Segregated Witness: A Key Step Towards Bitcoin Scalability And Security Is Deep Cryptanalysis. How SegWit Implementation Affects Protection Against Transaction Data Forgery

One of the most pressing issues with the Bitcoin network is its limited scalability, which is the subject of active research and development. Among the proposed approaches to improving network throughput, the Lightning Network and Segregated Witness (SegWit) technologies stand out. However, the implementation of the Lightning Network is associated with a number of vulnerabilities that do not yet allow it to be fully implemented. Segregated Witness not only helps increase scalability, but also eliminates a number of critical issues, including the very vulnerability that hampered the development of payment channels and the Lightning Network. In this paper, we will consider the main advantages of SegWit and analyze in detail the mechanism of its operation.

The technical essence of Segregated Witness

Segregated Witness, or SegWit, is a Bitcoin protocol update implemented through a series of BIP protocols (BIP 141–145) that is primarily aimed at optimizing the structure of transactions. Its key idea is to separate signatures (the so-called scriptSig, witness, or unlocking script) from the main part of the transaction and put them in a separate structure. This approach allows for a smaller transaction size, increasing block capacity while eliminating the problem of transaction malleability, which is critical for the operation of second-layer protocols such as the Lightning Network.

Bitcoin’s Transaction Model and Changes with SegWit

To understand the significance of SegWit, it is important to remember that Bitcoin does not have a traditional banking-style balance system. Instead, an address’s balance is determined by a set of inputs, each of which points to previous outputs that can be spent. The scriptPubKey (locking script) field protects the outputs, allowing only their owner to spend the funds, and the scriptSig (unlocking script) confirms this right.

With the introduction of SegWit, not only the transaction structure changes, but also the way outputs are processed. Old nodes see SegWit outputs as accessible to “everyone” and may not check signatures, while new nodes and wallets check signatures placed in the external witness field. This architecture ensures backward compatibility and the possibility of a gradual transition.

Examples of the main types of transactions with SegWit

• Pay-to-Witness-Public-Key-Hash (P2WPKH)

Traditional locking script:

textOP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

In SegWit representation it is shortened to:

text0 <PubKeyHash>

Where the first number is the script version, and the second is the public key hash. For old clients, such an output looks like a free one, which eliminates erroneous spending, since it can only be spent if there is correct data in the witness field. Spending such an output is accompanied by an empty scriptSig and the transfer of signatures in the external witness field.

• Pay-to-Witness-Script-Hash (P2WSH)

Allows sending funds to a hash of an arbitrary script, such as a multi-signature wallet. In SegWit format, the locking script becomes:

text0 <SHA256(redeemScript)>

Further, similarly: redeem script and signatures are transferred to witness, which ensures space savings and simplification of checks.

• Nested SegWit inside P2SH

To ensure compatibility with wallets without SegWit support, a method is used to embed SegWit addresses inside traditional P2SH addresses. For example, the address is formed in such a way that it looks like a regular P2SH to the sender, and the recipient can spend the funds using a SegWit transaction, benefiting from reduced fees.

Key Benefits of Segregated Witness

• Eliminates transaction mutability : Previously, TXID was generated taking into account signatures that could be changed without violating validity, which led to a change in the transaction identifier and created conditions for attacks. SegWit separates signatures, freeing TXID from unstable data and increasing the reliability of the entire transaction chain.
• Increased throughput and reduced fees : The introduction of the concept of “weight” and “virtual size” allows witness data to be taken into account with a smaller coefficient, which ultimately allows for more compact packing of transactions and their placement in blocks. The result is the ability to increase the number of transactions per block and reduce fees.
• Optimization of signature validation algorithms : Segregated signatures allow to reduce verification complexity from quadratic to linear in the number of signatures, which has a positive effect on node performance.
• Support for new script versions : SegWit introduces a witness program versioning system, which allows for future upgrades without the need for hard forks.

Discussion and criticism

Despite significant improvements, SegWit has caused and continues to cause controversy within the community. The main issues are:

• Since SegWit is a soft fork, not all nodes and clients adopt it, which leads to the coexistence of two types of outputs, limiting the benefit of eliminating the mutability problem and optimizing verification.
• A reduction in the number of full nodes due to the complexity of processing witness data may negatively affect the security of the network.
• Trying to solve multiple problems with one update resulted in more complex code and an increased risk of bugs.
• Repealing SegWit is technically impossible without serious consequences for all transactions using the protocol.

Conclusion

Segregated Witness has been one of the most significant upgrades to Bitcoin since its inception, significantly improving the scalability and security of the network, and laying the foundation for the implementation of second-layer technologies, including the Lightning Network. While alternative solutions may exist, the current implementation of SegWit represents an important and effective step in the protocol’s evolution. The following discussion outlines the prospects for applying SegWit to new challenges and opportunities in cryptocurrency systems.

