The maximum number of signature operations that can be usefully performed within the context of a single P2SH script is 20, not 15 as is assumed by the standardness rules of the bitcoin codebase. The value of 15 was calculated at the time it was introduced based on size of parameters to CHECKMULTISIG: with 33-byte public keys there is no way to have a threshold larger than k-of-15 using the CHECKMULTISIG opcode within a 520 byte redeem script. However, other constructions are possible. Using the same size-reduction technique as P2SH, a k-of-19 threshold can be supported with a script size of 518 bytes for a k-of-19 threshold:
Although it would be preferable to use Schnorr multi signature schemes and key aggregation for efficiency reasons, the above thresholds are of practical use today and should be supported. Therefore, the MAX_P2SH_SIGOPS value should be 20, not 15, and the relevant unit tests updated.
The maximum number of signature operations that can be usefully performed within the context of a single P2SH script is 20, not 15 as is assumed by the standardness rules of the bitcoin codebase. The value of 15 was calculated at the time it was introduced based on size of parameters to CHECKMULTISIG: with 33-byte public keys there is no way to have a threshold larger than k-of-15 using the CHECKMULTISIG opcode within a 520 byte redeem script. However, other constructions are possible. Using the same size-reduction technique as P2SH, a k-of-19 threshold can be supported with a script size of 518 bytes for a k-of-19 threshold:
Alternatively, a 20-of-20 multisig (requiring all signatures) can be supported, weighing in at just 510 bytes:
Although it would be preferable to use Schnorr multi signature schemes and key aggregation for efficiency reasons, the above thresholds are of practical use today and should be supported. Therefore, the
MAX_P2SH_SIGOPS
value should be 20, not 15, and the relevant unit tests updated.