0

So I'm researching SegWit, and as far as I'm aware, it re-organizes the data structure of transactions so that the ECDSA signature is not included in the preimage of the Tx Hash.

I am also aware that it doesn't even store the ECDSA on the blockchain. But where is it even stored then and how do nodes check for the signature when validating transactions?

Additionally, why does SegWit incorporate new address formats? I can't seem to understand how this would relate to changing the Tx Structure by moving the EDCSA's somewhere else.

All answers appreciated.

bitcash complex
  • 51
  • 1

1 Answers1

1

Addresses are shorthand for output scripts, and instruct senders how to lock funds for the recipient. Since segwit outputs use different output scripts than non-segwit outputs, we need a different shorthand for them.

For segwit transactions, the signature data is part of the witness section of the transaction. The witness is part of the transaction and the whole transaction gets written to the blockchain. While the witness is not used to calculate the txid, it is part of the "witness txid" which is generated from the whole transaction. The latter is used to construct the witness commitment in the coinbase transaction which ensures that witnesses are immutable after a transaction is confirmed.

Murch
  • 75,206
  • 34
  • 186
  • 622
  • so addresses contain script conditions for an output? I thought that script conditions were always placed as a separate section of a transaction, and didn't have relation to the generation of an address.

    As for the storing of signatures under segwit, so basically the signature is still stored IN the transaction, but it isn't hashed as part of the TxID. Instead, theres a secondary ID called a "Witness TxID" which covers the whole Tx PLUS the signature included. (Meaning that witness ID is subject to malleability)

    But then how does SegWit optimize Tx weight? Doesnt the Tx size increase

     – bitcash complex Mar 20 '22 at 13:57
  • Also, I heard that the field in the transaction where the signature would have been is now left empty if a segwit tx (well- it leaves a fixed format called "segwit" in its place). So if its still part of the Tx, how are transactions any smaller – bitcash complex Mar 20 '22 at 14:04
  • Addresses don't exist at the protocol level, they don't appear in transactions. Addresses are chiefly a means for the receiver to communicate to the sender how they'd like to get paid. From there they also got used in wallets and explorers. -- Yes, the wtxid is malleable. That doesn't matter after confirmation, though. -- Check out these: https://bitcoin.stackexchange.com/a/60173/5406, https://bitcoin.stackexchange.com/a/108336/5406, – Murch Mar 20 '22 at 19:03
  • Segwit transactions have a longer bytelength but a lower weight, because the witness data only counts 1/4 towards the weight compared to non-witness data. See e.g. https://bitcoin.stackexchange.com/a/52203/5406, https://bitcoin.stackexchange.com/a/84006/5406 – Murch Mar 20 '22 at 19:05
  • I understand SegWit entirely now aside from one key factor; I still don't understand the purpose for having different addresses. – bitcash complex Mar 30 '22 at 16:09
  • The switch to a new output type allowed us to iterate on the address design. Bech32 addresses use only lowercase letters, significantly improving the user experience for humans trying to copy or dictate them, and they have improved error detection guarantees. – Murch Mar 30 '22 at 19:25