The sighash flags are set in the signature itself. The user that signs an input sets eg SIGHASH_ALL when signing. This means that any changes among the outputs will render the signature invalid.
More in my book Grokking Bitcoin:
Discussion
Thank you Kalle, I will read it!
Upfront question: If I have UTXOs from different addresses that I want to use as inputs for a single transaction, I would need different signatures for these inputs, right?
How are these different signatures related to the signature(s?) on the outputs? Not sure if I get it. Maybe an analogous situation would be a payjoin.
Yes each input requires a different signature (even if they spend from the same address),
There are no signatures on the outputs. The full transaction, including its outputs, is covered by the signatures on the inputs. But you can somewhat modify (using sighash flags) what the signature covers (commits to) when you make the signature.
Ok I think I get it, thank you. So in a case where we both want to spend our utxos together to a new address and we would both choose SH_ALL, we would both sign all inputs and outputs, correct?
My signature would commit to my input, your input, and our common output(s) and yours would do the same. I hope this is correct. Thanks again.
Yes, that's correct!
But I do think that various coinjoin protocols set different sighash flags. I guess nostr:npub1klkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qulx3vt can answer that.
iirc coinjoins use SH_ALL.