SegWit

Segregated Witness, or SegWit, is the name used for an implemented soft fork change in the transaction format of the cryptocurrency Bitcoin which has also been implemented on currencies such as Groestlcoin, Litecoin, DigiByte and Vertcoin.

The formal title "Segregated Witness (Consensus layer)" has Bitcoin Improvement Proposals number BIP141.^[1] It is intended to solve a blockchain size limitation problem that reduces Bitcoin transaction speed. It does this by splitting the transaction into two segments, removing the unlocking signature ("witness" data) from the original portion and appending it as a separate structure at the end.^[2] The original section would continue to hold the sender and receiver data, and the new "witness" structure would contain scripts and signatures. The original data segment would be counted normally, but the "witness" segment would, in effect, be counted as a quarter of its real size.

Bitcoin is a cryptocurrency, a form of money using cryptography to keep transactions secure.^[3] Each record of a unit of Bitcoins is called a "block", and all blocks are tied together sequentially by using a cryptographic hash on the previous block and storing in the next. This forms a chain of blocks, or a blockchain.^[4]

Each block of bitcoins contains information about who sends and receives a given unit of bitcoin (a transaction), as well as the signature that approves each transaction. Originally, there was no limit to the size of these blocks. But this meant that malicious people could make up fake "block" data that was very long as a form of Denial of Service (DoS) attack. Their fake blocks would be detected, but doing so would take a very long time, slowing down the whole system.^[5]

The solution implemented was to put a limit on block size. That limit was 1 MB. This way, attacks using huge blocks would be instantly detected and rejected, without significantly slowing down the network.

As Bitcoin has become more popular, that limit is slowing down transactions. A block is added to the chain every ten minutes. With a limit on its size, only so many transactions can be added, as many as fit in a block. Globally, bitcoin cannot currently support transactions with anything like the speed of other currencies or credit cards. It sometimes takes hours to confirm a transaction.

Some sites work around this problem, by conducting "off-chain payments", conducting transactions without waiting for confirmation by the blockchain.^[6] However, many people^[who?] do not trust this solution, which is open to exploitation by double spending of bitcoin from unconfirmed transactions.

Others have proposed changes to Bitcoin that would reform the way it's done, but that would not be backward-compatible.^[6] For example, FlexTrans (Flexible Transactions) would make transactions smaller by changing how they are described to a "tag" system, allowing more in blocks of the current size. But it is not compatible with systems that do not upgrade.^[7]

Likewise, there are a number of other, unrelated problems that have arisen with the bitcoin protocol.

The most important is "transaction malleability".^[8] While a transaction is signed, the signature doesn't include all transaction data, and at one time checking that the signature was correct was not even required. This means that several different ways of losing or stealing bitcoins are possible. While a number of different fixes have made this unlikely to happen, the flaw still exists.^[9]

SegWit proposes significant backward compatibility. It hides its increased block size by changing the definition of a block to be measured as one million "units" instead of bytes. The "witness" signature data would be separated from the Merkle tree record of who is sending or receiving the bitcoin. The "witness" data is moved to the end, and each byte of it would only count as one quarter of a "unit". The overall effect would be changing the average block size to about 1.8 MB instead of 1. This means the existing bitcoin protocol doesn't change, allowing it to work without as much upgrading of software.^[10]

It also addresses signature malleability, by moving signatures out of the transaction data, making them impossible to change.^[11] The transaction ID is no longer malleable. This makes bitcoin safer to use with Lightning Network, a way to speed up small payments by bundling them and only writing to the blockchain at the beginning and end of their execution, which would be (slightly) risky while the malleability problem still exists.^[12]

Segregated Witness was activated on August 24 2017.^[13] Nonetheless, most Bitcoin network transactions have not been using the upgrade. But in the first week of October the proportion of network transactions using SegWit rose from 7% to 10%, indicating a greater increase in use rate.^[14]

Segregated Witness (BIP141) should not be confused with SegWit2x (SegWit2Mb). In SegWit2Mb it is agreed to first activate Segregated Witness and then a 2 MB hard fork within six months as of May 23, 2017. A Bitcoin Core blog post warns against using btc1, the reference implementation of Segwit2x.^[15]

On November 8, 2017 the developers of SegWit2x announced that the hard fork planned for around November 16, 2017 has been canceled for the time being due to a lack of sufficient consensus.^[16][17]

• BIP141 Segregated Witness (Consensus layer) – activated on August 24, 2017
• BIP142 Address Format for Segregated Witness – withdrawn, superseded by BIP 173
• BIP144 Segregated Witness (Peer Services) – activated
• BIP148 Mandatory activation of segwit deployment – activated
• BIP173 Bech32 addresses – activated, not yet in wide usage