TYPE 0x0001 · SIGNATURE FAMILY

SIG

Single signature verification. Supports Schnorr (BIP-340), ECDSA, and post-quantum schemes via the SCHEME field. The fundamental spending primitive.

Signature Non-Invertible
Ladder Diagram
SIG SIG VERIFY Schnorr / ECDSA / PQ via SCHEME routing
Fields
FieldData TypeSizeSideDescription
pubkey PUBKEY 32-33 B Witness Public key (x-only 32B or compressed 33B)
signature SIGNATURE 64-65 B Witness Schnorr signature (64B) or with sighash byte (65B). ECDSA signatures are 8-72B.
scheme SCHEME 1 B Conditions Signature scheme identifier (0x01 = Schnorr, 0x02 = ECDSA). Routes to post-quantum verifier when PQ scheme set.

Public key folded into Merkle leaf via merkle_pub_key (PubkeyCountForBlock = 1). No key field in conditions.

Wire Format Breakdown

Conditions side (committed in the rung leaf via the structural template + value commitment; recovered at spend time inside the MLSC proof):

0x0001 0 2 SCHEME · 1B = 7 bytes

Witness side (in input witness):

0x0001 0 2 PUBKEY · 32B SIGNATURE · 64B = 104 bytes
Total (conditions + witness) 145 bytes

With rung overhead included. Minimal Schnorr case (x-only pubkey, no sighash byte).

Evaluation Logic
0. Pre-eval (MLSC proof verification, not EvalSigBlock): the witness PUBKEY is folded into the rung leaf via merkle_pub_key during proof reconstruction. If the revealed pubkey doesn't match what was committed at fund time, leaf reconstruction yields a different root and the proof rejects before block evaluation runs.
1. Locate PUBKEY and SIGNATURE witness fields. If either missing → ERROR
2. Read SCHEME field. If PQ scheme (FALCON-512/1024, Dilithium3, SPHINCS+), route to EvalPQSig. If SCHNORR/ECDSA, dispatch by signature size below.
3. Verify SIGNATURE against PUBKEY. Schnorr if 64-65 B, ECDSA if 8-72 B; sizes outside both ranges → ERROR. Verification fails → UNSATISFIED
4. Signature valid → SATISFIED
Return Values
ConditionResult
Witness PUBKEY or SIGNATURE missingERROR
Signature size out of range for the resolved schemeERROR
Signature verification failsUNSATISFIED
Signature validSATISFIED
JSON Wire Format
Conditions (committed in the rung leaf; PUBKEY is folded out via merkle_pub_key, not stored as a field)
{
  "type": "SIG",
  "inverted": false,
  "fields": [
    { "type": "SCHEME", "hex": "01" }
  ]
}

When passing this block to createrungtx or signrungtx, pass the pubkey via the rung-level "pubkeys" array (singular SCHNORR case) or via a PUBKEY field that the parser folds into the leaf — either way the wire-format conditions block carries only SCHEME.

Witness (input)
{
  "type": "SIG",
  "inverted": false,
  "fields": [
    { "type": "PUBKEY", "hex": "02abc1...33 bytes" },
    { "type": "SIGNATURE", "hex": "30440...64 bytes" }
  ]
}
Use Cases
Single-Key Spending
The most common spending condition. A single public key controls a UTXO. The owner provides a signature to spend. Equivalent to P2PKH or P2WPKH but with pubkey commitment privacy.
Hot Wallet Authorization
Hot wallet key signs outgoing transactions immediately. The SIG block is the innermost authorization primitive used in more complex ladder constructions like TIMELOCKED_SIG or HTLC.
Key Delegation
Delegate spending authority to a specific key. Combined with other blocks on different rungs, enables flexible authorization policies where one rung requires only a single signature.
← All Blocks MULTISIG →