Bare Multi-Signature

Abstract

This BRC standard outlines the implementation and use of bare multi-signature (multi-sig) transaction output scripts within the Bitcoin SV digital asset ecosystem. By employing OP_MULTISIG opcodes directly, this approach offers simplicity and ease of implementation while providing enhanced security and access control for transactions. However, it also highlights the trade-offs in terms of privacy for participants. The standard comprises a motivation section, detailing the benefits of bare multi-sig transactions; a specification section, explaining the structure of these transactions; an example section, demonstrating a 2-of-3 multi-signature locking and unlocking script; and a "how it works" section, delving into the fundamentals of bare multi-sig transactions and their role in the Bitcoin SV ecosystem.

Motivation

Bare multi-sig transactions offer a simple and straightforward method to enable multiple parties to authorize a transaction in a decentralized manner. This approach is particularly useful for securing funds, enhancing trust between parties, and enabling flexible access control. Although bare multi-sig transactions come with certain privacy trade-offs, their ease of implementation and direct use of low-level Bitcoin scripting constructs make them a valuable option in the Bitcoin SV ecosystem.

Specification

A bare multi-signature transaction output script adheres to the following structure:

<minimum_signatures> <pubkey1> <pubkey2> ... <pubkeyn> <maximum_signatures> OP_CHECKMULTISIG
  • minimum_signatures: The minimum number of signatures required to unlock the funds (also known as the "M" value).

  • pubkey1, pubkey2, ..., pubkeyn: The public keys involved in the multi-signature scheme.

  • maximum_signatures: The maximum number of public keys (also known as the "N" value).

  • OP_CHECKMULTISIG: The Bitcoin opcode that validates the provided signatures against the specified public keys.

Example

The following example demonstrates a 2-of-3 multi-signature locking script:

Locking Script:

2 <pubkey1> <pubkey2> <pubkey3> 3 OP_CHECKMULTISIG

To spend the funds locked by this script, an unlocking script containing the required signatures must be provided:

OP_0 <signature1> <signature2>

In this example, the OP_0 opcode is required due to a known bug in the original implementation of the OP_CHECKMULTISIG opcode, which results in an extra item being consumed from the stack.

How it Works

Bare multi-sig transactions work by requiring a minimum number of signatures from a given set of public keys to unlock the funds. When the locking script is executed, the OP_CHECKMULTISIG opcode verifies if the provided signatures correspond to the specified public keys and meet the minimum signature requirement. If the validation succeeds, the funds are unlocked and can be spent in a new transaction.

While bare multi-sig transactions offer simplicity in implementation, they also expose the public keys and the multi-signature scheme directly in the transaction output script, which may reveal information about the participants and their relationships. Despite these privacy concerns, bare multi-sig remains an important tool for creating secure and flexible transactions within the Bitcoin SV digital asset ecosystem.

Last updated