What is Segwit (Segregated Witness)?
By: Ofir Beigel | Last updated: 1/24/23
Segwit is an upgrade to the Bitcoin network introduced in August 2017. This post explains exactly what Segwit is, why it’s needed and how it can help in scaling Bitcoin to mass adoption.
Don’t Like to Read? Watch Our Video Guide Instead
What is Segwit Summary
Segwit is an upgrade to the Bitcoin protocol that separates the digital signature (also known as “the witness”) form the transaction. This creates a fix to several issues with the Bitcoin protocol and also allows for more transactions to fit within a 1mb block.
That’s Segwit in a nutshell. If you want a more detailed explanation keep on reading, here’s what I’ll cover:
- What is Segwit
- How Segwit Works
- Segwit vs. Legacy
- Best Segwit Wallets
- Frequently Asked Questions
1. What is Segwit?
Segwit, short for Segregated Witness, is an upgrade to the Bitcoin network that aims to solve several issues. It was first introduced by Developer Pieter Wiulle at the Scaling Bitcoin conference in December 2015.
Bitcoin’s Scalability Issue
Bitcoin transactions are written on an immutable ledger known as the Blockchain. It’s called “blockchain” because transactions are bundled together into blocks that are chained one to the other, in order to determine their order.
These blocks of transactions are limited in capacity up to 1mb. As a result, a Bitcoin block is able to accommodate around 2700 transactions on average.
This creates a problem when a lot of people are trying to send Bitcoins (like during price rallies), since a long queue is formed of transactions waiting to enter the blockchain.
While Visa routinely processes around 1,700 transactions per second, Bitcoin can process only about 5, making it unscalable for mass adoption. In order for Bitcoin to truly become usable on a worldwide scale, it needs to find a way to increase its transaction capacity.
Transaction Malleability Issue
Another issue Bitcoin has is transaction malleability.
Every Bitcoin transaction has 3 parts: who sent it (also known as input), who receives it (output), and a digital signature that verifies the sender is eligible to send the coins.
It turns out that Bitcoin’s code allows digital signatures to be altered when a transaction is still unconfirmed.
The signature alteration is done in a way that if you run a mathematical check on it, it is still valid by the network. However, when you run a hashing algorithm on it, it gives a different result.
Let me explain with an example:
For the sake of simplicity let’s say that the signature value was “3”, but instead of “3” I change it to “03” or “3+7-7”. Mathematically, it’s still the same value so it’s a valid signature, but if I hash these different versions I will get different results since hashing depends on how you write the value and not the value itself.
Since the hash is the transaction’s identifier in the blockchain, this means I can effectively change any transaction id to a different id and it will still be valid.
Creating a new transaction id for an existing transaction can be problematic for a number of reasons:
- If you want to build second layer solutions on top of the Bitcoin network, like the Lightning Network, you need to make sure no one can alter the first layer since it relays on it.
- Altering Tx ids can cause issues if you’re spending or accepting unconfirmed funds.
To simplify things, let’s use an example of how someone can exploit the transaction malleability issue:
Alice pays Bob in transaction X which is unconfirmed. Bob uses that unconfirmed payment to pay for a product online from Charlie (transaction Y). Charlie did not wait for any confirmation on transaction Y and sent Bob his product.
Bob maliciously malleates Alice’s payment through some technical tinkering and her transaction gets confirmed with a different txid.
Transaction Y is now invalid since it relies on the original txid of transaction X that no longer exists. Charlie has not been paid and has already delivered the goods.
While the two issues I’ve mentioned above are the most burning ones, Segwit addresses a variety of other technical issues that don’t always affect the end user directly.
Here’s a complete list of the issues Segwit solves:
- Linear scaling of sighash operations
- Signing of input values
- Increased security for multisig via pay-to-script-hash (P2SH)
- Reducing UTXO growth
- Script versioning
- Efficiency gains when not verifying signatures
- Block capacity/size increase
- Moving towards a single combined block limit
A complete explanation about all of these issues can be found here.
