1
I know how the script work together, but the Multisig is still confuse me.
input script: OP_0 [A's signature] [B's or C's signature] [serialized redeem script]
how the transcation being created, For example, "A" create a transaction, he can put a signature into the script, but where is the B signature from? A's wallet definally no B private key!
Logically, the transaction must send to B, then B put a signature into the script, right?
3
After "A" signs the transaction hash the hash gets updated to show his signature. "A" will send this partially signed transaction hash to "B" who will then sign that hash which will then return a third hash reflecting two valid signatures. Assuming only 2 signatures are required to spend, this third hash is what gets broadcast to the network.
0
Basically @m1xolyd1an answered it, I extend it a bit. So you would have a funding transaction, which send some satoshis into the multisig transaction. Usually to a "type 3" address, which is the hash of the redeemscript, converted into a bitcoin address.
Then you want to spend this transaction, and the conditions are outlined in this redeem script. You provided the script already, the part of the redeemscript would look for a 2-of-3 like this:
52[pk1][pk2][pk3]53ae
You would then create a first tx ("createrawtransaction") to sign it ("signrawtransaction"), and then take the resulting hash to sign with the other private key which increases the length of the tx. And then you'd send it to the network. You can redo this fairly easy example on testnet or on your regtest env, Gavin provided a very good step-by-step example long ago.
Who puts second signature into the script?
This can be yourself, when you use a cold storage concept, this can be a second person, to which you give the hash to get it signed.
Oh, as this is very basic of bitcoin, I recommend also to have a look at Andreas' book "Mastering Bitcoin", in chapter 7 on multisig. The book is online readable.
I mean, how the node B know that the A make an incomplete transaction? broadcast to the network? and the other nodes will help forward incomplete transaction to B? I just don't see where the B get the transaction because they are two nodes on the Internet, many examples doing manual or making the signature in the same node. – None – 2018-03-05T14:19:45.400
"and the other nodes will help forward incomplete transaction to B?" No. The incomplete transaction hash is sent to "B" through any communication channel they choose, including but not limited to, email, text, in person, or on paper. – m1xolyd1an – 2018-03-10T17:56:41.480