Thanks for writing this up as a CHIP!! 
Script-Implemented Authentication Schemes
Several projects implement alternative signature schemes directly in Script: Quantumroot (post-quantum vaults), Lamport signatures, and secp256r1 verification. All of them must construct a sighash manually using transaction introspection opcodes. This is a big part of the cost: ~600 bytes of Script just to produce the 32-byte digest.
Sahid Miller, who implemented secp256k1 and secp256r1 verifiers in Script:
In my custom secp256k1 and p256 signature verification scripts, I use ~600 bytes to create a sighash to verify against. OP_SIGHASH would make that unnecessary.
A manual sighash implementation using loops (post-May 2026) can be compressed to ~153 bytes. OP_SIGHASH does the same work in 2 bytes (sighash byte + opcode), using the identical, audited sighash recipes that node implementations already maintain.
Standardized Sighash for Novel Signers
Every Script-based signer that constructs its own sighash must reimplement the sighash algorithm, including edge cases around SIGHASH_SINGLE , ANYONECANPAY , FORKID , UTXOS , and the scriptCode substitution rules. Errors in these reimplementations are consensus-compatible (the script simply fails to verify, or some unintetinoal malleability gap is left) but still represent wasted funds and debugging effort.
OP_SIGHASH gives every Script-based signer the same canonical sighash: the one computed by the node’s own C++ codebase, which has been battle-tested for over a decade. Implementations become simpler, auditable, and audited once.
this to me really is the most important part, these two related points make the lives of the builders and the tinkerers much easier. We want to lower the barrier to entry for people to explore novel cryptography in script. It’s a very nice way to offload unneeded complexity to the VM instead of the the contract implementation