Bitcoin Signature Hashes

In this article, we learn about Bitcoin signature hashes that add flexibility to Bitcoin by allowing users to specify data that is to be committed in a transaction.

Table of contents.

  1. Introduction.
  2. Signature Hash Types.
  3. Summary.
  4. References.

Introduction

Blockchain technologies are built upon cryptography such as elliptic curve algorithm and hashing algorithms used to ensure that transactions are immutable and secure. In the Bitcoin blockchain, the signing of transactions consists of two major phases. The first involves generating the massage which we shall sign with a private key. The second phase involves calculating the signature itself. Bitcoin transactions have various ways in which they can be signed, this allows participants to create complex transactions that can be used for more than the exchange of value between parties.

In this article at OpenGenus, we will go deeper into the types of signature hashes used in the Bitcoin blockchain. We will explain each and see how each is used in the Bitcoin blockchain.

Signature Hash Types.

Bitcoin allows users the flexibility to be able to commit specific data in a transaction, for example, committing all inputs and outputs, only inputs, all inputs, and a corresponding output, a single input and all outputs, a single input and no outputs, and finally a single input and a corresponding output.
In this section, we look at the different types of signature hashes in Bitcoin.

  1. SIGHASH_ALL (0x01)
    This is the default signature hash type used for all consumer wallets. It is used to sign all inputs and outputs. Any changes made to a transaction after the signing renders the transaction invalid.
    This signature is used to move amount X of BTC with a specific set of inputs and outputs, that is, we can only spend specific inputs to create specific outputs.
    bit24

  2. SIGHASH_NONE (0x02)
    This is used to sign all inputs but not outputs of a transaction, meaning we create a transaction without outputs. It means that we can be part of a transaction but have no control of its outcome, in other words, a miner can change the outputs to ones he/she controls.
    This type of signature hash is used in cases whereby multiple people are contributing specific inputs, in this case, a single participant is expected to secure all outputs from such a transaction and send the funds can be sent to a mutually agreed set of outputs.

bit26

  1. SIGHASH_SINGLE (0x03)
    This signs all inputs and a single corresponding output with the same index as the signature. That is, if the input is located at vin 0 then the corresponding output should be located at vout 0.
    This is used in cases where a user sends bitcoins as long as other involved parties also send funds too, that is, move X BTC to a specified output on the condition that other inputs generated by other parties also move their BTCs.

The discussed three are referred to as the base types, a fourth referred to as SIGHASH_ANYONECANPAY is used together with the base types to create three other types discussed below;

bit28

  1. SIGHASH_ALL | SIGHASH_ANYONECANPAY (0x81)
    It signs a single input and all outputs of a transaction. This allows a user to participate in a transaction as long as specified recipients receive the BTCs.
    A participant agrees to contribute to a transaction only if the recipients receive the amount. Here inputs can be arbitrary but outputs remain fixed.

bit25

  1. SIGHASH_NONE | SIGHASH_ANYONECANPAY (0x82)
    This is similar to SIGHASH_NONE except instead of signing all inputs, it signs only a single output, the one it is in.
    This is commonly used as proof of burn, it allows a user to spend coins without control unlike SIGHASH_NONE for which in order to spend the bitcoins other inputs from different sources are needed. In this case, by using this signature type, a participant commits to spending X amount of bitcoins without control.
    bit27

  2. SIGHASH_SINGLE | SIGHASH_ANYONECANPAY (0x82)
    This is similar to SIGHASH_SINGLE except that it can only be used to sign input that has it and the corresponding output.
    Consider the following example;
    Party A has $1000, he/she signs an input that allows the movement of the $1000 and a corresponding output to a wallet address with 1 BTC owned by A. If party B want to buy the $1000 in exchange for BTC, he/she adds an input greater than 1 BTC, an output that claims the $1000 and change outputs if a change will be later needed.
    bit30

These signature hash flags can be found here in the bitcoin source code.

Note:
In 2012 a bug in the implementation of SIGHASH_SINGLE was raised here. It meant that if the input vin exceeded the number of outputs, a valid signature that is not tied to any inputs is produced. This signature can not only be used to spend the inputs signed by also any past or future outputs to the wallet address. This was fixed here, now all future or past transactions in such cases are invalidated.

Summary

Bitcoin transactions are signed by a sender as a commitment to specific data. Simply a signature commits all inputs, output, and other transaction fields. Bitcoin allows users the flexibility to be able to commit specific data in a transaction, for example, committing all inputs and outputs, only inputs, all inputs, and corresponding output, a single input and all outputs, a single input and no outputs, and finally a single input and a corresponding output.

All digital signatures in Bitcoin have a signature hash flag SIGHASH.

References

pull request
Signature hash types