P2SH Multisig

In this subsection, we will create a P2SH multisigP2SH multisig - A P2SH output where the redeem script uses one of the multisig opcodes. Up until Bitcoin Core 0.10.0, P2SH multisig scripts were standard transactions, but most other P2SH scripts were not. address, spend duffsduffs - Denominations of Dash value, usually measured in fractions of a dash but sometimes measured in multiples of a duff. One dash equals 100,000,000 duffs. to it, and then spend those duffs from it to another addressaddress - A 20-byte hash formatted using base58check to produce either a P2PKH or P2SH Dash address. Currently the most common way users exchange payment information..

Creating a multisigmultisig - A pubkey script that provides *n* number of pubkeys and requires the corresponding signature script provide *m* minimum number signatures corresponding to the provided pubkeys. address is easy. Multisig outputsoutputs - An output in a transaction which contains two fields: a value field for transferring zero or more duffs and a pubkey script for indicating what conditions must be fulfilled for those duffs to be further spent. have two parameters, the minimum number of signatures required (m) and the number of public keyspublic keys - The public portion of a keypair which can be used to verify signatures made with the private portion of the keypair. to use to validate those signatures. This is called m-of-n, and in this case we'll be using 2-of-3.

1. Get new addresses

Generate three new P2PKH addresses. A P2PKH addressP2PKH address - A Dash payment address comprising a hashed public key, allowing the spender to create a standard pubkey script that Pays To PubKey Hash (P2PKH). cannot be used with the multisig redeem script created below. (Hashing each public key is unnecessary anyway---all the public keys are protected by a hash when the redeem scriptredeem script - A script similar in function to a pubkey script. One copy of it is hashed to create a P2SH address (used in an actual pubkey script) and another copy is placed in the spending signature script to enforce its conditions. is hashed.) However, Dash Core uses addresses as a way to reference the underlying full (unhashed) public keys it knows about, so we get the three new addresses above in order to use their public keys.

Recall from the Guide that the hashed public keys used in addresses obfuscate the full public key, so you cannot give an address to another person or device as part of creating a typical multisig output or P2SH multisig redeem script. You must give them a full public key.

    > dash-cli -regtest getnewaddress
    > dash-cli -regtest getnewaddress
    > dash-cli -regtest getnewaddress

    > NEW_ADDRESS1=yYtWtpW7akCc2a5En8NsXeTGENyYbNgv9q
    > NEW_ADDRESS2=yarm2x9eDFd9dKCycyPigwwj1vfJcYFxsH
    > NEW_ADDRESS3=yLknHbtnjJRVWQr78aTfCPfNB42jfNkDWK

2. Get public key

Use the validateaddress RPC to display the full (unhashed) public key for one of the addresses. This is the information which will actually be included in the multisig redeem script. This is also the information you would give another person or device as part of creating a multisig output or P2SH multisig redeem script.

We save the address returned to a shell variable.

> dash-cli -regtest validateaddress $NEW_ADDRESS3
  "isvalid": true,
  "address": "yLknHbtnjJRVWQr78aTfCPfNB42jfNkDWK",
  "scriptPubKey": "76a91404caa000366b99780f8e606ccc818883ca7f48f888ac",
  "ismine": true,
  "iswatchonly": false,
  "isscript": false,
  "pubkey": "038007ef6fd812d73da054271b68a42dae06672cff2a30b2814935537e593\
  "iscompressed": true,
  "account": ""
> NEW_ADDRESS3_PUBLIC_KEY=038007ef6fd812d73da054271b68a42dae0667[...]

3. Create multisig address

Use the createmultisig RPC with two arguments, the number (n) of signatures required and a list of addresses or public keys. Because P2PKH addresses can't be used in the multisig redeem script created by this RPC, the only addresses which can be provided are those belonging to a public key in the walletwallet - Software that stores private keys and monitors the block chain (sometimes as a client of a server that does the processing) to allow users to spend and receive duffs.. In this case, we provide two addresses and one public key---all of which will be converted to public keys in the redeem script.

The P2SH address is returned along with the redeem script which must be provided when we spend duffs sent to the P2SH address.


Redeem Script

Warning: You must not lose the redeem script, especially if you don't have a record of which public keys you used to create the P2SH multisig address. You need the redeem script to spend any dash sent to the P2SH address.

