Bitcoin script multisig

P2MS. Pay To Multisig. P2MS is a script pattern that allows you to lock bitcoins to multiple public keys.
Table of contents

Every transaction set includes the nLocktime. There are three possible routes that nLocktime can take:. There is a possibility that Alice can use the same UTXOs to create another transaction before the 1 week has elapsed with 0 locktime. The problem with the nLocktime was that the time locking was applied to the transaction which made it vulnerable to malicious users. So, to put it in simple terms, CLTV made the individual outputs of a transaction accountable to time locking. CLTV has been implemented in a primitive off-chain payment channel which gives resistance against possible malleability.

While nLocktime and CLTV are absolute timelocks, meaning they specifically mention an absolute point in time, relative timelocks specify an elapsed time from the confirmation of the output in the blockchain.


The CSV opcode, when called, will stop the script from executing unless the nSequence indicates that an equal or greater amount of relative locktime has passed than the one mentioned in the CSV opcode. Imagine we have a company owned by 3 people: B, C, and D. The company runs on a 2-of-3 Multisig meaning, the funds of the company can only be used if at least 2 out of the 3 people present their keys.

However, in case of the people end up losing their keys, they need to make a fail-safe to make sure that the funds can still be activated by 2-of-3 Multisig. In this case, they make a backup key and give to their lawyer A. If everything is good and nobody has lost any keys, then 2 of the 3 owners will verify the transactions with their signatures like in any normal multisig. However, if they can retrieve the key and show proof, the script immediate stops executing since the VERIFY code is appended.

Now, this becomes a 1-of-3 multisig. The aim of this guide was to make you understand the logic behind various bitcoin Script transaction scenarios. It is intriguing to see the mechanism behind these transactions, to say the least. Join our community and get access to over 50 free video lessons, workshops, and guides like this! No credit card needed! Navigation Bitcoin Blockchain Blockchain for Developers. Back to Guides. Share Like what you read? Have a question? Ask our Community. Have questions?

We have built an incredible community of blockchain enthusiasts from every corner of the industry. If you have questions, we have answers! Ask community.

Multi-signature - Bitcoin Wiki

Get Started. Hungry for knowledge? Since nSequence is a per-input field, a transaction may contain any number of timelocked inputs, all of which must have sufficiently aged for the transaction to be valid. The nSequence value is specified in either blocks or seconds, but in a slightly different format than we saw used in nLocktime. A type-flag is used to differentiate between values counting blocks and values counting time in seconds.

Bitcoin multisig the hard way: Understanding raw P2SH multisig transactions

The type-flag is set in the 23rd least-significant bit i. If the type-flag is set, then the nSequence value is interpreted as a multiple of seconds. If the type-flag is not set, the nSequence value is interpreted as a number of blocks. When interpreting nSequence as a relative timelock, only the 16 least significant bits are considered.

Once the flags bits 32 and 23 are evaluated, the nSequence value is usually "masked" with a bit mask e. The standard is defined in BIP, Relative lock-time using consensus-enforced sequence numbers. Just like CLTV and nLocktime, there is a script opcode for relative timelocks that leverages the nSequence value in scripts. If CSV is specified in terms of blocks, then so must nSequence. If CSV is specified in terms of seconds, then so must nSequence. As part of the activation of relative timelocks, there was also a change in the way "time" is calculated for timelocks both absolute and relative.

In bitcoin there is a subtle, but very significant, difference between wall time and consensus time. Bitcoin is a decentralized network, which means that each participant has his or her own perspective of time. Events on the network do not occur instantaneously everywhere. Network latency must be factored into the perspective of each node. Eventually everything is synchronized to create a common ledger.

Bitcoin reaches consensus every 10 minutes about the state of the ledger as it existed in the past. The timestamps set in block headers are set by the miners. There is a certain degree of latitude allowed by the consensus rules to account for differences in clock accuracy between decentralized nodes. However, this creates an unfortunate incentive for miners to lie about the time in a block so as to earn extra fees by including timelocked transactions that are not yet mature. See the following section for more information. To remove the incentive to lie and strengthen the security of timelocks, a BIP was proposed and activated at the same time as the BIPs for relative timelocks.

Median-Time-Past is calculated by taking the timestamps of the last 11 blocks and finding the median. That median time then becomes consensus time and is used for all timelock calculations. The consensus time calculated by Median-Time-Past is always approximately one hour behind wall clock time. Fee-sniping is a theoretical attack scenario, where miners attempting to rewrite past blocks "snipe" higher-fee transactions from future blocks to maximize their profitability.

Why I Use Casa For My MultiSig Setup to Keep My Bitcoin Safe

If instead of attempting to mine block , to extend the chain, some miners attempt to remine , In fact, they have the incentive to select the most profitable highest fee per kB transactions to include in their block. They can include any transactions that were in the "old" block ,, as well as any transactions from the current mempool. Essentially they have the option to pull transactions from the "present" into the rewritten "past" when they re-create block , Today, this attack is not very lucrative, because block reward is much higher than total fees per block.

But at some point in the future, transaction fees will be the majority of the reward or even the entirety of the reward. At that time, this scenario becomes inevitable. To prevent "fee sniping," when Bitcoin Core creates transactions, it uses nLocktime to limit them to the "next block," by default. In our scenario, Bitcoin Core would set nLocktime to , on any transaction it created.


But under a blockchain fork attack, the miners would not be able to pull high-fee transactions from the mempool, because all those transactions would be timelocked to block , They can only remine , with whatever transactions were valid at that time, essentially gaining no new fees. One of the more powerful features of Bitcoin Script is flow control, also known as conditional clauses. You are probably familiar with flow control in various programming languages that use the construct IF Bitcoin conditional clauses look a bit different, but are essentially the same construct.

Additionally, bitcoin conditional expressions can be "nested" indefinitely, meaning that a conditional clause can contain another within it, which contains another, etc.

The Best Bitcoin Script Guide Part 2

Bitcoin Script flow control can be used to construct very complex scripts with hundreds or even thousands of possible execution paths. There is no limit to nesting, but consensus rules impose a limit on the maximum size, in bytes, of a script. That is because Bitcoin Script is a stack language. In a stack-based language like Bitcoin Script, the logical condition comes before the IF, which makes it look "backward," like this:.

When reading Bitcoin Script, remember that the condition being evaluated comes before the IF opcode. Both conditions must be satisfied to unlock:. To redeem this, Bob must construct an unlocking script that presents a valid pre-image and a signature:.

Your Answer

If, however, we want to have more than one execution path flow control , then we need an IF ELSE flow control clause. A very common use for flow control in Bitcoin Script is to construct a redeem script that offers multiple execution paths, each a different way of redeeming the UTXO. With multisig, this would be expressed as a 1-of-2 multisig script. For the sake of demonstration, we will do the same thing with an IF clause:. Looking at this redeem script, you may be wondering: "Where is the condition? There is nothing preceding the IF clause! The condition is not part of the redeem script.

  • send bitcoin from gdax to coinbase.
  • How does P2MS work?.
  • it-programming / others-5.
  • The Best Step-by-Step Bitcoin Script Guide Part 2.
  • btc public key checker.

Instead, the condition will be offered in the unlocking script, allowing Alice and Bob to "choose" which execution path they want. The 1 at the end serves as the condition TRUE that will make the IF clause execute the first redemption path for which Alice has a signature. Since IF clauses can be nested, we can create a "maze" of execution paths.