What is the signature digest for Segwit outputs

0

(Assume there's no OP_CODESEPERATOR)


For standard P2PKH, the signature digest is generated this way:

NewTransaction

  1. settle the TxOuts well
  2. set all TxIn scripts to empty
  3. insert the Previous Locking Script into the TxIn you are signing
  4. append hash type code to the end of the transaction
  5. SHA256 twice this transaction
  6. Be a digest.

For standard P2SH, the signature digest is generated this way:

NewTransaction

  1. settle the TxOuts well
  2. set all TxIn scripts to empty
  3. insert the Previous Unlocking Script's Redeem Script into the TxIn you are signing
  4. append hash type code to the end of the transaction
  5. SHA256 twice this transaction
  6. Be a digest.

I learned those above from here. As for those above, I have written programs and successfully signed and submitted Bitcoin transactions to the blockchain.

But when it comes to Segwit, I don't know what the digest should be. For P2WPKH output, I tried to use the same method to get the digest as P2PKH, but it failed. Blockchain told me my signature was wrong.

gudako

Posted 2019-12-28T08:35:38.350

Reputation: 159

Answers

2

For signatures in P2WPKH and P2WSH spends, the sighash algorithm is described in BIP143.

It is very different from the one used in legacy spends.

Pieter Wuille

Posted 2019-12-28T08:35:38.350

Reputation: 64 874