 
-impl Deserialize for Script {
+impl Deserialize for ScriptBuf {
     fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
         Ok(Self::from(bytes.to_vec()))
     }
@@ -262,8 +262,8 @@ impl Deserialize for ControlBlock {
     }
 }
 
-// Versioned Script
-impl Serialize for (Script, LeafVersion) {
+// Versioned ScriptBuf
+impl Serialize for (ScriptBuf, LeafVersion) {
     fn serialize(&self) -> Vec<u8> {
         let mut buf = Vec::with_capacity(self.0.len() + 1);
         buf.extend(self.0.as_bytes());
@@ -272,13 +272,13 @@ impl Serialize for (Script, LeafVersion) {
     }
 }
 
-impl Deserialize for (Script, LeafVersion) {
+impl Deserialize for (ScriptBuf, LeafVersion) {
     fn deserialize(bytes: &[u8]) -> Result<Self, encode::Error> {
         if bytes.is_empty() {
             return Err(io::Error::from(io::ErrorKind::UnexpectedEof).into())
         }
         // The last byte is LeafVersion.
-        let script = Script::deserialize(&bytes[..bytes.len() - 1])?;
+        let script = ScriptBuf::deserialize(&bytes[..bytes.len() - 1])?;
         let leaf_ver = LeafVersion::from_consensus(bytes[bytes.len() - 1])
             .map_err(|_| encode::Error::ParseFailed("invalid leaf version"))?;
         Ok((script, leaf_ver))
@@ -332,7 +332,7 @@ impl Deserialize for TapTree {
         let mut bytes_iter = bytes.iter();
         while let Some(depth) = bytes_iter.next() {
             let version = bytes_iter.next().ok_or(encode::Error::ParseFailed("Invalid Taproot Builder"))?;
-            let (script, consumed) = deserialize_partial::<Script>(bytes_iter.as_slice())?;
+            let (script, consumed) = deserialize_partial::<ScriptBuf>(bytes_iter.as_slice())?;
             if consumed > 0 {
                 bytes_iter.nth(consumed - 1);
             }
@@ -369,7 +369,7 @@ mod tests {
         let mut val = opcode;
         let mut builder = TaprootBuilder::new();
         for depth in depth_map {
-            let script = Script::from_hex(&format!("{:02x}", val)).unwrap();
+            let script = ScriptBuf::from_hex(&format!("{:02x}", val)).unwrap();
             builder = builder.add_leaf(*depth, script).unwrap();
             let (new_val, _) = val.overflowing_add(1);
             val = new_val;
@@ -380,7 +380,7 @@ mod tests {
     #[test]
     fn taptree_hidden() {
         let mut builder = compose_taproot_builder(0x51, &[2, 2, 2]);
-        builder = builder.add_leaf_with_ver(3, Script::from_hex("b9").unwrap(), LeafVersion::from_consensus(0xC2).unwrap()).unwrap();
+        builder = builder.add_leaf_with_ver(3, ScriptBuf::from_hex("b9").unwrap(), LeafVersion::from_consensus(0xC2).unwrap()).unwrap();
         builder = builder.add_hidden_node(3, sha256::Hash::all_zeros()).unwrap();
         assert!(TapTree::try_from(builder).is_err());
     }
@@ -388,7 +388,7 @@ mod tests {
     #[test]
     fn taptree_roundtrip() {
         let mut builder = compose_taproot_builder(0x51, &[2, 2, 2, 3]);
-        builder = builder.add_leaf_with_ver(3, Script::from_hex("b9").unwrap(), LeafVersion::from_consensus(0xC2).unwrap()).unwrap();
+        builder = builder.add_leaf_with_ver(3, ScriptBuf::from_hex("b9").unwrap(), LeafVersion::from_consensus(0xC2).unwrap()).unwrap();
         let tree = TapTree::try_from(builder).unwrap();
         let tree_prime = TapTree::deserialize(&tree.serialize()).unwrap();
         assert_eq!(tree, tree_prime);
diff --git a/bitcoin/src/sighash.rs b/bitcoin/src/sighash.rs
index ff2b6e5c..623318f7 100644
--- a/bitcoin/src/sighash.rs
+++ b/bitcoin/src/sighash.rs
@@ -12,6 +12,7 @@ use core::borrow::Borrow;
 use core::ops::{Deref, DerefMut};
 use core::{fmt, str};
 
