Two questions about segwit implementation [combined summary]


Individual post summaries: Click here to read the original discussion on the bitcoin-dev mailing list

Published on: 2019-05-27T07:26:21+00:00

Summary:

Recently, Aymeric Vitte discovered that his implementation of segwit was incorrect due to a misinterpretation of the specifications. He mistakenly believed that scriptsig would be included in the witness data as it is, but he learned that op_pushdata is replaced by varlen. This realization led Vitte to question why OP_0 is represented as 00 in witness data instead of 0100 and whether this applies to other op_codes.The reason behind OP_0 being represented as 00 in witness data lies in the fact that op_pushdata allows for unsigned integers. The extra byte of 00 is used to specify that the value is zero. This clarification was provided in response to Vitte's question.Vitte also questioned the presence of a 00 length in segwit data for non-segwit inputs. It was explained that the witness data length is assumed to be the same as the inputs length. For non-segwit inputs, the 00 is needed to indicate that the witness data is empty. This information is necessary because validators have no way of knowing which inputs are segwit-enabled until they look up the UTXO set. Hence, there needs to be a way to inform the validator that the witness for a particular input is empty, and the 00 serves this purpose.The discussion on the Bitcoin development mailing list further delved into the topic of empty scriptPubKey or OP_1 being a use case. It was clarified that an empty scriptSig does not necessarily imply a segwit input. If the previous scriptPubKey is OP_1 and does not allow witness, it can still be spent with an empty scriptSig. Similarly, a scriptSig resembling a spend of P2SH-segwit also does not imply a segwit input. These points were raised and addressed by Johnson Lau in the discussion.One concern highlighted during the discussion was the lack of clear documentation on this topic. The participants noted the need for more comprehensive and precise specifications to avoid misunderstandings and incorrect implementations.The Bitcoin scriptSig, which populates the stack for opcodes to operate on, was also discussed. It was explained that witnesses are similar to the script stack and are passed in as the script stack. OP_0 pushes a zero length value onto the stack, while OP_1 pushes 0x01, serialized as 0101. The witness structure can be considered as vector, and its length must match the number of inputs.In summary, Aymeric Vitte discovered errors in his segwit implementation and raised questions about the representation of OP_0 in witness data and the presence of a 00 length in segwit data for non-segwit inputs. The discussion clarified that OP_0 is represented as 00 to indicate zero length and that the 00 length is necessary to inform validators that the witness for a specific input is empty. The conversation also addressed the use cases of empty scriptPubKey and OP_1. The need for clearer documentation on this topic was emphasized, and the functioning of Bitcoin scriptSig and witness structures was explained.

Updated on: 2023-08-02T00:55:23.516257+00:00