10

I'd like to learn how segregated witness works, and I thought the raw transaction data would be a good place to start

If this is the structure of current transactions:

version | [inputcount] {[txid] [vin] [signature] [sequence]} | [outputcount] {value} {varint} {lockingscript} | [locktime]

What does a segregated witness transaction look like?

inersha
  • 2,928
  • 1
  • 17
  • 41

1 Answers1

12

From Bitcoin Core's primitive/transaction.h:

/**
 * Basic transaction serialization format:
 * - int32_t nVersion
 * - std::vector<CTxIn> vin
 * - std::vector<CTxOut> vout
 * - uint32_t nLockTime
 *
 * Extended transaction serialization format:
 * - int32_t nVersion
 * - unsigned char dummy = 0x00
 * - unsigned char flags (!= 0)
 * - std::vector<CTxIn> vin
 * - std::vector<CTxOut> vout
 * - if (flags & 1):
 *   - CTxWitness wit;
 * - uint32_t nLockTime
 */

In other words, before the txin count, there is a 0x00 0x01 sequence (which would otherwise be interpreted as a transaction with 0 inputs and 1 output, which cannot be valid), and before the locktime there is a witness record for each input (the txin count is not repeated, it's implicitly assumed to be equal to the txin count given before).

Jules Lamur
  • 137
  • 5
Pieter Wuille
  • 98,249
  • 9
  • 183
  • 287
  • Thank you, Pieter. Is there a specific version number that will be used to identify SegWit transactions? – inersha Oct 20 '16 at 18:22
  • No, that's not possible. The version number is part of the serialized data. If we used that to identify the type of serialization itself, a new node wouldn't understand transactions passed by old nodes (which would have the new version number, but the old serialization). – Pieter Wuille Oct 20 '16 at 18:24
  • @PieterWuille Is there any change to the BLOCK serialization? For example, are ALL tx witnesses appended to the end of an otherwise backwards-compatible block? Or do all the witnesses remain where they normally occur in each `tx`, but are stripped out before serializing for a non-SW node? Do the `dummy` and `flags` bytes need to be stripped out as well for non-SW nodes? – pinhead Mar 24 '17 at 18:44
  • 1
    A witness block is serialized as a normal block, but with witness serialization for the transactions. So the dummy and flags need to be stripped before relay to old nodes, indeed. – Pieter Wuille Mar 24 '17 at 19:01
  • @PieterWuille got it thanks. And the dummy byte - that makes SW transactions individually NOT backwards compatible? Are there any network-layer consequences of this? Will old nodes ban SW nodes or anything like that? – pinhead Mar 24 '17 at 22:10
  • 1
    The _serialization_ of SW transactions is not compatible. The transactions are. See http://bitcoin.stackexchange.com/questions/52152/how-is-segwit-a-soft-fork/52153#52153 – Pieter Wuille Mar 24 '17 at 22:15