0
I am struggling to find a simple explanation for how to create a multisig address. For single sig, it's clear: double hash function applied to the single pubic key in base code 59. I just can't find any clear explanation for the multisig. Help please.
2
A multisig address is simply a redeem script of the form m <keys> n OP_CHECKMULTISIG.
This redeem script is then wrapped in a P2SH address, which is the HASH_160 of the redeem script presented in the format standardised in BIP16
For instance, a common multisig address is 2of2 (2of3 is also very common). An example redeem script is 522103c9078b8d06d83347b2e7e8cbbdfc24bd50e09ca1a4e5d90d70485a8c4094e5672102d52317afd128305d6fca7bd30b839e821564990c88581ebb432b478cfa95602f52ae, which decodes to:
2 03c9078b8d06d83347b2e7e8cbbdfc24bd50e09ca1a4e5d90d70485a8c4094e567 02d52317afd128305d6fca7bd30b839e821564990c88581ebb432b478cfa95602f 2 OP_CHECKMULTISIG
Producing a HASH_160 for the above redeem script gives us 4aef67ed61d391d6f3d9903ead92386c1efc9925, which when put in the P2SH form is a914(4aef67ed61d391d6f3d9903ead92386c1efc9925)87 (brackets mine).
This finally gives us the address 38XEixUj1QpcqxTWbxvqdbv4Mjre4imw9Z after a Base58Check encode.
Thanks but I still don't get something. If the multisig address is simply a hash 160 of a redeem script based on multiple (say 3) public keys, then in a 2 out of 3 multisig, somehow there must be a mathematical relationship such that this multisig address can be verified only using two keys out of three? – Rodrigue Afota – 2018-05-31T14:53:18.087
There is no mathematical relation. A redeem script is essentially a small computer program written in Bitcoin Script. This program is executed by the Bitcoin Script Interpreter, and must return TRUE for a tx to be valid.
How is the following problem sorted then: – Rodrigue Afota – 2018-05-31T15:12:34.723
Assume multisig address A created from public keys 1, 2 and 3 funded with 1 BTC, then assume multisig address B created from public keys 1, 2 and 4 funded also with 1 BTC. When I digitally sign using public keys 1 and 2, how does the bitcoin network know which address (A or B) I am using to spend the BTC?\ – Rodrigue Afota – 2018-05-31T15:14:21.133
You supply the redeem script when spending from a P2SH address. Since each address has a unique redeem script, it is possible to differentiate – Raghav Sood – 2018-05-31T21:22:27.517
1Raghav - thanks. The answer was right in front of my eyes all along, in the un-hashed redeem script containing all 3 public keys. I guess that's what happens when trying to learn about this in your spare time after work! – Rodrigue Afota – 2018-06-03T13:16:51.717
1It's exactly the same procedure but instead of the public key you double hash the redeem script and instead of 0x01 version byte you use 0x05 – Mike D – 2018-05-30T14:55:47.447
https://gist.github.com/gavinandresen/3966071 and some research here in the forum :-) – pebwindkraft – 2018-05-30T18:41:40.650
hi Mike - thanks for responding. Alas, same as below, I still don't understand something. In a 2 out of 3 framework, and assuming the multisig address is a function of 3 public keys, how does the system know from just two public keys that I am going to spend the funds associated with that multisig address. – Rodrigue Afota – 2018-05-31T14:56:07.410
Let me be clearer: compare this with Shamir secret scheme: in that case it is very clear that there is a redundant mathematical relationship between a secret, which by construction can be retrieved by n out of m data points, no matter which n. In multisig case however, I don't understand how signing by two keys only is sufficient for the network to understand that I am spending coins associated with a 2 out of 3 address. – Rodrigue Afota – 2018-05-31T14:58:21.707