Clarification on the script P2SH, how is executed to Bitcoin core?

1

This question is a continuation of the my post yesterday.

Today I have a question on P2SH execution so, an example of the script should be this

OP_0 <A Signature> <B Signature> OP_2 <Public key A> <Public key B> 
<Public key C> OP_3 OP_CHECKMULTISIG
OP_HASH160 <ScriptSig Hash> OP_EQUAL

or if used the P2SH key should be is this (I think in this script left-hand something to convert the hash160 inside the P2SH key, right?)

OP_0 <A Signature> <B Signature> OP_2 <Public key A> <Public key B> 
<Public key C> OP_3 OP_CHECKMULTISIG
OP_HASH160 <P2SH key> OP_EQUAL

Now if I have understood well the simulation of the execution is divided into two phases

  1. The hash scriptSig is equal to hash inside the scriptPubKey

Simulation

  • Put on the scriptSig on the stack, so the stack now is <A sig> <B sig> <A pubkey> <B pubkey> <C pubkey>
  • Calculate the hash160 with the data inside the stack, so now the stack status is <scriptSig hash>
  • Put on the scriptSig hash expected, now the stack status is <hash scriptsig> <hash scriptsigexpected>
  • return the result of the operator OP_EQUAL (true or false)
  1. the scriptSig will execute such as the script multi-signature

Simulation

  • put on the stack the scriptSig, the stack status is <A Signature> <B Signature>
  • push the public keys, that stack status is <A Signature> <B Signature> <Public key A> <Public key B> <Public key C>
  • apply the OP_CHECKMULTISIG operator and get the result

My questions are:

  • With the P2SH key, the execution is the same? if not, what is the form of the P2SH with the P2SH key?

Also, I read this post but I don't think contains this answer.

If my example script is wrong, I'm sorry to give me a corrections

vincenzopalazzo

Posted 2019-09-17T17:09:05.507

Reputation: 572

Answers

1

Let's go over this step by step. Suppose say you want to lock some bitcoins in a 2-of-3 multi-sig.

Locking steps

  1. Create a multi-sig script: OP_2 <pub_key 1> <pub_key2> <pub_key3> OP_3 OP_CHECKMULTISIG.
  2. Hash the multi-sig script with HASH160 which gives you multi-sig_scripthash.
  3. Base58Check the multi-sig_scripthash with version 0x05 giving you an address starting with 3....
  4. The scriptPubKey will be OP_HASH160 <multi-sig_scripthash> OP_EQUAL.

Unlocking Steps

  1. Your stack will start at <signatures><redeemScript>. The signature is OP_0 <sig_A> <sig_B> and redeemScript is OP_2 <pub_key 1> <pub_key2> <pub_key3> OP_3 OP_CHECKMULTISIG.

  2. Since v0.3.7, Bitcoin Core executes the unlocking script first and looks at the resulting stack. So your <signatures> and <redeemScript> are evaluated together first. This would result in a multi-signature evaluation.

  3. In normal cases the above step should just return 1 as signatures satisfy the redeemScript. But with P2SH there is a caveat added by BIP-16. Whenever you have a OP_HASH160 <hash> OP_EQUAL locking script, it serves as a P2SH identifier. So before the evaluation of <signatures> with <redeemScript> the redeemScript is copied from the stack to another one. Then the evaluation is done with what is on stack (<signatures><redeemScript> in our case). If successful, replace the current stack with the just redeemScript. Hence, instead of 1 you have <redeemScript> at the top of the stack.

  4. You run OP_HASH160 on the redeemScript. Stack is now <hash160_of_redeemScript>

  5. You push <expectedredeemScripthash>. Stack is now <hash160_of_redeemScript><expectedredeemScripthash>

  6. You run OP_EQUAL resulting in evaluation and returning 1 to the top of the stack.

Ugam Kamat

Posted 2019-09-17T17:09:05.507

Reputation: 5 180

Thanks for your answer, I have a question, exist some operator inside bitcoin script for calculate the Base58Check?vincenzopalazzo 2019-09-18T08:16:54.703

@vincenzopalazzo Base58check encoding is for human readability. It is for humans to distinguish whether the address generated/being sent to is P2PKH or P2SH. It does not have any meaning inside the software.Ugam Kamat 2019-09-18T08:58:39.520

My fault, I have jump this note "Note: If you just insert the address starting with 3, the software will automatically calculate the scriptPubKey as above."vincenzopalazzo 2019-09-18T09:31:25.750

1@vincenzopalazzo What I meant was, as a user you just enter an address starting with 3. The wallet software then transitions it to the scriptPubKey.Ugam Kamat 2019-09-18T09:37:39.793

1@vincenzopalazzo as further clarification, addresses are not sent over the wire nor stored in the blockchain. Addresses are only for human readability. So when a user enters an address starting with 3.., the wallet software decodes the base58check, extracts the redeem_script_hash and uses OP_HASH160 &lt;redeem_scripthash&gt; OP_EQUAL as the scriptPubKey. If your address began with 1, the wallet software will use OP_DUP OP_HASH160 &lt;redeem_scripthash&gt; OP_EQUALVERIFY OP_CHECKSIG as scriptPubKey.Ugam Kamat 2019-09-18T09:46:28.657

Yes thanks for your clarification, you have help me :)vincenzopalazzo 2019-09-18T09:49:43.103

Asked: 2019-09-17T17:09:05.507

Viewed: 58 times

Active: 2019-09-18T09:41:37.670