The basic principles of Segregated Witness (SegWit) are based on separating signature data (so-called “witnesses”) from the main part of the transaction into a separate structure. In the traditional Bitcoin model, a transaction contains both input and output data and signatures within the transaction inputs, which creates certain limitations on the block size and vulnerability to transaction mutability.

SegWit implements the following key mechanism:

• Moving signatures out of transactions: Instead of storing signatures inside transaction inputs, they are moved to a separate witness field, which is not included in the transaction identifier (txid) hash. This allows the transaction identifier to be fixed independently of the signatures, solving the problem of txid mutability – previously, signatures could be changed without violating the validity of the transaction, which led to a change in its identifier and created an attack surface (for example, denial-of-service) 1 3 .
• Introduction of a new identifier – wtxid: To account for signatures, a witness transaction id (wtxid) is introduced, which takes into account both transaction data and individual witness data, ensuring the completeness and correctness of transaction confirmation 1 5 .
• Reduced transaction size and increased throughput: Since witness data is separated and weighed at a reduced weight when calculating the block size (by a factor of 0.25), significantly more transactions of the same size can fit into a block, resulting in increased network throughput and lower fees 3 6 .
• Backward compatibility: SegWit is implemented as a soft fork, so upgraded nodes understand new transactions and process them correctly, while legacy nodes perceive the witness part as “empty” and continue working without failures. This ensures a smooth transition and minimizes the risks of network splits 2 4 5 .
• Witness Versioning: Each SegWit transaction contains a witness version that defines the logic of the state and conditions of spending. The current version is 0 (OP_0), but the protocol can be extended without hard forks 5 .

This separation achieves several important goals at once: increasing security by eliminating transaction ID mutability, improving network scalability without increasing the maximum block size, and creating the technical prerequisites for second-layer protocols such as the Lightning Network.

Briefly, the SegWit scheme can be described as follows:

1. A transaction is formed from the main data (inputs and outputs without signatures) and a separate witness part with signatures.
2. The transaction identifier (txid) is calculated without taking into account witness data.
3. SegWit-enabled nodes verify witness signatures to confirm validity.
4. Unsupported nodes see such a transaction with empty signatures, which ensures compatibility.

Thus, Segregated Witness redistributes transaction data and introduces a new format that promotes greater efficiency and security for the Bitcoin network 1 2 3 5 6 .

Segregated Witness (SegWit) addresses the problem of transaction mutability in the Bitcoin blockchain by separating digital signature data (witnesses) from the main part of the transaction. Previously, signatures were located inside the transaction inputs and could be changed by a third party without violating the validity of the transaction. Such changes did not affect the main fields, but changed the transaction hash – its unique identifier (TXID), creating the possibility of various attacks, such as denial-of-service 1 2 4 .

With the introduction of SegWit, signatures are moved to a separate witness field, which is not included in the TXID calculation. Thus, changing signatures does not affect the transaction identifier, eliminating its changeability. For full verification of the signature, a new wtxid identifier is used, which takes into account both the main part of the transaction and the witness data. If the transaction is transmitted without the witness part, TXID and WTXID match 4 .

This architectural separation allows for the creation of chains of unconfirmed transactions without the risk of changing their IDs, which is especially important for the implementation of second-layer protocols such as the Lightning Network. In addition, the separation of witness data reduces the overall “weight” of transactions, helps increase block throughput, and reduce fees 1 3 5 .

Thus, SegWit solves the problem of transaction mutability, increasing the security and resilience of the Bitcoin network, and also creating the preconditions for improved scalability.

How SegWit implementation affects protection against transaction data forgery

The introduction of Segregated Witness (SegWit) significantly strengthens Bitcoin’s security against transaction data tampering by fundamentally changing the structure of transactions. Key points of its impact on security include:

• Separation of signature from transaction data: SegWit separates digital signatures (witnesses) from the main part of the transaction into a separate witness field. This makes the original transaction identifier (TXID), which is calculated without taking signatures into account, independent of the signature data, eliminating the possibility of changing it without losing validity. This directly solves the problem of transaction malleability, where an attacker could change signatures and thereby replace the transaction ID, creating the threat of fraud and denial-of-service attacks 7 6 .
• Improved transaction integrity: Since signature data is separated and not included in the TXID calculation, no changes to the trusted parts of the signature can change the transaction hash. A new wtxid identifier has been introduced that also includes witness data for full verification. This ensures that a transaction is immutable once it is created and confirmed 7 .
• Increased block space without increasing its size: SegWit frees up up to 65% of the space within a block, allowing more transactions to be accommodated, including those with multiple signatures, which reduces network congestion and lowers fees. Less congestion in blocks reduces the risk of errors and manipulation 1 2 3 .
• Securing Smart Contracts and Multi-Signature Wallets: SegWit uses a stronger hash function (SHA-256) to secure multi-signature scenarios (P2WSH), increasing the security of complex contracts and reducing the risk of tampering 4 5 .
• Backward compatibility allows for gradual implementation of SegWit without forks, reducing the risk of network forking when upgrading the protocol 7 .

