Witness
The witness is the part of a Bitcoin transaction that contains unlocking data (signatures, public keys, and other data) that proves authorization to spend inputs. SegWit (2017) moved witness data out of the base transaction into a separate structure, so it is no longer part of the data hashed for the TXID. That fixed transaction malleability and enabled the witness discount for fee calculation.
In a SegWit or Taproot transaction, each input can have witness data. The witness is serialized after the base transaction (version, inputs without witness, outputs, locktime). For each input, the witness is a list of byte vectors (e.g. signature, public key). The witness is committed to in the coinbase transaction via a witness root; it does not affect the main Merkle tree of transaction IDs.
- Malleability fix: The TXID hashes only the base transaction, so changing the witness does not change the TXID. That makes it safe to build transactions that depend on unconfirmed outputs (e.g. Lightning channels).
- Fee discount: Witness data is charged at 1 weight unit per byte instead of 4, so SegWit and Taproot spends are cheaper.
- Future upgrades: Separating witness allows new signature schemes (e.g. Schnorr) and script features without changing the base transaction format.
- SegWit for the upgrade and structure
- Taproot for Taproot witness and script paths
- Transaction Malleability for why witness was separated
- Transaction Structure for input and output field layout