SIGHASH Flags

SIGHASH flags are single-byte codes appended to every Bitcoin signature that tell the network exactly which portions of a transaction that signature commits to. Because a signature can only protect data it covers, the flag determines what a signer endorses and, by omission, what other parties are still free to change. The flag is the final byte of a DER-encoded ECDSA signature, or the optional 65th byte of a Schnorr signature under Taproot.

The Three Base Modes

SIGHASH_ALL (0x01) is the default: the signature commits to every input and every output, locking the transaction so no one can redirect the funds or alter amounts. SIGHASH_NONE (0x02) signs the inputs but none of the outputs, leaving destinations open. SIGHASH_SINGLE (0x03) commits only to the output at the same index as the signed input, ignoring the others. These three can each be combined with the ANYONECANPAY modifier to also free the input set.

Taproot Default

Under Taproot, a 64-byte Schnorr signature with no trailing flag byte implies SIGHASH_DEFAULT (0x00), which behaves identically to SIGHASH_ALL but saves a byte. An explicit flag byte is only appended when a non-default mode is needed, and it must never be 0x00.

SIGHASH flags underpin advanced constructions such as collaborative transactions, payment pools, and fee-bumping schemes. The combination most relevant to those use cases is covered in SIGHASH_ANYONECANPAY, and the broader signature primitive sits alongside the Schnorr signature scheme that Taproot introduced.