Overview
A digital signature in Bitcoin is a cryptographic proof that the holder of a private key has authorized a specific transaction. Signatures are the fundamental mechanism that prevents unauthorized spending — without a valid signature corresponding to the public key (or key hash) that an output is locked to, the bitcoin cannot be moved. Bitcoin supports two signature schemes: ECDSA (Elliptic Curve Digital Signature Algorithm), used since Bitcoin's inception, and Schnorr signatures, introduced with the Taproot upgrade.
How Signatures Work
Signing Process:
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Transaction │ │ Private Key │ │ Signature │
│ data (message│────>│ + signing │────>│ (r, s) for │
│ to sign) │ │ algorithm │ │ ECDSA or │
└──────────────┘ └──────────────┘ │ (R, s) for │
│ Schnorr │
└──────┬───────┘
│
Verification Process: │
▼
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Transaction │ │ Public Key │ │ Valid? │
│ data │────>│ + signature │────>│ YES / NO │
│ │ │ + verify │ │ │
└──────────────┘ │ algorithm │ └──────────────┘
└──────────────┘
Key property: Anyone can verify, only key holder can sign
ECDSA vs. Schnorr
| Property | ECDSA | Schnorr |
|---|---|---|
| Used since | 2009 (Bitcoin launch) | 2021 (Taproot activation) |
| Signature size | 71-73 bytes (DER) | 64 bytes (fixed) |
| Aggregation | Not supported | Supported (MuSig) |
| Batch verification | Limited | Efficient |
| Output types | P2PKH, P2WPKH, P2SH | P2TR only |
What a Signature Covers
A signature does not blindly sign the entire transaction. The sighash flag specifies which parts of the transaction are included in the signed message. The default SIGHASH_ALL commits to all inputs and outputs, ensuring that no part of the transaction can be modified after signing.
Signatures in the Transaction
Before SegWit, signatures were placed in the scriptSig field of each input. With SegWit, signatures are moved to the witness section, which is segregated from the transaction data used to calculate the transaction ID. This separation fixed transaction malleability and enabled the witness discount.
Multisig and Aggregated Signatures
Traditional multisig requires multiple separate ECDSA signatures on-chain (e.g., 2-of-3 multisig needs 2 signatures and 3 public keys). Schnorr signatures enable MuSig key aggregation, where multiple signers collaborate to produce a single aggregate signature that is indistinguishable from a single-key signature on-chain. This saves space and enhances privacy.
Common Misconception
A signature does not encrypt anything. It is not a secret — signatures are publicly visible in every Bitcoin transaction on the blockchain. The security property is that only the private key holder can create a valid signature, but once created, anyone can verify it. Revealing a signature does not compromise the private key.