+use crate::{io, Script, ScriptBuf, Transaction, TxIn, TxOut, Sequence, Sighash};
 use crate::blockdata::transaction::EncodeSigningDataResult;
 use crate::blockdata::witness::Witness;
 use crate::consensus::{encode, Encodable};
@@ -19,7 +20,6 @@ use crate::error::impl_std_error;
 use crate::hashes::{sha256, sha256d, Hash};
 use crate::prelude::*;
 use crate::taproot::{LeafVersion, TapLeafHash, TapSighashHash, TAPROOT_ANNEX_PREFIX};
-use crate::{io, Script, Sequence, Sighash, Transaction, TxIn, TxOut};
 
 /// Used for signature hash for invalid use of SIGHASH_SINGLE.
 #[rustfmt::skip]
@@ -824,7 +824,7 @@ impl<R: Deref<Target = Transaction>> SighashCache<R> {
             if anyone_can_pay {
                 tx.input = vec![TxIn {
                     previous_output: self_.input[input_index].previous_output,
-                    script_sig: script_pubkey.clone(),
+                    script_sig: script_pubkey.to_owned(),
                     sequence: self_.input[input_index].sequence,
                     witness: Witness::default(),
                 }];
@@ -834,9 +834,9 @@ impl<R: Deref<Target = Transaction>> SighashCache<R> {
                     tx.input.push(TxIn {
                         previous_output: input.previous_output,
                         script_sig: if n == input_index {
-                            script_pubkey.clone()
+                            script_pubkey.to_owned()
                         } else {
-                            Script::new()
+                            ScriptBuf::new()
                         },
                         sequence: if n != input_index
                             && (sighash == EcdsaSighashType::Single
@@ -1006,8 +1006,8 @@ impl<R: DerefMut<Target = Transaction>> SighashCache<R> {
     ///
     /// let mut sig_hasher = SighashCache::new(&mut tx_to_sign);
     /// for inp in 0..input_count {
-    ///     let prevout_script = Script::new();
-    ///     let _sighash = sig_hasher.segwit_signature_hash(inp, &prevout_script, 42, EcdsaSighashType::All);
+    ///     let prevout_script = Script::empty();
+    ///     let _sighash = sig_hasher.segwit_signature_hash(inp, prevout_script, 42, EcdsaSighashType::All);
     ///     // ... sign the sighash
     ///     sig_hasher.witness_mut(inp).unwrap().push(&Vec::new());
     /// }
@@ -1079,7 +1079,7 @@ mod tests {
             input: vec![TxIn::default(), TxIn::default()],
             output: vec![TxOut::default()],
         };
-        let script = Script::new();
+        let script = ScriptBuf::new();
         let cache = SighashCache::new(&tx);
 
         let got = cache.legacy_signature_hash(1, &script, SIGHASH_SINGLE).expect("sighash");
@@ -1103,7 +1103,7 @@ mod tests {
             expected_result: &str,
         ) {
             let tx: Transaction = deserialize(&Vec::from_hex(tx).unwrap()[..]).unwrap();
-            let script = Script::from(Vec::from_hex(script).unwrap());
+            let script = ScriptBuf::from(Vec::from_hex(script).unwrap());
             let mut raw_expected = Vec::from_hex(expected_result).unwrap();
             raw_expected.reverse();
             let want = Sighash::from_slice(&raw_expected[..]).unwrap();
@@ -1309,7 +1309,7 @@ mod tests {
             })
         );
         assert_eq!(
-            c.legacy_signature_hash(10, &Script::default(), 0u32),
+            c.legacy_signature_hash(10, Script::empty(), 0u32),
             Err(Error::IndexOutOfInputsBounds {
                 index: 10,
                 inputs_size: 1
@@ -1350,7 +1350,7 @@ mod tests {
 
