Breaking It Down: An Introduction to Segregated Witness
The support for Segregated Witness, a block size and bitcoin network scaling mechanism proposed by Bitcoin Core developer Pieter Wuille at the Scaling Conference Hong Kong, has grown exponentially since its introduction on December 7, 2015. An increasing number of prominent bitcoin startups including CoinKite, Mycelium and BitGo have already announced their support for Segregated Witness and have established plans to adopt the mechanism into their platforms.
What is Segregated Witness?
The core concept of Segregated Witness it to split up transactions into various fragments which can be processed separately instead of handling transactions as a single chunk of data. By doing so, digital signatures recorded in transaction could be relocated in a separate Merkle Tree, outside of the transaction and the block, leaving room for more signatures and transaction data.
Let’s break that down…
As Gavin Andressen explains, the confusion of Segregated Witness primarily derives from its name. The name Segregated Witness describes the process of “segregating” or separating digital signatures, which are also known as “witnesses.” In simpler words, Segregated Witness means the separation of digital signatures from transactions.
I like segregated witness: https://t.co/tWWz1CKUhE (but it needs a better name)
— Gavin Andresen (@gavinandresen) December 9, 2015
Essentially, bitcoin transaction data, which signifies the settlement of a peer-to-peer payment on the Bitcoin network, makes up for a small component of the entire transaction record.
The general structure of a single Bitcoin transaction includes these three main fields: lock_time, list of outputs, and list of inputs. An input is a reference to an output from a previous transaction. The list of inputs in a transaction lists multiple inputs from its previous transactions and are added up to be used by the outputs of the new transaction.
The input also contains the first half of Bitcoin’s scripting system called scriptSig. Essentially, a script is a list of instructions recorded within each transaction which enables the next user on the network to gain access to the transaction. The other half of the network’s scripting system, called scriptPubKey, is located in the output of a transaction, which contains instructions for sending bitcoins.
When a transaction occurs, Bitcoin utilizes a Forth-like scripting system to verify that inputs are authorized to collect the values of referenced outputs. The scriptSig and scriptPubKey are evaluated to authorize the input. To avoid the theft of bitcoins, scriptPubKeys require the scriptSig to include one or more signatures to unlock bitcoin. Segregated Witness relocates the digital signatures out of transactions in a separate Merkle Tree that has the same structure as the transaction Merkle Tree.
The Merkle Tree is a tree constructed by hashing paired data until a single hash remains. In the Bitcoin network, all the leaves in the Merkle Tree are considered to be transactions from a single block. Thus, if the the Segregated Witness is fully implemented, Bitcoin authorizes the spending of previous outputs using the signatures from the signature tree, instead of the entire standard scriptSig field.
Since Segregated Witness relocates or removes a significant part of the transaction to a different storage or a Merkle Tree (outside of the transaction and the standard block), it allows each transaction to optimize the block size.
During his speech at Scaling Bitcoin Hong Kong, Pieter Wuille proposed a 75% discount on space taken up by signature data. If Wuille’s proposal is properly implemented, nearly four times as much signature data can be stored in each block.
The implementation of Segregated Witness also solves malleability issues with the Bitcoin network. Bitcoin transactions are identified by a 64-digit hexadecimal hash known as a transaction identifier (txid), which according to the Bitcoin Core team, is “based on both the coins being spent and on who will be able to spend the results of the transaction.”
Unfortunately, the way the txid is calculated allows anyone to make small modifications to the transaction that will not change its meaning, but will change the txid. This is called third-party malleability. BIP 62 (“dealing with malleability”) attempted to address these issues in a piecemeal manner, but was too complicated to implement as consensus checks and has been withdrawn.
In summation, with Segregated Witness, the Bitcoin network can benefit from the following:
- Increase in block size capacity without actually increasing the block size
- Elimination of transaction malleability
- Decline in the amount of data
- Further script updates
- Natural fraud-proof verification
- Bandwidth optimization for node synchronization
Regardless of the benefits of implementing Segregated Witness, Bitcoin experts including Gavin Andressen state that simply utilizing the mechanism to optimize block size is not sufficient. Since the Bitcoin Core team has announced its support for Adam Back’s BIP 248, some have suggested merging of BIP 248 and Segregated Witness.
Segregated witness is necessary but not sufficient. We must also raise the block size limit. Inaction is a radical re-shaping of bitcoin — AndreasMAntonopoulos (@aantonop) December 29, 2015
BIP 248, proposed by Adam Back of Blockstream, targets to increase the block size by 2, 4, then 8 megabytes in T + 6 months, 2 years and 4 years. By implementing both BIP 248 and Segregated Witness, the Bitcoin network could scale without forcing hard forks which may negatively affect the network and possibly break the protocol.
“Next, we plan on shifting gears to prepare for the hard fork that would put Adam Back’s 2–4–8 proposal into place alongside Segregated Witness, where the limits would be scaled to account for the optimizations made by Segregated Witness (the limits would be approximate limits that would continue to include signature data),” wrote Onename co-founder Ryan Shea, with the Bitcoin Core developers.
As the Core developers suggest, BIP 248 + Segregated Witness is a viable option as of now. However, with the emergence and growing popularity of Bitcoin Classic, it is still difficult to speculate on the decision of miners, especially the consensus of influential mining pools in China.