|
|
@ -323,10 +323,10 @@ image::../images/mbc2_0606.png["Tx_Script_P2PubKeyHash_2"]
|
|
|
|
((("transactions", "advanced", "multisignature
|
|
|
|
((("transactions", "advanced", "multisignature
|
|
|
|
scripts")))((("transactions", "advanced", id="Tadv07")))((("scripting",
|
|
|
|
scripts")))((("transactions", "advanced", id="Tadv07")))((("scripting",
|
|
|
|
"multisignature scripts", id="Smulti07")))((("multisignature
|
|
|
|
"multisignature scripts", id="Smulti07")))((("multisignature
|
|
|
|
scripts")))Multisignature scripts set a condition where N public keys
|
|
|
|
scripts")))Multisignature scripts set a condition where _k_ public keys
|
|
|
|
are recorded in the script and at least K of those must provide
|
|
|
|
are recorded in the script and at least _t_ of those must provide
|
|
|
|
signatures to spend the funds. This is also known as a K-of-N scheme,
|
|
|
|
signatures to spend the funds. This is also known as a "M-of-N" scheme,
|
|
|
|
where N is the total number of keys and K is the threshold of signatures
|
|
|
|
where M is the total number of keys and N is the threshold of signatures
|
|
|
|
required for validation. For example, a 2-of-3 multisignature is one
|
|
|
|
required for validation. For example, a 2-of-3 multisignature is one
|
|
|
|
where three public keys are listed as potential signers and at least two
|
|
|
|
where three public keys are listed as potential signers and at least two
|
|
|
|
of those must be used to create signatures for a valid transaction to
|
|
|
|
of those must be used to create signatures for a valid transaction to
|
|
|
@ -335,9 +335,9 @@ spend the funds.
|
|
|
|
[TIP]
|
|
|
|
[TIP]
|
|
|
|
====
|
|
|
|
====
|
|
|
|
Some Bitcoin documentation, including earlier editions of this book,
|
|
|
|
Some Bitcoin documentation, including earlier editions of this book,
|
|
|
|
uses the term M-of-N for traditional multisignature. However, it's hard
|
|
|
|
uses the term "m-of-n" for traditional multisignature. However, it's hard
|
|
|
|
to tell "M" and "N" apart when they're spoken, so we use the alternative
|
|
|
|
to tell "m" and "n" apart when they're spoken, so we use the alternative
|
|
|
|
K-of-N. Both phrases refer to the same type of signature scheme.
|
|
|
|
t-of-k. Both phrases refer to the same type of signature scheme.
|
|
|
|
====
|
|
|
|
====
|
|
|
|
|
|
|
|
|
|
|
|
At this time, Bitcoin Core's transaction relay policy limits multisignature output scripts to at most 3
|
|
|
|
At this time, Bitcoin Core's transaction relay policy limits multisignature output scripts to at most 3
|
|
|
@ -353,14 +353,14 @@ P2SH in <<p2sh>>. All other scripts are consensus limited to 20 keys
|
|
|
|
per +OP_CHECKMULTSIG+ or +OP_CHECKMULTISIGVERIFY+ opcode, although one
|
|
|
|
per +OP_CHECKMULTSIG+ or +OP_CHECKMULTISIGVERIFY+ opcode, although one
|
|
|
|
script may include multiple of those opcodes.
|
|
|
|
script may include multiple of those opcodes.
|
|
|
|
|
|
|
|
|
|
|
|
The general form of a output script setting an K-of-N multisignature
|
|
|
|
The general form of a output script setting a t-of-k multisignature
|
|
|
|
condition is:
|
|
|
|
condition is:
|
|
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
----
|
|
|
|
K <Public Key 1> <Public Key 2> ... <Public Key N> N OP_CHECKMULTISIG
|
|
|
|
t <Public Key 1> <Public Key 2> ... <Public Key k> k OP_CHECKMULTISIG
|
|
|
|
----
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
|
|
where N is the total number of listed public keys and K is the threshold
|
|
|
|
where _k_ is the total number of listed public keys and _t_ is the threshold
|
|
|
|
of required signatures to spend the output.
|
|
|
|
of required signatures to spend the output.
|
|
|
|
|
|
|
|
|
|
|
|
An output script setting a 2-of-3 multisignature condition looks like
|
|
|
|
An output script setting a 2-of-3 multisignature condition looks like
|
|
|
@ -448,7 +448,7 @@ OP_0 <Signature B> <Signature C>
|
|
|
|
|
|
|
|
|
|
|
|
Some people believe this oddity was a bug in the original code for
|
|
|
|
Some people believe this oddity was a bug in the original code for
|
|
|
|
Bitcoin, but a plausible alternative explanation exists. Verifying
|
|
|
|
Bitcoin, but a plausible alternative explanation exists. Verifying
|
|
|
|
K-of-N signatures can require many more than K or N signature checking
|
|
|
|
t-of-k signatures can require many more than t or k signature checking
|
|
|
|
operations. Let's consider a simple example of 1-in-3, with the
|
|
|
|
operations. Let's consider a simple example of 1-in-3, with the
|
|
|
|
following combined script:
|
|
|
|
following combined script:
|
|
|
|
|
|
|
|
|
|
|
|