2 min read
A signature hash (sighash) flag is a small part of each input in a transaction that determines which parts of the transaction become immutable once a signature has been added to the transaction.
A signature signs a hash of data, and thus a signature commits to an exact form of a piece of data. If the data is changed after the signature is created, the signature is invalidated. Thus, a signature is a commitment to a certain piece of data. In this case, that data is a Bitcoin transaction, and the sighash flag determines what data within the transaction committed to.
Almost all transactions use the sighash flag SIGHASH_ALL, meaning that each input’s signature is only valid if all other inputs and outputs remain unchanged. Other sighash flags allow an input signature to remain valid even if other inputs or outputs are altered.
Within a transaction, each input requires its own signature and thus its own sighash flag. This means that inputs can be constructed flexibly. When multiple parties contribute inputs to a certain transaction, they may only care about their own specific outputs. For example, if Alice contributes 1 BTC to a transaction and expects 1.2 BTC in return, she likely only cares that her output of 1.2 BTC is guaranteed upon signing. In this case, Alice could use the sighash flag SIGHASH_SINGLE. This flag commits to all inputs, but only a single output. This would allow the other parties to the transaction to add and alter their outputs as desired, so long as they do not alter Alice’s output of 1.2 BTC.
Alternatively, in the rare case that a party to a transaction does not care what any of the outputs are, they may use the sighash flag SIGHASH_NONE, which commits to all inputs but no outputs.
Lastly, the sighash flag SIGHASH_ANYONECANPAY ensures that only the input at hand is signed, whereas the other three sighash flags alone ensure that all inputs are signed. This sighash flag can be combined with any of other sighash flag in order to control which outputs and which inputs are signed.
In the future, more sighash flags may be added to the Bitcoin protocol, enabling more flexible use cases, but for now, only the four mentioned above are considered valid.