         let leaf_hash = match (script_hex, script_leaf_hash) {
             (Some(script_hex), _) => {
-                let script_inner = Script::from_hex(script_hex).unwrap();
+                let script_inner = ScriptBuf::from_hex(script_hex).unwrap();
                 Some(ScriptPath::with_defaults(&script_inner).leaf_hash())
             }
             (_, Some(script_leaf_hash)) => Some(TapLeafHash::from_hex(script_leaf_hash).unwrap()),
@@ -1404,7 +1404,7 @@ mod tests {
         #[serde(crate = "actual_serde")]
         struct UtxoSpent {
             #[serde(rename = "scriptPubKey")]
-            script_pubkey: Script,
+            script_pubkey: ScriptBuf,
             #[serde(rename = "amountSats")]
             value: u64,
         }
@@ -1605,7 +1605,7 @@ mod tests {
         }
     }
 
-    fn p2pkh_hex(pk: &str) -> Script {
+    fn p2pkh_hex(pk: &str) -> ScriptBuf {
         let pk: PublicKey = PublicKey::from_str(pk).unwrap();
         Address::p2pkh(&pk, Network::Bitcoin).script_pubkey()
     }
diff --git a/bitcoin/src/taproot.rs b/bitcoin/src/taproot.rs
index 50a569c2..02ef8efe 100644
--- a/bitcoin/src/taproot.rs
+++ b/bitcoin/src/taproot.rs
@@ -16,7 +16,7 @@ use crate::consensus::Encodable;
 use crate::crypto::schnorr::{TapTweak, TweakedPublicKey, UntweakedPublicKey, XOnlyPublicKey};
 use crate::hashes::{sha256, sha256t_hash_newtype, Hash, HashEngine};
 use crate::prelude::*;
-use crate::{io, Script};
+use crate::{io, Script, ScriptBuf};
 
 /// The SHA-256 midstate value for the TapLeaf hash.
 const MIDSTATE_TAPLEAF: [u8; 32] = [
@@ -149,7 +149,7 @@ pub const TAPROOT_CONTROL_MAX_SIZE: usize =
     TAPROOT_CONTROL_BASE_SIZE + TAPROOT_CONTROL_NODE_SIZE * TAPROOT_CONTROL_MAX_NODE_COUNT;
 
 // type alias for versioned tap script corresponding merkle proof
-type ScriptMerkleProofMap = BTreeMap<(Script, LeafVersion), BTreeSet<TaprootMerkleBranch>>;
+type ScriptMerkleProofMap = BTreeMap<(ScriptBuf, LeafVersion), BTreeSet<TaprootMerkleBranch>>;
 
