2
1
SegWit is meant to be backward-compatible. When a SigWit block is relayed to a non-SegWit node, the witness part is stripped. If this is the case, wouldn't it be invalid since the non-SegWit node sees no witness/signature in transaction input?
So output is changed to anyone-can-spend output? If so, what prevents it to be spent by anyone not the intended recipient?
If this is the case, wouldn't a transaction be regarded invalid since the non-SegWit node sees no witness/signature in transaction input to unlock the fund? – sinoTrinity – 2018-05-13T20:51:28.887
The definition of an anyone-can-spend output is that it does not require any signature or witness to spend. – Pieter Wuille – 2018-05-13T20:52:29.820
What happens to a transaction with only-someone-can-spend output, sent from a SegWit node to a non-SegWit node? – sinoTrinity – 2018-05-13T21:09:26.847
The non-SegWit node will interpret it as an anyone can spend, and accept it. – Pieter Wuille – 2018-05-13T21:10:05.343
To unlock
scriptPubKeyfrom UTXO output, the old non-SegWit node still needsscriptSig/witness in input, which is missing. So it will treat the transaction invalid, no? IsscriptPubKeyremoved from output, like witness from input? – sinoTrinity – 2018-05-13T21:45:58.477No, re-read my answer: nothing is changed. The
scriptPubKeyfor SegWit outputs can be spent using an emptyscriptSig. However, for SegWit nodes it requires a valid witness to spend. Old nodes don't know or care about witnesses, and will accept with no signature at all (that's the definition of anyone-can-spend). – Pieter Wuille – 2018-05-13T22:22:23.833Let us continue this discussion in chat.
– sinoTrinity – 2018-05-13T22:26:59.5801I can't respond in chat right now, but your last message is spot on: SegWit outputs use a special lock script that can be spent without unlock script (to old nodes). – Pieter Wuille – 2018-05-13T22:38:01.370