Ultimately, by architecturally separating transaction and signature data, SegWit increases the network’s resistance to transaction data tampering, improves user security, and provides the foundation for new technologies (such as the Lightning Network) that require immutability and reliability of confirmations.

Thus, SegWit is not only a scalable solution, but also an important defense mechanism against counterfeiting and attacks on the integrity of Bitcoin transactions 7 6 1 .

1. https://ibmm.ru/news/kriptoindustriya/taproot-reshenie-bitcoin-dlya-masshtabiruemosti-i-konfidentsial-nosti/
2. https://bits.media/segwit-almost-not-visible-why-is-the-technological-implementation-delayed/
3. https://www.binance.com/ru/square/post/43453
4. https://intuit.ru/?q=studies%2Fcourses%2F3520%2F762%2Flecture%2F32520
5. https://fastercapital.com/ru/content/%D0%A3%D0%BC%D0%BD%D1%8B%D0%B5-%D0%BA%D0%BE%D0%BD%D1%82%D1%80%D0%B0%D0%BA%D1%82%D1%8B—%D1%80%D0%B0%D0%B7%D0%B1%D0%BB%D0%BE%D0%BA%D0%B8%D1%80%D0%BE %D0%B2%D0%BA%D0%B0-%D0%BF%D0%BE%D1%82%D0%B5%D0%BD%D1%86%D0%B8%D0%B0%D0%BB%D0%B0-%D1%81%D0%BC %D0%B0%D1%80%D1%82—%D0%BA%D0%BE%D0%BD%D1%82%D1%80%D0%B0%D0%BA%D1%82%D0%B0-%D1%81-Segwit.html
6. https://m-credit.com.ua/chto-takoe-segwit-i-kak-on-rabotaet/
7. https://www.gate.com/ru/learn/articles/what-is-segwit/158
8. https://www.ledger.com/ru/academy/segwit-%D0%B8-native-segwit-bech32-%D0%BA%D0%B0%D0%BA%D0%B0%D1%8F-%D0%BC%D0%B5%D0%B6%D0%B4%D1%83-%D0%BD%D0%B8%D0%BC%D0%B8-%D1%80%D0%B0%D0%B7%D0%BD%D0%B8%D1%86%D0%B0
9. https://exbase.io/ru/wiki/obnovlenie-segvit
10. https://bits.media/bitcoin-core/

1. https://tokeninsight.com/ru/tokenwiki/all/what-is-segregated-witness-segwit
2. https://ru.wikipedia.org/wiki/Segregated_Witness
3. https://www.gate.com/ru/learn/articles/what-is-segwit/158
4. https://habr.com/ru/articles/349812/
5. https://www.morpher.com/ru/blog/segwit
6. https://www.gate.com/ru/learn/articles/a-beginners-guide-to-segregated-witness/1330
7. https://blog.mexc.com/ru/glossary/segwit-segregated-witness/
8. https://academy.binance.com/ru/articles/a-beginners-guide-to-segretated-witness-segwit
9. https://intuit.ru/studies/courses/3520/762/lecture/32520

1. https://habr.com/ru/articles/349812/
2. https://www.gate.com/ru/learn/articles/a-beginners-guide-to-segregated-witness/1330
3. https://ru.wikipedia.org/wiki/Segregated_Witness
4. https://academy.binance.com/ru/articles/a-beginners-guide-to-segretated-witness-segwit
5. https://habr.com/ru/companies/distributedlab/articles/418853/
6. https://bits.media/szhatie-blokcheyna-obzor-tekhnologii-segregated-witness/
7. https://forklog.com/cryptorium/chto-takoe-segregated-witness
8. https://exbase.io/ru/wiki/obnovlenie-segvit
9. http://bitcoinwiki.org/ru/wiki/segregated-witness
10. https://tokeninsight.com/ru/tokenwiki/all/what-is-segregated-witness-segwit

1. https://en.bitcoin.it/wiki/Segregated_Witness
2. https://www.coinbase.com/learn/crypto-glossary/what-is-segregated-witness-segwit
3. https://www.linkedin.com/pulse/risks-segregated-witness-bitcoin-problems-under-evidence-jimmy-nguyen
4. https://erepository.uonbi.ac.ke/bitstream/handle/11295/74669/Mwangi_Adoption%20of%20Bitcoin%20in%20Kenya,%20a%20case%20study%20of%20Bitpesa.pdf?sequence=4
5. https://learnmeabitcoin.com/technical/upgrades/segregated-witness/
6. https://www.kraken.com/learn/what-is-segregated-witness-segwit
7. https://support.cex.io/en/articles/4383534-segwit