The Witness Merkle Tree
The Witness Merkle Tree
Standard transactions are committed to a block using their TXIDs in a Merkle Tree. However, because TXIDs don't include witness data, the signatures themselves are not protected by the standard Merkle Root. To solve this, SegWit introduced a second tree: the Witness Merkle Tree.
1. Building the Tree
Miners calculate the wTXID for every transaction in the block.
-
They build a Merkle Tree where the "leaves" are the wTXIDs.
-
The root of this tree is called the Witness Merkle Root.
2. The Commitment Problem
Bitcoin's block header only has space for one Merkle Root. How do we add a second one without changing the block header format?
-
The Trick: The Witness Merkle Root is stored inside the Coinbase Transaction.
-
Specifically, it is placed in an OP_RETURN output of the Coinbase transaction.
3. The Coinbase wTXID
The Coinbase transaction is unique. For the purpose of the Witness Merkle Tree, the wTXID of the coinbase transaction is defined as all zeros (0000...0000).
4. Verification Flow
-
Node receives a block.
-
It parses the Coinbase Transaction to find the
wtxid_commitment. -
It calculates the wTXID for every transaction in the block.
-
It reconstructs the Witness Merkle Tree.
-
If the calculated root matches the one in the coinbase, the witnesses are valid.
5. Security Context
By committing the wTXID root to the coinbase, and then committing the coinbase TXID to the main block header, the witnesses are cryptographically secured by the proof-of-work.
| Tree | Leaves | Location of Root |
|---|---|---|
| Transaction Tree | TXIDs | Block Header |
| Witness Tree | wTXIDs | Coinbase Output |
In the next section, we will discuss how this fixes malleability.
TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation: