Scribd
Upload
23 views5 pages

Learnmeabitcoin Technical Script p2ms

Uploaded by

Mochamad Abdul Malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views5 pages

Learnmeabitcoin Technical Script p2ms

Uploaded by

Mochamad Abdul Malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

12/26/24, 5:19 AM P2MS | Pay To Multisig

P2MS
Pay To Multisig
Greg Walker 18 Dec 2024 Download PDF

BIP 11: M-of-N Standard Transactions ↗

P2MS is a script pattern that allows you to lock bitcoins to multiple public keys, and require signatures for some (or all) of those
public keys to unlock it.

For example, you could create a P2MS script that includes the public keys of 3 different people, but only 2 of those people would need
to provide their signatures to spend the bitcoins:

Tip: Although P2MS is a standard script, it's more common to wrap this type of script in a P2SH or P2WSH.

Note: Legacy Script. This is a legacy script pattern and is rarely used directly on outputs.

Usage
How does P2MS work?

Raw multisig scripts are pretty straightforward to create.

ScriptPubKey
To create a raw P2MS script you include the following OP_CODES and data in the ScriptPubKey:

1. A number opcode M to indicate how many signatures are required.


2. Then push each of the public keys.
3. A number opcode N to indicate how many public keys there are.
4. OP_CHECKMULTISIG opcode at the end.

https://learnmeabitcoin.com/technical/script/p2ms/ 1/5
12/26/24, 5:19 AM P2MS | Pay To Multisig
So in the following example we have a 2-of-3 (M-of-N) multisig locking script, where OP_2 signatures are going to be required to
unlock the OP_3 public keys:

ASM Hex

OP_2
OP_PUSHBYTES_65
04d81fd577272bbe73308c93009eec5dc9fc319fc1ee2e7066e17220a5d47a18314578be2faea34b9f1f8ca078f8621acd4bc22897b0
3daa422b9bf56646b342a2
OP_PUSHBYTES_65
04ec3afff0b2b66e8152e9018fe3be3fc92b30bf886b3487a525997d00fd9da2d012dce5d5275854adc3106572a5d1e12d4211b22842
9f5a7b2f7ba92eb0475bb1
OP_PUSHBYTES_65
04b49b496684b02855bc32f5daefa2e2e406db4418f3b86bca5195600951c7d918cdbe5e6d3736ec2abf2dd7610995c3086976b2c0c7
b4e459d10b34a316d5a5e7
OP_3
OP_CHECKMULTISIG

Transaction: 581d30e2a73a2db683ac2f15d53590bd0cd72de52555c2722d9d6a78e9fea510 (Output 0)

Tip: A P2MS can contain both compressed public keys (33 bytes) and uncompressed public keys (65 bytes).

Note: P2MS is a standard locking script for up to 3 public keys. It's possible to create a multisig script with more public
keys, but it will be considered non-standard and will not be relayed by nodes. However, you can use up to 15 public keys if you
wrap the P2MS inside of a P2SH instead.

ScriptSig
To unlock a P2MS script, you just need to provide the required number of signatures in the ScriptSig.

So for this example, we need to provide OP_2 signatures (as requested in the ScriptPubKey above):

ASM Hex

OP_0
OP_PUSHBYTES_72
3045022100af204ef91b8dba5884df50f87219ccef22014c21dd05aa44470d4ed800b7f6e40220428fe058684db1bb2bfb6061bff67048
592c574effc217f0d150daedcf36787601
OP_PUSHBYTES_72
3045022100e8547aa2c2a2761a5a28806d3ae0d1bbf0aeff782f9081dfea67b86cacb321340220771a166929469c34959daf726a2ac0c2
53f9aff391e58a3c7cb46d8b7e0fdc4801

Transaction: 949591ad468cef5c41656c0a502d9500671ee421fadb590fbc6373000039b693 (Input 0)

Warning: OP_CHECKMULTISIG Bug: This opcode has a bug where it pops one extra element of the stack than it needs to (off-
by-one error ↗). That's why we add a dummy value (typically OP_O ) at the start of the ScriptSig to account for this and to
prevent the script from failing.

Caution: You need to provide the corresponding signatures in the same order as the order of the public keys in the
ScriptPubKey. You'll see why in the execution steps below.

Execution

https://learnmeabitcoin.com/technical/script/p2ms/ 2/5
12/26/24, 5:19 AM P2MS | Pay To Multisig

When this script executes, all of the signatures and public keys get pushed on to the stack at first.

Then we get to OP_CHECKMULTISIG , which:

1. Pops off N , and then pops that number of public keys off the stack.
2. Pops off M , and then pops that number of signatures off the stack.

After popping all the public keys and signatures off the stack, OP_CHECKMULTISIG compares each signature with each public
key:

If the current signature is not valid for the current public key, we move on to the next public key and check that one.
Note: This public key will also be ignored for every subsequent signature. This is why you need to put your signatures in order in the
ScriptSig.

If the signature matches the public key, we increment a tally and move on to the next signature.

After all the signatures have been checked, if the tally of valid signatures is equal to M , then OP_CHECKMULTISIG pushes a OP_1
on to the stack and the script is valid.

Examples
Where can you find P2MS scripts?

It's not common to find P2MS scripts in the blockchain, as most multisig transactions are wrapped inside P2SH or P2WSH
instead.

