Documentation

Transaction Structure

Overview

P2WPKH transactions differ from P2PKH in how the signature and public key are stored. Instead of being in the ScriptSig, they are placed in a separate witness field.

Output (Locking Script - ScriptPubKey)

The ScriptPubKey for P2WPKH is more compact than P2PKH, consisting only of the witness version byte and the 20-byte public key hash.

The following diagram shows the P2WPKH ScriptPubKey structure:
P2WPKH ScriptPubKey Structure OP_0 0x00 (version 0) OP_PUSHBYTES_20 0x14 Witness Program (Public Key Hash) 20 bytes (HASH160 of compressed public key)
The following code shows a typical P2WPKH ScriptPubKey script:
plaintext
OP_0
OP_PUSHBYTES_20
24bc22345d16821eb478da2408245b831ca90431

# Hex value: 001424bc22345d16821eb478da2408245b831ca9043188ac

The ScriptPubKey contains the hash of the recipient's public key, not the public key itself. Funds remain locked until someone provides the correct public key and a valid signature.

Input (Unlocking Script - ScriptSig)

For native P2WPKH, the ScriptSig is empty.

All signature data is moved to the witness field, which is not part of the traditional transaction structure.

Witness Data

The witness data follows a specific serialization format. It begins with the number of stack items as a single byte, followed by each item's size and value in sequence.

Witness Structure Breakdown

For P2WPKH, the witness contains two items:

  • The signature.
  • The public key.
The following shows a typical P2WPKH witness data structure:
P2WPKH Witness Data Serialization Count 0x02 Size variable <signature> 71-72 bytes (DER encoded + SIGHASH) Size variable <public key> 33 bytes (compressed only)
plaintext
02                                          # Item count (2 items)
48                                          # First item size (72 bytes)
3045022100...01                             # First item: DER-encoded signature + SIGHASH type
21                                          # Second item size (33 bytes)
0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798  # Second item: Compressed public key

# Hex value: 0248304502210082b4a8e6c0c8e5b1c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8091a2b3c4d5e6f022012a3b4c5d6e7f8091a2b3c4d5e6f708192a3b4c5d6e7f8091a2b3c4d5e6f70810121210279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

Script Execution

When validating a P2WPKH transaction, the witness data and ScriptPubKey are processed together. The node recognizes witness version 0 with a 20-byte program in the ScriptPubKey (OP_0 OP_PUSHBYTES_20 <pubkey_hash>), triggering P2WPKH validation rules. The following steps describe the execution flow:

P2WPKH Stack Execution Witness Initial OP_DUP 0x76 OP_HASH160 0xa9 Push <hash> from scriptPubKey OP_EQUALVERIFY 0x88 OP_CHECKSIG 0xac <signature> <pubkey> top <signature> <pubkey> <pubkey> top <signature> <pubkey> <pubkeyhash> top <signature> <pubkey> <pubkeyhash> <expected hash> top <signature> <pubkey> top 1 top
  1. Push Signature
    The signature is pushed from the witness data onto the stack.
  2. Push Public Key
    The compressed public key is pushed from the witness data onto the stack.
  3. Duplicate Public Key (implicit)
    The top stack element is duplicated.
  4. Hash Public Key (implicit)
    SHA-256 followed by RIPEMD-160 is applied to the public key.
  5. Push Expected Hash
    The public key hash from the ScriptPubKey is pushed onto the stack.
  6. Compare Hash
    The computed hash is compared with the witness pubkey hash from the ScriptPubKey. If they do not match, the script fails.
  7. Verify Signature (implicit)
    The signature is verified against the public key and transaction data using CHECKSIG.
  8. Result
    If the final stack contains 1, the transaction is valid and the funds are unlocked.
Note

Steps marked as "implicit" are enforced by SegWit consensus rules rather than explicit opcodes in the script.

On this page