A ScriptSig is the data field in a Bitcoin transaction input that contains the cryptographic proof required to satisfy the spending conditions—the ScriptPubKey—of a previous unspent transaction output (UTXO). It is often called the unlocking script because it 'unlocks' the funds by providing a valid digital signature and any other required data, such as a public key. This mechanism is the core of Bitcoin's programmable security model, where spending is governed by a script instead of a simple address check.
LABS
Glossary
ScriptSig (Unlocking Script)
A script provided in a transaction input that provides the data, such as a digital signature, to satisfy the spending conditions of the referenced UTXO's ScriptPubKey.
Chainscore © 2026
definition
BITCOIN SCRIPT
What is ScriptSig (Unlocking Script)?
The ScriptSig, or unlocking script, is a critical component of a Bitcoin transaction that provides the authorization to spend a previous transaction's output.
The structure and content of a ScriptSig are dictated by the type of ScriptPubKey it is attempting to unlock. For a standard Pay-to-Public-Key-Hash (P2PKH) output, the ScriptSig contains two pieces of data: a cryptographic signature created with the sender's private key and the full public key that corresponds to the hash in the locking script. The Bitcoin node validates the transaction by concatenating the ScriptSig and ScriptPubKey and executing the combined script. Only if the final result is TRUE are the funds considered legitimately spent.
With the introduction of Pay-to-Witness-Script-Hash (P2WSH) and other Segregated Witness upgrades, the traditional ScriptSig field was largely moved to a separate witness data structure to mitigate transaction malleability and enable scaling solutions. In a native SegWit transaction, the unlocking data is not part of the traditional ScriptSig field, which is often left empty. This evolution highlights how the conceptual role of the unlocking script remains constant, even as its implementation location within a transaction can change.
Understanding ScriptSig is fundamental for developers working with raw transactions or building smart contracts on Bitcoin's layer 1. It represents the user-provided half of Bitcoin's script-based authentication system. Common related concepts include ScriptPubKey (locking script), witness data, transaction input, and digital signature. The elegance of this paired-script system allows for complex spending conditions beyond simple signatures, forming the basis for multisig wallets and other advanced Bitcoin functionalities.
etymology
BITCOIN SCRIPT
Etymology and Origin
The term ScriptSig is a compound word from Bitcoin's scripting language, describing the component of a transaction that provides authorization to spend.
The term ScriptSig is a portmanteau of "Script" and "Signature," originating from the Bitcoin Core codebase. It refers to the unlocking script placed in a transaction input to satisfy the conditions set by a previous transaction's ScriptPubKey (locking script). This naming convention directly reflects its function: it is the script that contains the cryptographic signatures and any other data required to 'unlock' the funds. In the original Bitcoin whitepaper, Satoshi Nakamoto described this mechanism simply as a script that "provides a signature."
The concept evolved from the foundational idea of digital signatures and proof-of-ownership. In early Bitcoin documentation and code, the input script was often called scriptSig, establishing it as a core technical term. Its counterpart, the scriptPubKey, defines the spending conditions. Together, they form the basis of Bitcoin's smart contract system, albeit a simple, predicate-based one. This scripting system was inspired by earlier concepts of cryptographic proof and was designed to be intentionally limited (non-Turing complete) for security and predictability.
With the advent of Segregated Witness (SegWit), the structure was modified. The witness data, which primarily contains signatures, was moved out of the traditional scriptSig field and into a separate witness structure. However, the conceptual role of the unlocking script remains identical. In modern Bitcoin discourse, ScriptSig is often used interchangeably with "unlocking script," though technically it may refer specifically to the legacy field. Understanding its etymology clarifies the direct link between the code's variable names and the fundamental input-output model of Bitcoin transactions.
how-it-works
BITCOIN SCRIPT
How ScriptSig Works
A technical breakdown of the unlocking script that proves ownership and authorizes the spending of bitcoin.
A ScriptSig is the data field in a Bitcoin transaction input that provides the cryptographic proof required to unlock and spend the bitcoins held in a previous transaction's output. It is the 'unlocking script' that, when combined with the ScriptPubKey (the locking script) from the referenced output, must execute successfully for the transaction to be valid. In the original Pay-to-Public-Key-Hash (P2PKH) scheme, the ScriptSig typically contains two pieces of data: a digital signature (created with the sender's private key) and the full public key corresponding to the address that received the funds.