2. How Segwit Works
Segwit is a Block Size Increase
Segregated Witness is a proposed change to how blocks are structured. Non-segwit blocks, also known as legacy blocks, have total 1mb space for all of the block data (inputs, outputs, signatures, etc.).
Segwit blocks, on the other hand, are in fact larger blocks (up to 4mb) that consist of a base transaction block and an extended block. So contrary to popular opinion, Segwit, just like Bitcoin Cash, is indeed a block size increase.
Segwit blocks move the digital signature and other data (known as “the witness”) outside of the base transaction block. The witness data will still be transmitted, but it is placed inside the extended block.
The base transaction block includes the information about the sender and the receiver. The witness data is left blank and therefore doesn’t take up any space. This allows for more transactions to fit inside the 1mb block.
The extended block (the additional 3mb) includes all of the witness data that isn’t mandatory in the base transaction block.
The new block format Segwit introduces achieves two major goals:
- It moves the digital signature outside of the base transaction block. This way, if someone changes the signature on the transaction, it will not affect the transaction id. This in effect solves the transaction malleability issue.
- It shrinks down the base transaction data. Since the witness data takes up to 65% of the transaction size, moving it outside of the base transaction block allows more transactions to fit inside a 1mb block.
Segwit is a Soft Fork
If Segwit is, in fact, a block size increase, you may be wondering why not just increase the block size to 4mb?
The reason is that developers wanted to avoid creating a hard fork in the Bitcoin network. Bitcoin’s protocol specifically states that blocks can’t exceed 1mb block. So, developers had to find a solution that will be accepted by both legacy and Segwit blocks.
A solution of a 1mb block with an “extension” of another 3mb is something that is still acceptable under the existing protocol.
Legacy nodes receive only the 1mb base transaction block without the extended block. They still consider them valid. Segwit nodes receive both the base and extended block (up to 4mb in total) and can validate the transactions in full.
While in theory, Segwit transactions can create a block up to 4mb in size, in practice the average block size that includes Segwit transactions is around 2mb.
This backwards compatibility is also known as a soft fork. This approach is much less risky since it doesn’t require nodes to update their software to support Segwit. It means that even if it takes years for all of the nodes to upgrade, the network will still function.
Calculating Block Weight
While legacy blocks are measured in size, Segwit blocks are measured in weight. Block Weight is a new concept introduced in Segwit, and it’s calculated on a per-transaction basis.
Each transaction has a “weight” which is defined this way:
Base Tx size *3 + Full Tx size
Legacy transactions can’t strip away the witness data, so their weight will always be 4 times the tx size. For example, a legacy TX of 1000 bytes will have a weight of 1000*3 + 1000 = 4000.
Segwit transaction weights, on the other hand, are going to be less than 4 times the tx size. For example, a 1200 byte Segwit transaction comprised out of 400 bytes of witness data will have a weight of (1200-400)*3 + 1200 = 3600.
In short, the larger the witness data, the lighter the tx weight will be. This incentivizes miners to prefer lighter Segwit transactions over heavier ones since they can fit more of them inside a block.
3. Segwit vs. Legacy
Today, almost 70% of all Bitcoin transactions mined are Segwit transactions. When comparing legacy transactions to Segwit transactions you can see the following differences:
- The max block size of a legacy transaction is 1mb, whereas segwit transactions have up to a 4mb block size. Here’s an example for a Segwit block that is over 2mb.
- Legacy transactions are still prone to malleability attacks.
- Legacy transactions are larger in size and therefore require higher network fees to get confirmed faster.
- Segwit addresses start with a “3” while legacy addresses start with a “1”.
4. Best Segwit Wallets
Thanks to its advantages, more and more wallets support Segwit. Here are the top Segwit wallets around.
It’s important to note that if you have a legacy wallet and want to move to a Segwit wallet you will need to create a brand new Segwit wallet and move all of your funds to its address. There’s no way to just upgrade your existing wallet.