Nonetheless, here are some example transactions that have raw P2MS locking scripts on their outputs:

ScriptPubKey: 60a20bd93aa49ab4b28d514ec10b06e1829ce6818ec06cd3aabd013ebcdc4bb1 (output 0)


ScriptSig: 23b397edccd3740a74adb603c9756370fafcde9bcc4483eb271ecad09a94dd63 (input 0)

First P2MS transaction made on 30 Jan 2012. It's using 1-of-2 multisig.

ScriptPubKey: 2daea775df11a98646c475c04247b998bbed053dc0c72db162dd6b0a99a59c26 (output 0)


ScriptSig: e8ac451e7f47d566d4dd822a67fea2181ecfa7c7ba96d9faa63e2f6b26e55fd3 (input 0)

https://learnmeabitcoin.com/technical/script/p2ms/ 3/5
12/26/24, 5:19 AM P2MS | Pay To Multisig
Second P2MS transaction made on 03 Feb 2012. It's using 3-of-3 multisig.

ScriptPubKey: 14237b92d26850730ffab1bfb138121e487ddde444734ef195eb7928102bc939 (output 0)


ScriptSig: 10c61e258e0a2b19b245a96a2d0a1538fe81cd4ecd547e0a3df7ed6fd3761ada (input 0)

Third P2MS transaction made on 03 Feb 2012. It's using 2-of-3 multisig.

ScriptPubKey: ac1d9ed701af32ea52fabd0834acfb1ba4e3584cf0553551f1b61b3d7fb05ee7 (output 0)


ScriptSig: a38824b0a5e5aa373ab79e05b3e17d4e0cfa67908a509cf7b64314282d9aece8 (input 5)

A random 1-of-1 multisig example.

ScriptPubKey: 78b28d3c2324da8c2f01840021addbcabb68f7ce1d4da870cabe5e9df6afe63d (output 0)


ScriptSig: 99cb2139052dc88508f2fe35235c1c5685229a45bef3db70413c5ac43c41ca0a (input 0)

A random 1-of-2 multisig example. The second "public key" in the ScriptPubKey isn't actually a valid public key (they always start
with an 02 , 03 , or 04 ), but it didn't matter because only one signature was required to unlock this output, and the first public
key was valid.

ScriptPubKey: 581d30e2a73a2db683ac2f15d53590bd0cd72de52555c2722d9d6a78e9fea510 (output 0)


ScriptSig: 949591ad468cef5c41656c0a502d9500671ee421fadb590fbc6373000039b693 (input 0)

A random 2-of-3 multisig example.

ScriptPubKey: c4aaf7fbec7a9a079e670e50f6a672315451c7618814494ab1f89cf3fd97b3bb (output 0)


ScriptSig: da738e29f64e90ae46dcc3e6b4154041d6324abbe7919e722d486a4a3148b7dc (input 0)

A large 20-of-20 multisig example. This is technically not a P2MS, as a P2MS is a standard script and is limited to a maximum of
3 public keys, so if you created a P2MS of this size it would not be relayed by nodes. Nonetheless, the OP_CHECKMULTISIG
opcode is valid for up to 20 public keys (this limit is set in script.h ↗ ).

Address
Does P2MS have an address?

A raw P2MS locking script does not have an address .

Of course, the ScriptPubKey for a P2MS does contain public keys, so you can convert each of those to an address if you wish,
which would correspond to what the P2PKH locking script for each of those public keys would be. But the standard P2MS locking script
itself has not been assigned its own address format.

If you want to use an address for locking coins to a P2MS, you should wrap the P2MS script inside a P2SH or P2WSH.

P2MS in P2SH/P2WSH

The most common method for using P2MS (multisig) locking scripts is to wrap them in a P2SH or P2WSH. This gives you some
advantages over using raw P2MS scripts directly:

1. P2MS has no address format. So if you want someone to put a P2MS lock on your bitcoins, you will need to construct and
send them the raw locking script yourself. Worse still, they may not be able to create this transaction for you, as most wallets

https://learnmeabitcoin.com/technical/script/p2ms/ 4/5
12/26/24, 5:19 AM P2MS | Pay To Multisig
only allow you to use addresses (and not raw scripts) when making a transaction.
2. P2MS is limited to 3 public keys. The locking script of a P2MS can get pretty sizeable with all the public keys, so it's
limited to 3 (to prevent too much data being stored in the UTXO set). However, with P2SH you can use multisig locks with up to
15 public keys.

So you can still use P2MS if you want, but it's more convenient to use P2SH to achieve the same thing instead.

Why do we have both P2MS and P2SH? [hide]

Because P2MS became a standard script before P2SH was available.

P2MS – Became a standard script in January 2012 ( BIP 11 ↗ )


P2SH – Became a standard script in April 2012 ( BIP 16 ↗ )

It could be removed as a standard script, but…

We can't just introduce a policy that breaks existing functionality.


– Pieter Wuille

So P2MS remains as a relic from the time before P2SH existed.

Resources
What are the limits of m and n in m-of-n multisig addresses? ↗
Why is 20 the maximum public keys in a multisig transaction? ↗
Scripting a Multisig ↗

https://learnmeabitcoin.com/technical/script/p2ms/ 5/5

You might also like