 /// Represents taproot spending information.
 ///
@@ -200,7 +200,7 @@ impl TaprootSpendInfo {
         script_weights: I,
     ) -> Result<Self, TaprootBuilderError>
     where
-        I: IntoIterator<Item = (u32, Script)>,
+        I: IntoIterator<Item = (u32, ScriptBuf)>,
         C: secp256k1::Verification,
     {
         let builder = TaprootBuilder::with_huffman_tree(script_weights)?;
@@ -286,13 +286,13 @@ impl TaprootSpendInfo {
     ///
     /// - If there are multiple control blocks possible, returns the shortest one.
     /// - If the script is not contained in the [`TaprootSpendInfo`], returns `None`.
-    pub fn control_block(&self, script_ver: &(Script, LeafVersion)) -> Option<ControlBlock> {
+    pub fn control_block(&self, script_ver: &(ScriptBuf, LeafVersion)) -> Option<ControlBlock> {
         let merkle_branch_set = self.script_map.get(script_ver)?;
         // Choose the smallest one amongst the multiple script maps
         let smallest = merkle_branch_set
             .iter()
             .min_by(|x, y| x.0.len().cmp(&y.0.len()))
-            .expect("Invariant: Script map key must contain non-empty set value");
+            .expect("Invariant: ScriptBuf map key must contain non-empty set value");
         Some(ControlBlock {
             internal_key: self.internal_key,
             output_key_parity: self.output_key_parity,
@@ -364,7 +364,7 @@ impl TaprootBuilder {
     /// The weights represent the probability of each branch being taken. If probabilities/weights
     /// for each condition are known, constructing the tree as a Huffman Tree is the optimal way to
     /// minimize average case satisfaction cost. This function takes as input an iterator of
-    /// `tuple(u32, &Script)` where `u32` represents the satisfaction weights of the branch. For
+    /// `tuple(u32, ScriptBuf)` where `u32` represents the satisfaction weights of the branch. For
     /// example, [(3, S1), (2, S2), (5, S3)] would construct a [`TapTree`] that has optimal
     /// satisfaction weight when probability for S1 is 30%, S2 is 20% and S3 is 50%.
     ///
@@ -381,7 +381,7 @@ impl TaprootBuilder {
     /// [`TapTree`]: crate::psbt::TapTree
     pub fn with_huffman_tree<I>(script_weights: I) -> Result<Self, TaprootBuilderError>
     where
-        I: IntoIterator<Item = (u32, Script)>,
+        I: IntoIterator<Item = (u32, ScriptBuf)>,
     {
         let mut node_weights = BinaryHeap::<(Reverse<u32>, NodeInfo)>::new();
         for (p, leaf) in script_weights {
@@ -414,7 +414,7 @@ impl TaprootBuilder {
     pub fn add_leaf_with_ver(
         self,
         depth: u8,
-        script: Script,
+        script: ScriptBuf,
         ver: LeafVersion,
     ) -> Result<Self, TaprootBuilderError> {
         let leaf = NodeInfo::new_leaf_with_ver(script, ver);
@@ -425,7 +425,7 @@ impl TaprootBuilder {
     /// leaves are not provided in DFS walk order. The depth of the root node is 0.
     ///
     /// See [`TaprootBuilder::add_leaf_with_ver`] for adding a leaf with specific version.
-    pub fn add_leaf(self, depth: u8, script: Script) -> Result<Self, TaprootBuilderError> {
+    pub fn add_leaf(self, depth: u8, script: ScriptBuf) -> Result<Self, TaprootBuilderError> {
         self.add_leaf_with_ver(depth, script, LeafVersion::TapScript)
     }
 
@@ -547,8 +547,8 @@ impl NodeInfo {
         Self { hash, leaves: vec![], has_hidden_nodes: true }
     }
 
-    /// Creates a new leaf [`NodeInfo`] with given [`Script`] and [`LeafVersion`].
-    pub fn new_leaf_with_ver(script: Script, ver: LeafVersion) -> Self {
+    /// Creates a new leaf [`NodeInfo`] with given [`ScriptBuf`] and [`LeafVersion`].
+    pub fn new_leaf_with_ver(script: ScriptBuf, ver: LeafVersion) -> Self {
         let leaf = ScriptLeaf::new(script, ver);
         Self {
             hash: sha256::Hash::from_inner(leaf.leaf_hash().into_inner()),
@@ -583,7 +583,7 @@ impl NodeInfo {
 #[cfg_attr(feature = "serde", serde(crate = "actual_serde"))]
 pub struct ScriptLeaf {
     /// The underlying script.
-    script: Script,
+    script: ScriptBuf,
     /// The leaf version.
     ver: LeafVersion,
     /// The merkle proof (hashing partners) to get this node.
@@ -592,7 +592,7 @@ pub struct ScriptLeaf {
 
 impl ScriptLeaf {
     /// Creates an new [`ScriptLeaf`] from `script` and `ver` and no merkle branch.
-    fn new(script: Script, ver: LeafVersion) -> Self {
+    fn new(script: ScriptBuf, ver: LeafVersion) -> Self {
         Self { script, ver, merkle_branch: TaprootMerkleBranch(vec![]) }
     }
 