Ledger is a hardware wallet that allows you to sign transactions offline, therefore allowing greater security for your funds (since your private key has no access to the Internet). There are two main models – the Ledger Nano S and the Ledger Nano X.
Both models support both Segwit and legacy transactions. The Nano X is the newer model that supports a wider variety of coins and is also mobile compatible.
TREZOR is another popular hardware wallet. The two TREZOR models are the TREZOR One and TREZOR Model T. Both wallets support Segwit and legacy transactions.
The TREZOR Model T is the newer model, which also has a touchscreen.
Exodus is a free software wallet that is excellent for beginners due to its intuitive design. The wallet supports over 100 crypto assets and is available for desktop and mobile. Exodus supports both legacy and Segwit transactions. You can read my complete Exodus review here.
Electrum is an open source Bitcoin-only desktop wallet that supports both legacy and Segwit transactions.
The wallet is a bit hard to manage if you’re just starting out with cryptocurrencies but offers a wide variety of options for controlling fees, managing funds and signing transactions. You can read my complete Electrum review here.
Coinomi is a very popular multi-currency multi-platform wallet that supports over 1,170 crypto assets and is available for desktop and mobile. Coinomi supports both legacy and Segwit transactions.
If you’re looking for a mobile segwit wallet, this is probably the best choice overall. You can read my Coinomi review here.
5. Frequently Asked Questions
When was Segwit Activated?
Segwit was activated on August 23, 2017.
What is SegWit2x?
Segwit2x was a proposed compromise to the block size debate back in 2017. It suggested that Segwit will be activated as a first step, and after that, the block size will be increased to 2mb. This proposal was not accepted by the majority of the Bitcoin network.
Is Segwit backwards compatible?
Yes, Segwit is backwards compatible and works with legacy transactions that haven’t enabled Segwit.
What is the Lightning Network?
The Lightning Network is a second layer over the Bitcoin network that enables people to transfer Bitcoin between one another instantly and without any fees. You can learn all you need to know about the Lightning Network here.
Segwit is the first out of many upgrades that will gradually allow for Bitcoin to scale for mass adoption. It’s a fundamental change that will allow further developments down the road.
Segregating the digital signature, or the witness, from the transaction block, achieves several advantages such as a smaller transaction size, malleability fixes and more. As more and more wallets adopt Segwit, it will soon become the standard for any Bitcoin transaction.
What are your thoughts about Segwit? Let me know in the comments section below.
Is paper wallet compatible with segwit
The additional 3MB also allows one to attach contract specific data. A sales contract, a personal document, IP information, etc.
Get a better doo. The faux (fake) mohawk is kinda childish. And work out a little or tuck your shirt. Too pear shaped looking on the videos.
Like the information. Very professional. Thank You.
Thanks for this clear explanation. Even though it was helpful, there are two basic points I don’t understand.
1. How does SegWit speed up transaction time?
2. When, or how does counterparty ID validation occur, if witness data is housed in separate storage from transaction data?
Thanks in advance,
1. SegWit doesn’t directly speed up transaction time. Instead it allows more transactions to fit into each block, reducing the likelihood of there being more transactions than blockspace to accomodate them which can lead to slow transaction times for those who don’t pay a premium processing / mining fee. SegWit is like adding more lanes to a highway, not raising the speed limit. Under normal conditions travel won’t be any faster but by easing congestion, peak times won’t be as slow.
2. I’m not too sure what you mean by counterparty ID validation, as no such function exists within Bitcoin. Transactions are paid from one Bitcoin address to another, no ID is required and indeed addresses are generated by the wallet software without any user ID control at all.
Yes, Segwit won’t be able to withstand huge transaction volumes once the general public gets in on Bitcoin. However, it’s the basis for other developments that will allow this such as Lightning Network. So I’d say we’re on to a good start.
Thanks for the compliments I really appreciate it.
Thanks for fixing it, Ofir…