Pay-to-Script Hash
P2SH (Pay-To-Script Hash) is an easy way to represent a scriptPubKey as a simple BitcoinScriptAddress, no matter how complicated it is in terms of it’s underlying m-of-n signature set up.
Using P2SH, you can send bitcoins to an address that is secured in various unusual ways without knowing anything about the details of how the security is set up. You just send bitcoins to the ~34-character P2SH address. The recipient might need the signatures of several people to spend these bitcoins, or a password might be required, or the requirements could be completely unique.
Contents
P2SH Review
So what information is encoded in a P2SH address? A specific unspent Bitcoin can actually have a whole range of different spending conditions attached to it, the most common being a typical P2PKH which just requires the recipient to provide a signature matching the public key hash. The Bitcoin Core‘s developers realized that people were looking at the capabilities of Bitcoin’s Script language and seeing a whole array of possibilities about what spending conditions you could attach to a Bitcoin output, to create much more elaborate transactions than just P2PKH transactions. The core developers decided that instead of letting senders put in long scripts into their scriptPubKey (where spending conditions usually go), they would let each sender put in a hash of their spending conditions instead. These spending conditions are known as the redeem script, and a P2SH funding transaction simply contains a hash of this redeem script in the scriptPubKey of the funding transaction. The redeem script itself is only revealed, checked against the redeem script hash, and evaluated during the spending transaction.
Addresses
BIP 13 specifies the address format. P2SH bitcoin address formats begin with the number 3, and can resemble the following: 3N5i3Vs9UMyjYbBCFNQqU3ybSuDepX7oT3
P2SH Example
Transaction 40eee3ae1760e3a8532263678cdf64569e6ad06abc133af64f735e52562bccc8
paid to P2SH address 3P14159f73E4gFr7JterCCQh9QjiTjiZrG
.
You can see the redeem script in transaction 7edb32d4ffd7a385b763c7a8e56b6358bcd729e747290624e18acdbe6209fc45
which spends that output, using OP_FALSE <sig> { OP_1 <pubkey> OP_1 OP_CHECKMULTISIG }
.
History
3N5i3Vs9UMyjYbBCFNQqU3ybSuDepX7oT3
is a Bitcoin address notable for being the first P2SH-compatible address receiving bitcoins on the production network. Its payment was mined in block 160720; note that it was spent prior to the enforcement of BIP 16, so it’s not a good example to understand P2SH.
How P2SH works?
Pay to script hash (P2SH) transactions were standardised in BIP 16 and introduced by Gavin Andresen, and it resulted in a new ‘standard’ transaction type for the Bitcoin scripting system. The purpose of P2SH, according to Andresen: «Is to move the responsibility for supplying the conditions to redeem a transaction from the sender of the funds to the redeemer».
With P2SH transactions, the locking script is replaced with a redeem script hash. This hash derives from a redeem script, which functions similarly to the PubKey Script in that it too also contains conditions that must be satisfied before the output can be spent. When a transaction attempting to spend the UTXO is later initiated, the input must contain the PubKey Script (that contains the redeem script hash) and the unlocking script. In P2SH transactions, the script that houses the conditions for spending the output, which is the redeem script, is not presented in the locking script. Instead, only the hash (the redeem script hash) is included in the locking script, the redeem script itself is presented as part of the unlocking script when the output is spent. This has the effect of, as Andresen noted in BIP 16, of moving the responsibility for supplying the conditions to redeem a transaction from the sender of the funds to the redeemer.
In the example, Bob generates a redeem script, hashes the redeem script to produce the redeem script hash, and provides the hash to Alice. Alice can now then create a P2SH-style output containing Bob’s redeem script hash[1].
P2SH vs. P2PKH
A typical Bitcoin address that looks like 15Cytz9sHqeqtKCw2vnpEyNQ8teKtrTPjp
is actually a specific type of Bitcoin address known as a (P2PKH) address. To spend Bitcoin funds sent to this type of address, the recipient must use the private key associated with the public key hash specified in that address to create a digital signature, which is put into the scriptSig of a spending transaction, unlocking the funds.
A Pay-to-Script Hash (P2SH) Bitcoin address looks and works quite differently. A typical P2SH address looks like 347N1Thc213QqfYCz3PZkjoJpNv5b14kBd
. A P2SH address always begins with a ‘3’, instead of a ‘1’ as in P2PKH addresses. This is because P2SH addresses have a version byte prefix of 0x05, instead of the 0x00 prefix in P2PKH addresses, and these come out as a ‘3’ and ‘1’ after base58check encoding.
P2SH Advantages
This puts the responsibility of providing the full redeem script on to the recipient of the P2SH funds. This has a number of advantages:
- The sender can fund any arbitrary redeem script without knowing what those spending conditions are. This makes sense because a sender largely does not care about how their funds will be spent in the future – this is an issue for the recipient who cares about the conditions of further spending. In the case of multisig transactions, the sender can send funds without knowing the required public keys (belonging to the recipient) of a multisignature address, which are revealed only when the recipient is spending the funds. This increases security for the recipient.
- The sender can use a short, 34-character address like the one above, instead of a long, unwieldy one containing details of a full redeem script. This lets a recipient put up just a short address on their payment page or message, reducing the chance of human errors in transcription.
- It lowers the transaction fees for the sender of funds. Transaction fees are proportional to the size of a transaction, and a fixed length hash lets the sender send funds to any arbitrary redeem script without worrying about paying higher fees. It is the responsibility of the recipient who creates the redeem script to determine how large their spending transaction will be and how much it will cost. This is a small issue at the moment since transaction costs are quite small, but they may be more important in the future as block rewards get smaller in Bitcoin.
A common implementation of the P2SH function is the multi-signature address script. This script requires that a transaction possess more than one digital signature in order to prove ownership, and by extension spend funds.
See Also on BitcoinWiki
References
- ↑ https://www.mycryptopedia.com/p2sh-pay-to-script-hash-explained/ – Mycryptopedia – P2SH or Pay-To-Script Hash Explained