Signature Operations (Sigops)

Signature operations, universally shortened to "sigops," are a count of the signature-verifying opcodes inside a transaction's scripts. Because checking an ECDSA or Schnorr signature is computationally expensive relative to other script operations, Bitcoin caps the total sigops allowed in a block to bound the worst-case CPU cost of validating it. This prevents an adversary from crafting a block that is cheap in bytes but ruinously slow to verify.

The Limits

The consensus block limit is MAX_BLOCK_SIGOPS_COST = 80,000 weighted sigops. For relay standardness, a single transaction may carry at most one-fifth of that — 16,000 sigops cost — or it is rejected as non-standard. OP_CHECKSIG and OP_CHECKSIGVERIFY each count as one sigop, while legacy OP_CHECKMULTISIG counts as up to twenty unless executed in post-SegWit "accurate" mode, where the cost reflects the actual number of public keys.

Sigops as a Block Resource

Sigops act as a second scarce resource alongside block weight. A block can hit the sigop ceiling before it fills on weight, so miners assembling templates must track both. Tapscript changed the model: under BIP342, each signature opcode consumes a budget of one per 50 witness weight units rather than counting against the global 80,000 ceiling, tying signature cost directly to the witness data the spender already paid for.

Sigop accounting is one of several limits a transaction must satisfy to be relayed. See Standardness for the full set of policy checks and Mempool Policy for how nodes apply them.