Documentation

Introduction to P2WPKH (Pay To Witness Public Key Hash)

Overview

P2WPKH (Pay-to-Witness-Public-Key-Hash) is a native Segregated Witness (SegWit) address format introduced in BIP141. These addresses begin with bc1q on mainnet and offer significant improvements over legacy P2PKH addresses, including reduced transaction fees, increased block capacity, and a fix for transaction malleability.

How It Works

P2WPKH addresses are derived from a public key using a process similar to P2PKH, but with different encoding:

P2WPKH Address Anatomy (Native SegWit) Witness Program Generation Public Key 33 bytes (compressed only) SHA-256 RIPEMD160 Witness Program (HASH160) 20 bytes Bech32 Encoding HRP "bc" + Version 0x00 (v0) + Witness Program Convert to Base32 (5-bit groups) BCH Checksum (6 chars) Bech32 Encode HRP + "1" + data + checksum bc HRP 1 q v0 Witness Program (Base32) 32 chars Checksum 6 chars 42 characters total (starts with bc1q) P2WPKH Address (SegWit v0) bc1qw508d6qejxtdg4y5r3zarvary0c5xw7kv8f3t4 Bech32 encoding (not Bech32m). HRP: "bc" (mainnet), "tb" (testnet). Version 0 encodes to "q".
  1. Generate a public key from the private key using elliptic curve multiplication.
  2. Apply SHA-256 hashing to the public key.
  3. Apply RIPEMD-160 hashing to the SHA-256 result, producing a 160-bit hash (20 bytes).
  4. Encode the witness version and public key hash using Bech32 encoding with the appropriate human-readable prefix.

The key difference from P2PKH is that the signature and public key are moved to a separate witness structure, reducing the transaction's weight and enabling more transactions per block.

Segregated Witness

Segregated Witness separates (segregates) the signature data (witness) from the transaction data. This separation provides several benefits:

  • Transaction Malleability Fix: Signatures are no longer part of the transaction ID calculation, preventing third parties from modifying transaction IDs.
  • Block Capacity Increase: Witness data is discounted in block weight calculations, effectively increasing block capacity.
  • Script Versioning: The witness version byte enables future protocol upgrades without hard forks.

Security Considerations

P2WPKH provides the same cryptographic security as P2PKH, with the public key remaining hidden until funds are spent. The public key hash protects against potential future attacks on elliptic curve cryptography as long as the address has not been used for spending.

The transaction malleability fix is particularly important for applications that rely on unconfirmed transaction IDs, such as payment channels and the Lightning Network. With P2WPKH, transaction IDs remain stable even if the signature is modified.

As with P2PKH, address reuse exposes the public key on the blockchain. Generate a new address for each transaction to maintain optimal security.

Address Format

P2WPKH addresses use Bech32 encoding, which provides several advantages over Base58Check:

  • Case Insensitivity: Bech32 addresses are lowercase only, reducing transcription errors.
  • Better Error Detection: Bech32 can detect up to 4 character errors and locate up to 2 errors.
  • No Ambiguous Characters: Uses a character set that avoids visually similar characters.

P2WPKH addresses are identifiable by their prefix:

  • Mainnet: Addresses start with bc1q.
  • Testnet: Addresses start with tb1q.
  • Regtest: Addresses start with bcrt1q.

The q following bc1 indicates witness version 0. Future witness versions use different characters (e.g., p for version 1 in Taproot).

On this page