The validation process is performed by every node on the network. The node concatenates the provided ScriptSig with the ScriptPubKey from the spent output and executes the combined script. For a standard P2PKH script, this process involves the opcodes OP_DUP OP_HASH160 <PubKeyHash> OP_EQUALVERIFY OP_CHECKSIG. The ScriptSig's public key is hashed and checked against the hash in the ScriptPubKey; if they match, the signature is then verified against that public key. Only if the final result of the script is TRUE is the spending condition considered satisfied.
With the introduction of Segregated Witness (SegWit), the role of ScriptSig changed significantly. In Pay-to-Witness-Public-Key-Hash (P2WPKH) transactions, the signature data (the witness) is moved from the ScriptSig field into a separate witness field. The ScriptSig in a native SegWit input is typically empty or contains a minimal datum. This separation reduces transaction size for fee calculation, mitigates transaction malleability, and enables more complex scripting. The unlocking proof is still required, but its storage location and the validation process are optimized.
Understanding ScriptSig is fundamental to grasping Bitcoin's UTXO model and security. It embodies the 'proof-of-ownership' system without a central authority. While its visible prominence has diminished with SegWit, the logical function—providing a solution to a cryptographic puzzle—remains core to authorizing transfers. Developers interacting with Bitcoin's base layer, especially when constructing raw transactions or analyzing blockchain data, must comprehend how unlocking scripts interact with their corresponding locking conditions to create valid spends.
key-features
UNLOCKING SCRIPT
Key Features of ScriptSig
The ScriptSig is the data field in a Bitcoin transaction input that provides the authorization to spend the referenced UTXO. It contains the cryptographic signatures and any other data required to satisfy the conditions set by the previous output's ScriptPubKey.
01
Purpose & Function
The ScriptSig is the unlocking script that proves ownership and authorization to spend a UTXO. It is placed in a transaction input and its data is executed in conjunction with the referenced output's ScriptPubKey. The combined scripts must evaluate to TRUE for the transaction to be valid.
- Primary Role: Provide the digital signature(s) corresponding to the public key(s) in the ScriptPubKey.
- Validation: The Bitcoin node concatenates the ScriptSig and ScriptPubKey and executes the resulting script.
02
Typical P2PKH Structure
For the most common Pay-to-Public-Key-Hash (P2PKH) transaction, the ScriptSig contains two main components:
- Signature: A cryptographic ECDSA signature created by signing the transaction data with the sender's private key.
- Public Key: The full public key corresponding to the private key used to create the signature.
Example ScriptSig: <sig> <pubKey>
During validation, this script is combined with the P2PKH ScriptPubKey (OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG).
03
Witness Data Replacement (SegWit)
With the Segregated Witness (SegWit) upgrade, the signature data was moved out of the ScriptSig field for certain transaction types to improve scalability and fix transaction malleability.
- Witness Field: Signature data is stored in a separate witness structure, not in the ScriptSig.
- Legacy ScriptSig: For P2SH-P2WPKH inputs, the ScriptSig contains only a single push of the witness program (e.g.,
0 <20-byte-key-hash>). - Native SegWit (P2WPKH): The ScriptSig field is entirely empty; all signature data is in the witness.
04
ScriptSig in Multi-Signature & Complex Scripts
For more complex locking conditions, the ScriptSig must provide all data required to satisfy the ScriptPubKey.
- M-of-N Multi-Sig: The ScriptSig provides the required number of signatures and a dummy element (
OP_0) to push them onto the stack. Example:OP_0 <sig1> <sig2>. - P2SH (Pay-to-Script-Hash): The ScriptSig contains the redeem script that defines the spending conditions, plus all signatures/data needed to satisfy that redeem script.
- Custom Contracts: Can include data pushes, hash preimages, or other logic-specific elements.
05
Transaction Malleability & Security
The original design of ScriptSig introduced transaction malleability, a security and scalability issue.
