I'm simplifying, but hopefully this makes sense.
To spend bitcoin, a user must prove they have the right to spend the bitcoin from an address by signing the transaction with a signature corresponding to that address.
Pre-segwit, the signature appears next to the transaction in the block.
For segwit, the required signatures are separated from the transactions and grouped together at the end of a block. A pre-segwit node would not recognise the segwit area of the block, so for backwards compatibility it is removed when sending to a pre-segwit node, and an empty signature is left where the pre-segwit signature would have been. Additionally, a segwit transaction is structured so that it appears to be valid to a pre-segwit node with the empty signature.
This has the effect that for pre-segwit nodes, segwit transactions look like they can be spent with the empty signature. The transaction format is also non-standard from the point of view of a pre-segwit node, so the node will ignore these transactions until they are in a block. However if a pre-segwit node did try to spend a segwit transaction with an empty signature, it would be rejected by other segwit nodes because the required witness data would be missing.
Why do clients even send that data in in the first place?
The signature/witness data is required to validate the transaction. Pre-segwit nodes are unable to fully validate segwit transactions, so are depending on segwit-enabled nodes to validate and place them into blocks.
Non-SegWit clients never see the witness data - they don't care about it and wouldn't understand it. It's only relayed between SegWit-enabled software. – Pieter Wuille – 2017-12-07T00:43:33.973
But I mean basically SegWit saves space in (backwards-compatible) transactions by not including witness data in the 1MB blocks, allowing for cheaper transactions, and keeping the witness data separate. So then why don't non-SegWit clients to save the same amount of transaction space, just create transactions without witness data PERIOD? :D – Attila Szeremi – 2017-12-07T00:51:44.623
Non-SegWit clients can't create any witness data. They can only spend non-SegWit outputs anyway, which don't need witnesses. Your question makes no sense. – Pieter Wuille – 2017-12-07T00:53:16.470
I could be getting my terms on, but as far as I know non-SegWit transactions do send witness data, but they're stored non-segragated in the transactions. – Attila Szeremi – 2017-12-07T00:59:20.277
No. Non-SegWit transaction don't have witnesses, they have normal scriptSigs instead. – Pieter Wuille – 2017-12-07T01:02:00.053
@AttilaSzeremi You may find this question thread has some answers for you.
– chytrik – 2017-12-07T01:04:06.907Woah there seems to be even more to it than I thought. I didn't know executable code was involved. – Attila Szeremi – 2017-12-07T01:12:51.540
In any case, then how come non-SegWit clients don't just also create this same OP_0 thing as a really cheap scriptSig replacement to gain the same space saving as what SegWit transactions get? Some important security involved making it well worth it for each client the increased transaction cost for creating the ~1.5x extra bytes of data? – Attila Szeremi – 2017-12-07T01:16:57.313
If they had no scriptSig or witness, there would be no signatures so anybody could steal the money. – Anonymous – 2017-12-07T05:26:43.490
But if that were the case, then since SegWit transactions also have no scriptSig or witness at least in the point of view of non-SegWit clients, that would imply that money of any SegWit transactions could be stolen by anybody non-SegWit clients. Does that make sense? – Attila Szeremi – 2017-12-07T08:49:07.753
1Since the transaction needs to be mined by miners enforcing segwit and verified by nodes enforcing segwit, such transactions that spend segwit outputs would be invalid without the corresponding witnesses. If a network does not have segwit enabled, then yes, you could steal from segwit outputs, but they aren't really segwit outputs there but rather anyone-can-spend outputs. This has happened on the Bitcoin Cash network already. – Andrew Chow – 2017-12-08T07:46:16.423