The Quadratic Sighash Problem
Before SegWit, there was a serious scalability issue in Bitcoin called the Quadratic Sighash problem.
It made signature validation slow, especially for transactions with many inputs, and opened the door to denial-of-service attacks.
What Happened?
In 2015, F2Pool mined a block containing one huge “mega-transaction” (≈1 MB, 522 inputs).
It took about 25 seconds for a full node to validate just that transaction.
Slow validation means fewer people can run full nodes
→ which increases the risk of centralization.
→ which increases the risk of centralization.
Why Does It Happen?
Imagine a transaction with 2 inputs.
To verify each signature, Bitcoin must hash a modified version of the transaction.
So for 2 inputs, we hash 2 different messages:
Input #1 → message #1
Input #2 → message #2
So far, this looks linear:
2 inputs → 2 messages
2 inputs → 2 messages
The Trick: Each Message Contains All Inputs
When signing input i:
- include every input
- but remove
scriptSigfrom all other inputs
(so they can't change the message being signed)
That means each input needs its own version of the transaction to hash.
So with 2 inputs:
2 inputs × 2 messages = 4 hashing operations
Scaling Up
Now imagine 3 inputs:
Each message now contains 3 inputs:
3 inputs × 3 messages = 9 units of work
In general:
n inputs → n × n = n² hashing work
That’s why it’s called Quadratic Sighash -> cost grows as n².
Example Table
| Inputs | Messages | Total Work |
|---|---|---|
| 1 | 1 | 1 |
| 2 | 2 | 4 |
| 3 | 3 | 9 |
| 10 | 10 | 100 |
| 100 | 100 | 10,000 |
Why This Was Dangerous
A miner could include a single huge multi-input tx that takes seconds/minutes to validate.
- Slow full nodes can’t keep up
- They fall behind the chain tip
- They aren’t participating in consensus
- Network centralizes to only fast validators
Why "just limit transaction size" failed
Proposed fix: cap tx size to 100 KB.
Rejected because:
❌ Doesn't fix root cause
❌ Just delays the attack
❌ Breaks legitimate large-input transactions (eg batching)
SegWit Fixed This
SegWit changed how transactions are serialized and hashed. It reduced sighash cost back to O(n) (we’ll explain it in the next posts)
Follow @Bitcoin_Devs for more technical explainers.