If you lose the redeem script, you can recreate it by running the same command above, with the public keys listed in the same order. However, if you lose both the redeem script and even one of the public keys, you will never be able to spend duffs sent to that P2SH address.

Neither the address nor the redeem script are stored in the wallet when you use createmultisig. To store them in the wallet, use the addmultisigaddress RPC instead. If you add an address to the wallet, you should also make a new backup.

> dash-cli -regtest createmultisig 2 '''
  "address": "8meEZF54K7GxhHhdLCCeNwFQjHENv4CK86",
  "redeemScript": "522103fa8866cccae3c975a72884443a351801a0ea9721cbe721558\
> P2SH_REDEEM_SCRIPT=522103fa8866cccae3c975a72884443a351801a0ea9[...]

4. Fund multisig address

Paying the P2SH multisig address with Dash Core is as simple as paying a more common P2PKH address. Here we use the same command (but different variable) we used in the Simple Spending subsection. As before, this command automatically selects an UTXO, creates a change outputchange output - An output in a transaction which returns duffs to the spender, thus preventing too much of the input value from going to transaction fees. to a new one of our P2PKH addresses if necessary, and pays a transaction feetransaction fee - The amount remaining when the value of all outputs in a transaction are subtracted from all inputs in a transaction; the fee is paid to the miner who includes that transaction in a block. if necessary.

We save that TXIDTXID - An identifier used to uniquely identify a particular transaction; specifically, the sha256d hash of the transaction. to a shell variable as the TXID of the UTXO we plan to spend next.

> dash-cli -regtest sendtoaddress $P2SH_ADDRESS 10.00

> UTXO_TXID=ddb2a2eb2402a9ae61d7db93a9a48c0747859d899e704b10f5b7[...]

5. Get decoded transaction

We use the getrawtransaction RPC with the optional second argument (true) to get the decoded transaction we just created with sendtoaddress. We choose one of the outputsoutputs - An output in a transaction which contains two fields: a value field for transferring zero or more duffs and a pubkey script for indicating what conditions must be fulfilled for those duffs to be further spent. to be our UTXO and get its output indexoutput index - The sequentially-numbered index of outputs in a single transaction starting from 0. number (vout) and pubkey scriptpubkey script - A script included in outputs which sets the conditions that must be fulfilled for those duffs to be spent. Data for fulfilling the conditions can be provided in a signature script. Pubkey Scripts are called a scriptPubKey in code. (scriptPubKey).

> dash-cli -regtest getrawtransaction $UTXO_TXID 1
  "hex": "010000000130d100f7762956100a2396403c60e13e7a13520167acc6d38978ec\
  "txid": "ddb2a2eb2402a9ae61d7db93a9a48c0747859d899e704b10f5b72145779f9c52",
  "size": 224,
  "version": 1,
  "locktime": 103,
  "vin": [
      "txid": "f84ca4ad33ec7889d3c6ac670152137a3ee1603c4096230a10562976f70\
      "vout": 1,
      "scriptSig": {
        "asm": "304502210084effe3132550e6ba43a7f4cc54ad30d001c0dbc3ea66d63\
                69717e469a722bca0263e0975d[ALL] 0324c2226564b19f0948306bb7\
        "hex": "48304502210084effe3132550e6ba43a7f4cc54ad30d001c0dbc3ea66d\
      "sequence": 4294967294
  "vout": [
      "value": 10.00000000,
      "valueSat": 1000000000,
      "n": 0,
      "scriptPubKey": {
        "asm": "OP_HASH160 4f334f26e350c8903c92ff25b733670902cfad5a OP_EQUAL",
        "hex": "a9144f334f26e350c8903c92ff25b733670902cfad5a87",
        "reqSigs": 1,
        "type": "scripthash",
        "addresses": [
      "value": 480.00000000,
      "valueSat": 48000000000,
      "n": 1,
      "scriptPubKey": {
        "asm": "OP_DUP OP_HASH160 79165c2155b8fec5c702ec7f251d0982f27b4029\
        "hex": "76a91479165c2155b8fec5c702ec7f251d0982f27b402988ac",
        "reqSigs": 1,
        "type": "pubkeyhash",
        "addresses": [
> UTXO_OUTPUT_SCRIPT=a9144f334f26e350c8903c92ff25b733670902cfad5a87

6. Get new address

We generate a new P2PKH address to use in the output we're about to create.

