maaku
commented
5 years ago This has been implemented in the 0.10 rebase branch, and the two specific examples given above added to the unit tests.
Closed maaku closed 5 years ago
maaku
commented
5 years ago This has been implemented in the 0.10 rebase branch, and the two specific examples given above added to the unit tests.
The maximum number of signature operations that can be usefully performed within the context of a single P2SH script is 20, not 15 as is assumed by the standardness rules of the bitcoin codebase. The value of 15 was calculated at the time it was introduced based on size of parameters to CHECKMULTISIG: with 33-byte public keys there is no way to have a threshold larger than k-of-15 using the CHECKMULTISIG opcode within a 520 byte redeem script. However, other constructions are possible. Using the same size-reduction technique as P2SH, a k-of-19 threshold can be supported with a script size of 518 bytes for a k-of-19 threshold:
Alternatively, a 20-of-20 multisig (requiring all signatures) can be supported, weighing in at just 510 bytes:
Although it would be preferable to use Schnorr multi signature schemes and key aggregation for efficiency reasons, the above thresholds are of practical use today and should be supported. Therefore, the
MAX_P2SH_SIGOPSvalue should be 20, not 15, and the relevant unit tests updated.