- Problem: Since signatures are not part of the transaction's TXID hash, the ScriptSig could be modified (e.g., by adjusting signature encoding) without invalidating the signature, creating a new, valid transaction with a different ID.
- Exploit Risk: This could be used to disrupt unconfirmed transaction chains in protocols like the Lightning Network.
- Solution: Segregated Witness moved the signature (witness data) into a part of the transaction that is committed to the TXID, eliminating this form of malleability.
06
Size Limits & Transaction Fees
The data in the ScriptSig contributes directly to a transaction's size and, consequently, its mining fee.
- Legacy Impact: Large multi-signature ScriptSigs (with many signatures) or complex redeem scripts create larger, more expensive transactions.
- Virtual Size (vbytes): Post-SegWit, witness data (including signatures moved from ScriptSig) is counted as 1/4 of its actual size for fee calculation, incentivizing the use of SegWit outputs.
- Optimization: Using public key compression and SegWit address formats minimizes the data that must be provided in the unlocking script, reducing fees.
evolution
SCRIPTING FUNDAMENTALS
Evolution: SegWit and the Witness
This section explores the foundational unlocking mechanism in Bitcoin transactions and its critical evolution with the Segregated Witness (SegWit) upgrade.
A ScriptSig, or unlocking script, is the piece of data in a Bitcoin transaction input that provides the cryptographic proof of ownership required to spend an output. It contains the digital signatures and any other data needed to satisfy the conditions set by the previous output's ScriptPubKey (locking script). The validation process involves concatenating the ScriptSig and ScriptPubKey and executing the combined script; a transaction is only valid if the final result is TRUE. This mechanism is the core of Bitcoin's programmable security model, enabling pay-to-public-key-hash (P2PKH), multi-signature, and other complex spending conditions.
The original design had a significant flaw: the ScriptSig data was counted towards the block size limit and was included in the transaction ID (txid) calculation. This created the transaction malleability problem, where a third party could alter the ScriptSig's signature encoding without changing its validity, thereby generating a new, different txid for the same economic transaction. This malleability complicated the development of layer-2 protocols like the Lightning Network, which rely on unchangeable transaction identifiers. Furthermore, because signature data is bulky, it inefficiently consumed the limited block space, driving up fees for all transactions.
The Segregated Witness (SegWit) upgrade, activated in 2017, fundamentally restructured transaction data to solve these issues. It segregated the witness data—which includes the ScriptSig and its signatures—moving it outside the traditional transaction structure into a separate witness field. This change had two profound effects: first, it removed the witness data from the calculation of the txid, eliminating transaction malleability for SegWit outputs. Second, it introduced a new block weight metric where witness data is counted as 1 unit versus 4 units for core data, effectively increasing block capacity and reducing fees for SegWit transactions.
Post-SegWit, the role of the unlocking script is conceptually the same, but its implementation is split. The ScriptSig field in a SegWit input is often empty or contains a minimal redeem script. The actual signature data resides in the new witness field. For a native SegWit output (P2WPKH), the witness contains the signature and public key. For a wrapped SegWit output (P2SH-P2WPKH), it contains the signature, public key, and the witness script. This separation allows the network to verify signatures without making them part of the transaction's core data hash, enhancing scalability and security.
The transition to SegWit scripting underscores Bitcoin's capacity for incremental, backward-compatible evolution. While new wallets create bech32 addresses (starting with bc1q) for native SegWit, the system maintains full support for legacy ScriptSig-based transactions. This upgrade did not invalidate the original scripting opcodes but added new ones and repurposed others (like OP_CHECKSIG) to operate with witness data. The decoupling of proof from data is a foundational concept now extending to other blockchain innovations, proving that core protocol mechanics can be refined to meet new demands for efficiency and functionality.
