Unlocking Script

An unlocking script provides the data that satisfies an output's [locking script](/glossary/locking-script). In legacy (pre-SegWit) transactions, this script lived in the input's scriptSig field. SegWit moved it into the [witness](/glossary/witness) field outside the transaction body, fixing malleability.

For a typical P2PKH spend, the unlocking script pushes two items onto the stack: a signature and a public key. The interpreter concatenates the unlocking script and the locking script, runs them top to bottom, and the spend succeeds if the final stack top is non-zero:

``
<sig> <pubKey> // unlocking — pushed first
OP_DUP // → <sig> <pubKey> <pubKey>
OP_HASH160 // → <sig> <pubKey> <H160(pubKey)>
<pubKeyHash> // → <sig> <pubKey> <H160(pubKey)> <pubKeyHash>
OP_EQUALVERIFY // pop both, fail if not equal → <sig> <pubKey>
OP_CHECKSIG // verify signature → 1 (success)
``

For SegWit inputs, the legacy scriptSig is empty or near-empty; the real signature data is in the witness. The interpreter knows from the locking script's shape (a "version-0 witness program") to pull data from the witness rather than the scriptSig. For Taproot (P2TR), it's even simpler — the entire spending data is a 64-byte Schnorr signature in the witness, no script execution required in the common case.