Why transaction is signed with locking script from the input transaction?

There is no definitive answer here, and you'd need to ask the system's creator to be sure.

My guess is that it was due to interaction with a feature that we're now calling 'delegation': the ability for someone to presign a transaction, and add a new unlocking script- effectively delegating the right to sign to someone else under certain circumstances.

Elements of the script language that point in this direction include the existence of OP_CODESEPARATOR, and the original execution model of running scriptSig + scriptPubKey in one go, rather than separately as is done now.

Pieter Wuille

Posted 2017-01-04T23:48:12.310

Reputation: 54 032

1But what about security - am I right, that before the transaction will be included into the block, miner can edit unlocking script + unlocking script lenght, and transaction will still be valid? – Sergey Potekhin – 2017-01-05T16:49:13.903

2Yes, that's called malleability, and it is possible. However, it cannot be avoided, as we can't have signatures that sign themselves (as they are in the unlocking script). A way around it is the Segregated Witness proposal, which does not prevent malleability, but makes the unlocking script not contribute to txid calculation. – Pieter Wuille – 2017-01-05T17:03:51.597

Why transaction is signed with locking script from the input transaction?

Answers