BITCOIN SCRIPT COMPONENTS
ScriptSig vs. ScriptPubKey
A comparison of the two fundamental scripts that define a transaction's spending conditions.
| Feature | ScriptSig (Unlocking Script) | ScriptPubKey (Locking Script) |
|---|---|---|
Primary Role | Provides the authorization to spend an output | Defines the conditions required to spend an output |
Transaction Location | Part of a transaction input | Part of a transaction output |
Content | Contains digital signatures and any required data pushes | Contains the spending conditions (e.g., public key hash, multi-sig script) |
Execution Order | Executed second, after ScriptPubKey is pushed onto the stack | Executed first, pushed onto the stack before ScriptSig |
Validation Result | Must combine with ScriptPubKey to evaluate to true | Must be satisfied by the data in the ScriptSig |
SegWit (P2WPKH/P2WSH) Equivalent | Witness field | Witness program embedded in ScriptPubKey or native segwit output |
Presence in Coinbase Transaction | Contains arbitrary data (coinbase field) | Creates the first output of the block, paying the miner |
examples
UNLOCKING SCRIPTS
Common ScriptSig Examples
A ScriptSig is the unlocking script that provides the cryptographic proof required to spend an output. It is placed in the input of a transaction and must satisfy the conditions set by the previous output's ScriptPubKey. Below are the most prevalent unlocking script patterns.
01
Pay-to-Public-Key-Hash (P2PKH)
The most common unlocking script for legacy Bitcoin addresses. It provides a signature and a public key to prove ownership of the hash-locked funds.
- Structure:
<signature> <publicKey> - Process: The public key is hashed and compared to the hash in the locking script (ScriptPubKey). The signature is then validated against that public key.
- Example: This is the standard script for addresses starting with '1'.
02
Pay-to-Script-Hash (P2SH)
This ScriptSig provides the redeem script that matches the hash in the locking script, plus any signatures or data required by that redeem script.
- Structure:
[signatures...] <redeemScript> - Process: The redeem script is hashed to validate it matches the commitment. It is then executed with the provided signatures.
- Use Case: Enables complex multisig or custom conditions while the payer only needs to know a simple hash.
03
Multisignature (Multisig)
Unlocks an output requiring M-of-N signatures. The ScriptSig contains the required number of valid signatures.
- Structure:
OP_0 <sig1> <sig2> ...(TheOP_0is a placeholder due to a historical bug) - Standard Formats: Commonly used within P2SH (e.g., 2-of-3 multisig) or native SegWit (P2WSH).
- Security: Funds are controlled by multiple private keys, increasing security and enabling governance models.
04
Null Data (OP_RETURN)
A special case where the ScriptSig is often minimal or empty, as the output is provably unspendable. The primary purpose is data storage, not value transfer.
- Typical Input: Often a single signature from a standard P2PKH input funding the transaction.
- Key Point: The unlocking script for the input spending into an OP_RETURN is normal; the OP_RETURN output itself has no valid unlocking script.
05
Segregated Witness (SegWit)
With SegWit, the signature data (witness) is moved outside the traditional ScriptSig field into a separate witness field. The legacy ScriptSig field is often empty or contains a minimal push.
- P2WPKH: ScriptSig is empty. Signatures are in the witness.
- P2WSH: ScriptSig is empty. The redeem script and signatures are in the witness.
- Impact: This separation fixes transaction malleability and enables scaling solutions like the Lightning Network.
06
Timelock & Relative Timelock
These conditions require the ScriptSig to be presented only after a certain time. The unlocking script itself is standard, but its validity is gated by blockchain state.
- CheckLockTimeVerify (CLTV): The transaction is only valid if the specified absolute time/block has passed.
- CheckSequenceVerify (CSV): The transaction is only valid after a relative time delay from the confirmation of the parent output.
- Unlocking Script: Contains normal signatures, but the entire transaction is invalid until the timelock expires.
BITCOIN SCRIPT
Technical Deep Dive
ScriptSig is a fundamental component of Bitcoin's transaction model, providing the cryptographic proof required to spend an output. This section explores its mechanics, evolution, and role in the broader unlocking process.
A ScriptSig is the unlocking script in a Bitcoin transaction input that provides the data needed to satisfy the conditions set by the previous output's ScriptPubKey. It works by being combined with the referenced ScriptPubKey during transaction validation; the combined script is executed, and the spend is only authorized if the final result is TRUE (typically represented by a non-zero value on the stack).
Key Components:
- Digital Signatures: Proves ownership of the private key corresponding to the public key in the ScriptPubKey.
- Public Keys: The corresponding public key, required for signature verification.
- Other Data: For non-standard scripts, it may include additional data like solutions to cryptographic puzzles.
