Witness Stack

The witness stack is the part of a Segregated Witness (SegWit) transaction input that holds the signatures and any script data needed to satisfy a locking script. Introduced in BIP 141, SegWit moves this unlocking data out of the legacy scriptSig field and into a separate, structured witness field carried alongside the transaction.

How it is structured

Each input has its own witness, expressed as a stack of byte-string items. For a Pay-to-Witness-Public-Key-Hash (P2WPKH) input the witness contains the signature and the public key; for a Pay-to-Witness-Script-Hash (P2WSH) input it contains the data pushes followed by the serialized witness script, which is hashed and checked against the commitment in the output. The witness items are pushed onto the script's evaluation stack much as scriptSig data would be, but they live outside the part of the transaction that is hashed for the txid.

Why segregation matters

Separating the witness solved transaction malleability: because signatures no longer affect the txid, third parties can no longer alter an unconfirmed transaction's identifier by tweaking the signature encoding. This was a prerequisite for safe payment channels and the Lightning Network. SegWit also gives witness bytes a discounted weight in the block-weight formula, lowering the effective fee for spending SegWit outputs and raising practical block capacity.

The witness stack is the modern replacement for legacy scriptSig data and feeds the same evaluation model described under the Script Stack. SegWit's script-hash variant is the witness analogue of Pay-to-Script-Hash (P2SH).