@@ -1187,7 +1187,7 @@ mod test {
     ) {
         let out_pk = XOnlyPublicKey::from_str(&out_spk_hex[4..]).unwrap();
         let out_pk = TweakedPublicKey::dangerous_assume_tweaked(out_pk);
-        let script = Script::from_hex(script_hex).unwrap();
+        let script = ScriptBuf::from_hex(script_hex).unwrap();
         let control_block =
             ControlBlock::from_slice(&Vec::<u8>::from_hex(control_block_hex).unwrap()).unwrap();
         assert_eq!(control_block_hex, control_block.serialize().to_hex());
@@ -1255,11 +1255,11 @@ mod test {
         .unwrap();
 
         let script_weights = vec![
-            (10, Script::from_hex("51").unwrap()), // semantics of script don't matter for this test
-            (20, Script::from_hex("52").unwrap()),
-            (20, Script::from_hex("53").unwrap()),
-            (30, Script::from_hex("54").unwrap()),
-            (19, Script::from_hex("55").unwrap()),
+            (10, ScriptBuf::from_hex("51").unwrap()), // semantics of script don't matter for this test
+            (20, ScriptBuf::from_hex("52").unwrap()),
+            (20, ScriptBuf::from_hex("53").unwrap()),
+            (30, ScriptBuf::from_hex("54").unwrap()),
+            (19, ScriptBuf::from_hex("55").unwrap()),
         ];
         let tree_info =
             TaprootSpendInfo::with_huffman_tree(&secp, internal_key, script_weights.clone())
@@ -1280,7 +1280,7 @@ mod test {
                 *length,
                 tree_info
                     .script_map
-                    .get(&(Script::from_hex(script).unwrap(), LeafVersion::TapScript))
+                    .get(&(ScriptBuf::from_hex(script).unwrap(), LeafVersion::TapScript))
                     .expect("Present Key")
                     .iter()
                     .next()
@@ -1323,11 +1323,11 @@ mod test {
         //                                   /  \    /  \
         //                                  A    B  C  / \
         //                                            D   E
-        let a = Script::from_hex("51").unwrap();
-        let b = Script::from_hex("52").unwrap();
-        let c = Script::from_hex("53").unwrap();
-        let d = Script::from_hex("54").unwrap();
-        let e = Script::from_hex("55").unwrap();
+        let a = ScriptBuf::from_hex("51").unwrap();
+        let b = ScriptBuf::from_hex("52").unwrap();
+        let c = ScriptBuf::from_hex("53").unwrap();
+        let d = ScriptBuf::from_hex("54").unwrap();
+        let e = ScriptBuf::from_hex("55").unwrap();
         let builder = builder.add_leaf(2, a.clone()).unwrap();
         let builder = builder.add_leaf(2, b.clone()).unwrap();
         let builder = builder.add_leaf(2, c.clone()).unwrap();
@@ -1356,7 +1356,7 @@ mod test {
         fn process_script_trees(
             v: &serde_json::Value,
             mut builder: TaprootBuilder,
-            leaves: &mut Vec<(Script, LeafVersion)>,
+            leaves: &mut Vec<(ScriptBuf, LeafVersion)>,
             depth: u8,
         ) -> TaprootBuilder {
             if v.is_null() {
@@ -1366,7 +1366,7 @@ mod test {
                     builder = process_script_trees(leaf, builder, leaves, depth + 1);
                 }
             } else {
-                let script = Script::from_str(v["script"].as_str().unwrap()).unwrap();
+                let script = ScriptBuf::from_str(v["script"].as_str().unwrap()).unwrap();
                 let ver =
                     LeafVersion::from_consensus(v["leafVersion"].as_u64().unwrap() as u8).unwrap();
                 leaves.push((script.clone(), ver));
@@ -1418,7 +1418,7 @@ mod test {
             let expected_tweak =
                 TapTweakHash::from_str(arr["intermediary"]["tweak"].as_str().unwrap()).unwrap();
             let expected_spk =
-                Script::from_str(arr["expected"]["scriptPubKey"].as_str().unwrap()).unwrap();
+                ScriptBuf::from_str(arr["expected"]["scriptPubKey"].as_str().unwrap()).unwrap();
             let expected_addr =
                 Address::from_str(arr["expected"]["bip350Address"].as_str().unwrap()).unwrap();
 
diff --git a/bitcoin/tests/psbt.rs b/bitcoin/tests/psbt.rs
index 330efa65..d14bea47 100644
--- a/bitcoin/tests/psbt.rs
+++ b/bitcoin/tests/psbt.rs
@@ -12,7 +12,7 @@ use bitcoin::hashes::hex::FromHex;
 use bitcoin::psbt::{Psbt, PsbtSighashType};
 use bitcoin::secp256k1::{self, Secp256k1};
 use bitcoin::{
-    absolute, Amount, Denomination, Network, OutPoint, PrivateKey, PublicKey, Script, Sequence,
+    absolute, Amount, Denomination, Network, OutPoint, PrivateKey, PublicKey, ScriptBuf, Sequence,
     Transaction, TxIn, TxOut, Txid, Witness,
 };
 
@@ -20,7 +20,7 @@ const NETWORK: Network = Network::Testnet;
 
 macro_rules! hex_script {
     ($s:expr) => {
-        <Script as FromStr>::from_str($s).unwrap()
+        <ScriptBuf as FromStr>::from_str($s).unwrap()
     };
 }
 
@@ -169,7 +169,7 @@ fn create_transaction() -> Transaction {
                     txid: Txid::from_hex(input_0.txid).expect("failed to parse txid"),
                     vout: input_0.index,
                 },
-                script_sig: Script::new(),
+                script_sig: ScriptBuf::new(),
                 sequence: Sequence::MAX, // Disable nSequence.
                 witness: Witness::default(),
             },
@@ -178,7 +178,7 @@ fn create_transaction() -> Transaction {
                     txid: Txid::from_hex(input_1.txid).expect("failed to parse txid"),
                     vout: input_1.index,
                 },
-                script_sig: Script::new(),
+                script_sig: ScriptBuf::new(),
                 sequence: Sequence::MAX,
                 witness: Witness::default(),
             },
@@ -188,14 +188,14 @@ fn create_transaction() -> Transaction {
                 value: Amount::from_str_in(output_0.amount, Denomination::Bitcoin)
                     .expect("failed to parse amount")
                     .to_sat(),
-                script_pubkey: Script::from_str(output_0.script_pubkey)
+                script_pubkey: ScriptBuf::from_str(output_0.script_pubkey)
                     .expect("failed to parse script"),
             },
             TxOut {
                 value: Amount::from_str_in(output_1.amount, Denomination::Bitcoin)
                     .expect("failed to parse amount")
                     .to_sat(),
-                script_pubkey: Script::from_str(output_1.script_pubkey)
+                script_pubkey: ScriptBuf::from_str(output_1.script_pubkey)
                     .expect("failed to parse script"),
             },
         ],
diff --git a/bitcoin/tests/serde.rs b/bitcoin/tests/serde.rs
index d9ebd4c9..cb0ab6d5 100644
--- a/bitcoin/tests/serde.rs
+++ b/bitcoin/tests/serde.rs
@@ -15,7 +15,7 @@
 //
 //  use std::fs::File;
 //  use std::io::Write;
-//  let script = Script::from(vec![0u8, 1u8, 2u8]);
+//  let script = ScriptBuf::from(vec![0u8, 1u8, 2u8]);
 //  let got = serialize(&script).unwrap();
 //  let mut file = File::create("/tmp/script_bincode").unwrap();
 //  file.write_all(&got).unwrap();
@@ -38,7 +38,7 @@ use bitcoin::schnorr::{self, UntweakedPublicKey};
 use bitcoin::sighash::{EcdsaSighashType, SchnorrSighashType};
 use bitcoin::taproot::{ControlBlock, LeafVersion, TaprootBuilder, TaprootSpendInfo};
 use bitcoin::{
-    ecdsa, Address, Block, Network, OutPoint, PrivateKey, PublicKey, Script, Sequence, Target,
+    ecdsa, Address, Block, Network, OutPoint, PrivateKey, PublicKey, ScriptBuf, Sequence, Target,
     Transaction, TxIn, TxOut, Txid, Work,
 };
 use secp256k1::Secp256k1;
@@ -95,7 +95,7 @@ fn serde_regression_relative_lock_time_time() {
 