The validation process is deterministic: if the ScriptSig data correctly solves the "lock" created by the ScriptPubKey, the transaction is valid.
security-considerations
SCRIPT-SIG
Security Considerations
The ScriptSig is the part of a Bitcoin transaction that provides the cryptographic proof required to spend an output. Its security properties are foundational to the network's integrity.
01
Signature Malleability
A historical vulnerability where a transaction's txid could be altered without invalidating its signatures, allowing for network-level attacks. This was possible because the DER-encoded ECDSA signature format had multiple valid encodings for the same mathematical signature. The BIP 66 and Segregated Witness (SegWit) upgrades fundamentally fixed this by standardizing signature encoding and moving the ScriptSig data outside the transaction ID calculation.
02
Script Complexity & DoS Vectors
Overly complex or non-standard unlocking scripts can be a denial-of-service risk. Before Taproot, every node had to execute the ScriptSig and ScriptPubKey for validation. Malicious actors could create transactions with computationally expensive scripts (e.g., using many OP_CHECKSIG operations) to slow down node processing. Modern consensus rules limit script opcodes and execution steps to mitigate this.
03
SegWit: Moving Data Off-Chain
Segregated Witness (SegWit) was a major security and scalability upgrade that moved signature (witness) data, including the ScriptSig, to a separate part of the transaction. This solved transaction malleability, as the witness data is no longer part of the transaction hash. It also enabled second-layer solutions like the Lightning Network by ensuring a transaction's ID is immutable once broadcast.
04
Key & Signature Validation
The core security function of the ScriptSig is to prove ownership of the private key corresponding to the public key hash in the locking script. The node validates:
- The provided digital signature is valid for the transaction data.
- The signature corresponds to the public key provided in the ScriptSig.
- The hash of that public key matches the hash in the ScriptPubKey. Any failure results in the transaction being rejected.
05
Taproot & Schnorr Signatures
The Taproot (BIP 340-342) upgrade replaced ECDSA with Schnorr signatures, which are non-malleable by design and enable signature aggregation. In a Taproot spend, the "ScriptSig" is replaced by a witness containing a Schnorr signature and optional script path data. This improves privacy, efficiency, and eliminates entire classes of signature-related vulnerabilities present in the older ECDSA system.
06
Non-Standard Scripts & Node Policy
Nodes enforce a standardness policy (distinct from consensus rules) for ScriptSig. Scripts that are non-standard (e.g., containing disabled opcodes, excessive data pushes) will not be relayed by most nodes or mined, even if they are technically valid. This policy layer protects the network from spam and obscure script types that could have unforeseen security implications.
SCRIPT SIG
Common Misconceptions
Clarifying widespread misunderstandings about the ScriptSig, the unlocking script in Bitcoin's transaction model, to ensure developers and analysts have a precise technical understanding.
A ScriptSig is the unlocking script in a Bitcoin transaction input that provides the cryptographic proof required to spend an output. It works by being combined with the ScriptPubKey (the locking script) from the previous transaction output in a process called script execution. The combined scripts are run by the network's nodes; if the final result is TRUE (specifically, a non-zero value on the stack), the spending condition is satisfied and the input is valid. The ScriptSig typically contains a digital signature and a public key, but its exact content is dictated by the type of the ScriptPubKey it is trying to unlock, such as P2PKH or P2SH. It is a critical component of Bitcoin's UTXO-based security model, not a standalone authorization mechanism.
SCRIPTING
Frequently Asked Questions
A technical deep dive into the ScriptSig, the unlocking script in Bitcoin's transaction model that provides the authorization to spend an output.
A ScriptSig is the unlocking script in a Bitcoin transaction input that provides the cryptographic proof required to spend the bitcoins locked in a previous transaction output. It is the first half of Bitcoin's scripting system, where it is paired with the ScriptPubKey (the locking script) from the referenced output. When a transaction is validated, the ScriptSig and the ScriptPubKey are concatenated and executed. The transaction is only valid if the final result of this combined script execution is TRUE. For the common Pay-to-Public-Key-Hash (P2PKH) transaction, the ScriptSig contains a digital signature and the full public key.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall