In 2017, Dr. Peter Rizun noted that Segregated Witness (Segwit) changes the very definition of a Bitcoin as per the whitepaper: "We define an electronic coin as a chain of digital signatures." In this article, I would like to expand on that topic and add a key observation: breaking the chain of digital signatures is actually removing an integrity check in the Bitcoin ledger. Bitcoin is a distributed ledger system — a form of database. When it comes to databases in general, there are many different kinds of data integrity. One type, user-defined integrity, refers to a set of rules for a specific application (in this case, Bitcoin).
In Bitcoin, one of the most important types of data are the digital signatures that prove a coin was transferred properly. The fact that signatures cannot be forged is one reason that your coins in storage are safe, even if the network were to undergo a 51% attack.
By defining a coin as a chain of digital signatures (and by implementing Bitcoin to require the signature to be part of the transaction which then gets hashed into the input of the next transaction), Bitcoin establishes an important data integrity check.
To a user, the threat is always that of coins vanishing or being stolen. Bitcoin's security model ensures that for a coin to move, a corresponding signature has to be produced, and it has to be included in a transaction and published on the blockchain.
Since producing a fake signature is assumed to be hard, no one can steal your coins unless they got a hold of your private keys. When a theft does occur, you can go look at the signature on the blockchain to verify that this is what happened.
This is true for all (non-Segwit) coins and transactions in Bitcoin; thus the integrity check is weaved into the fabric of the blockchain, ensuring the security model for all transactions.
How Segwit Removes the Integrity Check
How does the above description change under Segwit? To begin, I'll quote Dr. Rizun: "In a Bitcoin, the signatures are an integral part of the chain. Carol can only verify the complete chain of ownership if all the signatures exist because if even a single signature is missing, the chain breaks down…there's no way to follow it through. A Segwit coin is different because the signatures are all outside of the chain. If even none of the signatures exist, or maybe none of the signatures were even real to begin with, Carol can still validate the chain of custody. I'm using the word custody instead of the chain of ownership, because Segwit really only shows custody."
So in Segwit, we still have the signature, but it is NOT required to be directly included in the input of the transaction. In fact, it's explicitly excluded for the purposes of eliminating malleability. Instead, the signature ("witness data") is placed elsewhere in its own special section. We still have the data, but what we DON'T have is the data integrity check since it's not necessary to have the complete transaction (including the signatures) the next time the coin is spent.