 #[test]
 fn serde_regression_script() {
-    let script = Script::from(vec![0u8, 1u8, 2u8]);
+    let script = ScriptBuf::from(vec![0u8, 1u8, 2u8]);
     let got = serialize(&script).unwrap();
     let want = include_bytes!("data/serde/script_bincode") as &[_];
     assert_eq!(got, want)
@@ -114,7 +114,7 @@ fn serde_regression_txin() {
 #[test]
 fn serde_regression_txout() {
     let txout =
-        TxOut { value: 0xDEADBEEFCAFEBABE, script_pubkey: Script::from(vec![0u8, 1u8, 2u8]) };
+        TxOut { value: 0xDEADBEEFCAFEBABE, script_pubkey: ScriptBuf::from(vec![0u8, 1u8, 2u8]) };
     let got = serialize(&txout).unwrap();
     let want = include_bytes!("data/serde/txout_bincode") as &[_];
     assert_eq!(got, want)
@@ -232,7 +232,7 @@ fn serde_regression_psbt() {
                 .unwrap(),
                 vout: 1,
             },
-            script_sig: Script::from_str("160014be18d152a9b012039daf3da7de4f53349eecb985").unwrap(),
+            script_sig: ScriptBuf::from_str("160014be18d152a9b012039daf3da7de4f53349eecb985").unwrap(),
             sequence: Sequence::from_consensus(4294967295),
             witness: Witness::from_slice(&[Vec::from_hex(
                 "03d2e15674941bad4a996372cb87e1856d3652606d98562fe39c5e9e7e413f2105",
@@ -241,7 +241,7 @@ fn serde_regression_psbt() {
         }],
         output: vec![TxOut {
             value: 190303501938,
-            script_pubkey: Script::from_str("a914339725ba21efd62ac753a9bcd067d6c7a6a39d0587")
+            script_pubkey: ScriptBuf::from_str("a914339725ba21efd62ac753a9bcd067d6c7a6a39d0587")
                 .unwrap(),
         }],
     };
@@ -275,7 +275,7 @@ fn serde_regression_psbt() {
         },
         unsigned_tx: {
             let mut unsigned = tx.clone();
-            unsigned.input[0].script_sig = Script::new();
+            unsigned.input[0].script_sig = ScriptBuf::new();
             unsigned.input[0].witness = Witness::default();
             unsigned
         },
@@ -286,7 +286,7 @@ fn serde_regression_psbt() {
             non_witness_utxo: Some(tx),
             witness_utxo: Some(TxOut {
                 value: 190303501938,
-                script_pubkey: Script::from_str("a914339725ba21efd62ac753a9bcd067d6c7a6a39d0587").unwrap(),
+                script_pubkey: ScriptBuf::from_str("a914339725ba21efd62ac753a9bcd067d6c7a6a39d0587").unwrap(),
             }),
             sighash_type: Some(PsbtSighashType::from(EcdsaSighashType::from_str("SIGHASH_SINGLE|SIGHASH_ANYONECANPAY").unwrap())),
             redeem_script: Some(vec![0x51].into()),
@@ -357,7 +357,7 @@ fn serde_regression_schnorr_sig() {
 #[test]
 fn serde_regression_taproot_builder() {
     let ver = LeafVersion::from_consensus(0).unwrap();
-    let script = Script::from(vec![0u8, 1u8, 2u8]);
+    let script = ScriptBuf::from(vec![0u8, 1u8, 2u8]);
     let builder = TaprootBuilder::new().add_leaf_with_ver(1, script, ver).unwrap();
 
     let got = serialize(&builder).unwrap();
@@ -374,11 +374,11 @@ fn serde_regression_taproot_spend_info() {
     .unwrap();
 
     let script_weights = vec![
-        (10, Script::from_hex("51").unwrap()), // semantics of script don't matter for this test
-        (20, Script::from_hex("52").unwrap()),
-        (20, Script::from_hex("53").unwrap()),
-        (30, Script::from_hex("54").unwrap()),
-        (19, Script::from_hex("55").unwrap()),
+        (10, ScriptBuf::from_hex("51").unwrap()), // semantics of script don't matter for this test
+        (20, ScriptBuf::from_hex("52").unwrap()),
+        (20, ScriptBuf::from_hex("53").unwrap()),
+        (30, ScriptBuf::from_hex("54").unwrap()),
+        (19, ScriptBuf::from_hex("55").unwrap()),
     ];
     let tree_info =
         TaprootSpendInfo::with_huffman_tree(&secp, internal_key, script_weights).unwrap();