1

When preparing or verifying a signature, a transaction pre-image is created in memory. This pre-image exists purely for the purpose of creating a signature and is not published to the blockchain. At the end of this pre-image is a 4 bytes SIGHASH_TYPE.

When serializing the resulting transaction, the SIGHAH_TYPE is truncated to one byte and added at the end of each signature. The remaining 4 bytes are not put at the end of the final transaction (here's why, probably).

How does this work with SegWit? Is 1 byte appended to the signature in the the same way, but in the witness data rather than the legacy part of the transaction? It's not immediately obvious to me based on the examples in BIP143.

Sjors Provoost
  • 858
  • 6
  • 16

1 Answers1

4

Is 1 byte appended to the signature in the the same way, but in the witness data rather than the legacy part of the transaction?

Yes. The signature serialization (which includes the sighash type) remains exactly the same.

Look at the first example in BIP 143, the generated signature (before serialization) is 304402203609e17b84f6a7d30c80bfa610b5b4542f32a8a0d5447a12fb1366d7f01cc44a0220573a954c4518331561406f90300e8f3358f51928d43c212a8caed02de67eebee. When it is serialized, it becomes 47304402203609e17b84f6a7d30c80bfa610b5b4542f32a8a0d5447a12fb1366d7f01cc44a0220573a954c4518331561406f90300e8f3358f51928d43c212a8caed02de67eebee01. Notice how when serialized there is an additional byte appended to the signature; that is the sighash type.

Andrew Chow
  • 67,209
  • 5
  • 76
  • 149
  • Thanks, I see it now. I think the example would be more readable if the size, signature, sighash type and pubkey are put on seperate lines. – Sjors Provoost Nov 02 '17 at 05:02