> dash-cli -regtest getnewaddress

> NEW_ADDRESS4=yZSxAakpoWGG3vcsvpk9qNtsYREhump4Cr

7. Create raw transaction

We generate the raw transactionraw transaction - Complete transactions in their binary format; often represented using hexadecimal. Sometimes called raw format because of the various Dash Core commands with "raw" in their names. the same way we did in the Simple Raw Transaction subsection.

## Outputs - inputs = transaction fee, so always double-check your math!
> dash-cli -regtest createrawtransaction '''
        "txid": "'$UTXO_TXID'",
        "vout": '$UTXO_VOUT'
   ''' '''
     "'$NEW_ADDRESS4'": 9.998



> RAW_TX=0100000001529c9f774521b7f5104b709e899d8547078ca4a993dbd[...]

8. Get private key

We get the private keysprivate keys - The private portion of a keypair which can create signatures that other people can verify using the public key. for two of the public keyspublic keys - The public portion of a keypair which can be used to verify signatures made with the private portion of the keypair. we used to create the transaction, the same way we got private keys in the Complex Raw Transaction subsection. Recall that we created a 2-of-3 multisig pubkey script, so signatures from two private keys are needed.


Private Key Warning

Reminder: Users should never manually manage private keys on mainnet. See the warning in the complex raw transaction section.

> dash-cli -regtest dumpprivkey $NEW_ADDRESS1
> dash-cli -regtest dumpprivkey $NEW_ADDRESS3


9. Sign raw transaction

9a. Private Key 1

We make the first signaturesignature - A value related to a public key which could only have reasonably been created by someone who has the private key that created that public key. Used in Dash to authorize spending duffs previously sent to a public key.. The input argument (JSON object) takes the additional redeem scriptredeem script - A script similar in function to a pubkey script. One copy of it is hashed to create a P2SH address (used in an actual pubkey script) and another copy is placed in the spending signature script to enforce its conditions. parameter so that it can append the redeem script to the signature scriptsignature script - Data generated by a spender which is almost always used as variables to satisfy a pubkey script. Signature Scripts are called scriptSig in code. after the two signatures.

> dash-cli -regtest signrawtransaction $RAW_TX '''
        "txid": "'$UTXO_TXID'",
        "vout": '$UTXO_VOUT',
        "scriptPubKey": "'$UTXO_OUTPUT_SCRIPT'",
        "redeemScript": "'$P2SH_REDEEM_SCRIPT'"
    ''' '''
  "hex": "0100000001529c9f774521b7f5104b709e899d8547078ca4a993dbd761aea902\
  "complete": false,
  "errors": [
      "txid": "ddb2a2eb2402a9ae61d7db93a9a48c0747859d899e704b10f5b72145779\
      "vout": 0,
      "scriptSig": "0047304402201cc50eac6d2db04dabd8ccd68b3116c0a8d37e7e41\
      "sequence": 4294967295,
      "error": "Operation not valid with the current stack size"
> PARTLY_SIGNED_RAW_TX=010000000175e1769813db8418fea17576694af1f[...]

9b. Private Key 3

The signrawtransaction call used here is nearly identical to the one used above. The only difference is the private key used. Now that the two required signatures have been provided, the transaction is marked as complete.

> dash-cli -regtest signrawtransaction $PARTLY_SIGNED_RAW_TX '''
        "txid": "'$UTXO_TXID'",
        "vout": '$UTXO_VOUT',
        "scriptPubKey": "'$UTXO_OUTPUT_SCRIPT'",
        "redeemScript": "'$P2SH_REDEEM_SCRIPT'"
    ''' '''
  "hex": "0100000001529c9f774521b7f5104b709e899d8547078ca4a993dbd761aea902\
  "complete": true
> SIGNED_RAW_TX=0100000001529c9f774521b7f5104b709e899d8547078ca4[...]

10. Send raw transaction

We send the transaction spending the P2SH multisig output to the local nodenode - A computer that connects to the Dash network., which accepts it.

> dash-cli -regtest sendrawtransaction $SIGNED_RAW_TX

What’s Next
Did this page help you?