2

SegWit is meant to be backward-compatible. When a SigWit block is relayed to a non-SegWit node, the witness part is stripped. If this is the case, wouldn't it be invalid since the non-SegWit node sees no witness/signature in transaction input?

So output is changed to anyone-can-spend output? If so, what prevents it to be spent by anyone not the intended recipient?

Murch
  • 75,206
  • 34
  • 186
  • 622
sinoTrinity
  • 176
  • 6

2 Answers2

5

So output is changed to anyone-can-spend output? If so, what prevents it to be spent by anyone not the intended recipient?

No, it is not changed.

A SegWit output is anyone-can-spend from the view of old nodes. This means that to them, it can be legally spent without signature.

To new nodes, it has a different meaning, and requires a (valid) witness to be spent. Nodes that care about SegWit outputs enforce this rule, and will not accept a blockchain that spends without such a witness.

Pieter Wuille
  • 105,497
  • 9
  • 194
  • 308
  • If this is the case, wouldn't a transaction be regarded invalid since the non-SegWit node sees no witness/signature in transaction input to unlock the fund? – sinoTrinity May 13 '18 at 20:51
  • The definition of an anyone-can-spend output is that it does not require any signature or witness to spend. – Pieter Wuille May 13 '18 at 20:52
  • What happens to a transaction with only-someone-can-spend output, sent from a SegWit node to a non-SegWit node? – sinoTrinity May 13 '18 at 21:09
  • The non-SegWit node will interpret it as an anyone can spend, and accept it. – Pieter Wuille May 13 '18 at 21:10
  • To unlock scriptPubKey from UTXO output, the old non-SegWit node still needs scriptSig/witness in input, which is missing. So it will treat the transaction invalid, no? Is scriptPubKey removed from output, like witness from input? – sinoTrinity May 13 '18 at 21:45
  • No, re-read my answer: nothing is changed. The scriptPubKey for SegWit outputs can be spent using an empty scriptSig. However, for SegWit nodes it requires a valid witness to spend. Old nodes don't know or care about witnesses, and will accept with no signature at all (that's the definition of anyone-can-spend). – Pieter Wuille May 13 '18 at 22:22
  • Let us continue this discussion in chat. – sinoTrinity May 13 '18 at 22:26
  • 1
    I can't respond in chat right now, but your last message is spot on: SegWit outputs use a special lock script that can be spent without unlock script (to old nodes). – Pieter Wuille May 13 '18 at 22:38
1

If so, what prevents it to be spent by anyone not the intended recipient?

Most nodes (the ones who have updated) would reject this transaction. Every miner would reject this transaction out of fear that their block (and block reward) would be rejected.

You can fork off into a chain that spends those outputs though, if you wanted.

Paul
  • 301
  • 1
  • 6