P2WPKH (Pay to Witness Public Key Hash)
Last updated
Last updated
In 2015, Pieter Wuille introduced a new feature to bitcoin called Segregated Witness, also known by it's abbreviated name, Segwit. Basically, Segregated Witness moves the proof of ownership from the scriptSig part of the transaction to a new part called the witness of the input.
There are several reasons why it is beneficial to use this new scheme, a summary of which are presented below. For more details visit https://bitcoincore.org/en/2016/01/26/segwit-benefits/.
Third party Malleability Fix: Previously, a third party could change the transaction id of your transaction before it was confirmed. This can not occur under Segwit.
Linear sig hash scaling: Signing a transaction used to require hashing the whole transaction for every input. This was a potential DDoS vector attack for large transactions.
Signing of input values: The amount that is spent in an input is also signed, meaning that the signer can’t be tricked about the amount of fees that are actually being paid.
Capacity increase: It will now be possible to have more than 1MB of transactions in each block (which are created every 10 minutes on average). Segwit increases this capacity by a factor of about 2.1, based upon the average transaction profile from November 2016.
Fraud proof: Will be developed later, but Simple Payment Verification (SPV) wallets will be able to validate more consensus rules rather than just simply following the longest chain.
Before Sewgit the transaction signature was used in the calculation of the transaction id.
The signature contains the same information as a P2PKH spend, but is located in the witness instead of the scriptSig. The scriptPubKey
though, is modified from
To
For nodes which did not upgrade, this looks like two pushes on the stack. This means that any scriptSig
can spend them. So even without the signatures, old nodes will consider such transactions valid. New nodes interpret the first push as the witness version and the second push as the witness program.
New nodes will therefore also require the signature in order to verify the transaction.
In NBitcoin, spending a P2WPKH output is no different from spending a normal P2PKH.
To get the ScriptPubKey
from a public key simply use PubKey.WitHash
instead of PubKey.Hash
.
Which will output something like
Signing the spending of such coins will be explained later in the “Using the TransactionBuilder
" section, and does not differ in any way from the code used to sign a P2PKH output.
The witness
data is similar to the scriptSig
of P2PKH, and the scriptSig
data is empty:
Once again, the semantics of P2WPKH is the same as the semantics of P2PKH, except that the signature is not placed at the same location as before.