比特幣中P2SH(pay-to-script-hash)多重簽名的鎖定腳本和解鎖腳本

P2SH(pay-to-script-hash)多重簽名的腳本

P2SH是多重簽名的一種應用形式。在P2SH的交易中，多了一個Redeem Script的概念，稱為贖回腳本。當向P2SH腳本的地址轉賬時，鎖定腳本中填寫的不是公鑰地址的列表，而是Redeem Script的hash值，這樣鎖定腳本變的非常短。只有在P2SH向外轉賬時的解鎖腳本才會很長。這樣就避免了多重簽交易中鎖定腳本過長導致交易費也驟增的問題。

一個M-N的P2SH交易，贖回腳本Redeem Script的一般形式是：

OP_M <PublicKey 1> <PublicKey 2> ... <PublicKey N> OP_N OP_CHECKMULTISIG

鎖定腳本的一般形式是：

OP_HASH160 PUSHDATA(<20-byte hash of Redeem Script>) OP_EQUAL

解鎖腳本的一般形式是：

OP_0 PUSHDATA(<Signature 1>) PUSHDATA(<Signature2>) ... PUSHDATA(<Signature M>) <Redeem Script>

如果是一個2-3的P2SH多重簽名交易，參與者為A，B，C，那么上面的三個腳本就具體成了下面的格式
贖回腳本Redeem Script：

OP_2 PUSHDATA(<PublicKey A> <PublicKey B> <PublicKey C>) OP_3 OP_CHECKMULTISIG

鎖定腳本：

OP_HASH160 PUSHDATA(<20-byte hash of Redeem Script>) OP_EQUAL

解鎖腳本（B和C發起交易）：

OP_0 PUSHDATA(<Signature B>) PUSHDATA(<Signature C>) <Redeem Script>

為什么解鎖腳本前面有一個空的簽名OP_0？

這是由於CHECKMULTISIG執行的bug，P2SH的解鎖腳本是以OP_0開始的，這里貼上《精通比特幣》書中的描述：

腳本參數解釋

腳本中的常量值

腳本中的OP_M和OP_N對應的是常量OP_1(0x51) ~ OP_16(0x60)

OP_CHECKMULTISIG=0xAE
OP_HASH160=0xA9
OP_EQUAL=0x88

OP_16常量值就到頭了，也就是說現在多重簽名最多可以有16個人參與！

PUSHDATA

這個在#16里面寫過，這里再寫一次：

如果0 < data.length < 76(0x4C)，則結果為：1個字節data.length + data數據
如果76(0x4C) <= data.length < 2^8，則結果為：0x4C + 1個字節data.length + data數據
如果2^8 <= data.length < 2^16，則結果為：0x4D + 2個字節data.length + data數據
如果2^16 <= data.length < 2^32，則結果為：0x4E + 4個字節data.length + data數據

PublicKey

贖回腳本中的<PublicKey 1>是沒有封裝格式的，比如以41開頭的非壓縮格式公鑰和以21開頭的壓縮格式公鑰。

// 壓縮格式公鑰
21 03 0b461bf0f1253c9dacde9992594042d77798c5f0e7c76a1c587518606fb35478

// 非壓縮格式公鑰
41 04
0bf69616981e5970c992a0762f441abcadfed9fc4630fa5e1b82ab00e81d1690 // X
5d3820e073e1bd4a9dcfed336f4bf25edc634c2e174989767d299748359c2daf // Y

Signature的格式

有關Signature的簽名格式，參見#16里面有關Signature的格式的描述。

示例

鎖定腳本的例子解析

附錄中的示例1中有P2SH多重簽名（2-3的P2SH）的鎖定腳本數據：

a9144bb8b35e3c41be76d8c0c16a3a5a398a7688e40187

按照鎖定腳本解析一下（2-3的P2SH）：

// OP_HASH160 PUSHDATA(<20-byte hash of Redeem Script>) OP_EQUAL

a9 // OP_HASH160
14 // PUSHDATA，length=20
4bb8b35e3c41be76d8c0c16a3a5a398a7688e401 // 贖回腳本的hash，20字節
87 // OP_EQUAL

贖回腳本怎么得來

其實和普通的地址相似，因為要向地址38bPsA6ZXfRuxFD7efVXTkQd69422uzD4B轉賬，所以還是從地址得到這個hash值：

將地址38bPsA6ZXfRuxFD7efVXTkQd69422uzD4B進行base58解碼得到054bb8b35e3c41be76d8c0c16a3a5a398a7688e401470355f0（0x05表示是P2SH的地址，base58編碼以后地址以3開頭），將這個結果去掉頭部一個字節type，去掉尾部四個字節checksum，即為贖回腳本的hash。

解鎖腳本的例子解析

附錄中的示例2中有P2SH多重簽名（2-3的P2SH）的解鎖腳本數據：

00483045022100bd16b2ffa112937856716909162c00a66e7c5e6cccd0093ec9aece127632f8dc02205a567c53161e5fb62ac8d202acf8f8cc2f5a6496f47a878555dae7ffde85a41d01483045022100ac3c0365e103d97d3cc935755d5177e8f383993a558998200f8537e64f6b520002202216716f7fa54adc69095c4127ff6f97d42e28517a103f7691808db3cde6ee5b014cc9524104a7ada7c84ae36e98735597ee770a7cfd2d5d9398154b088ee352d3a83b21bbf537c0b8e4ea0acc172285b37571a9b1e36c0da387d6d1f361f0b65cad5c3f659e4104fe411f77e5aa50b54e0f2be0204b26cd1d2bf77bf95f2108a6b012e34637289121cd351c696c8a519b4b58674a87e7907385b4a5e7c0cfa5019346c1b04040914104eeffa9bbfe6dd2c99a9747ca5d1c1ebd15fe0344f52ff2915e3c11b3be9be11236895e5514b085c1f8a1bd8ef9c3db0cf1095aaf442cae11d88c3af026fabd1653ae // 解鎖腳本，變長

按照解鎖腳本解析一下（已經不記得由哪兩人發起的交易了，暫且認為是B和C發起的）：

// OP_0 PUSHDATA( ) PUSHDATA( )

00 // OP_0
48 // PUSHDATA,len=72
3045022100bd16b2ffa112937856716909162c00a66e7c5e6cccd0093ec9aece127632f8dc02205a567c53161e5fb62ac8d202acf8f8cc2f5a6496f47a878555dae7ffde85a41d01 // signature B
48 // PUSHDATA,len=72
3045022100ac3c0365e103d97d3cc935755d5177e8f383993a558998200f8537e64f6b520002202216716f7fa54adc69095c4127ff6f97d42e28517a103f7691808db3cde6ee5b01 // signature C
4cc9 // PUSHDATA,len=201
524104a7ada7c84ae36e98735597ee770a7cfd2d5d9398154b088ee352d3a83b21bbf537c0b8e4ea0acc172285b37571a9b1e36c0da387d6d1f361f0b65cad5c3f659e4104fe411f77e5aa50b54e0f2be0204b26cd1d2bf77bf95f2108a6b012e34637289121cd351c696c8a519b4b58674a87e7907385b4a5e7c0cfa5019346c1b04040914104eeffa9bbfe6dd2c99a9747ca5d1c1ebd15fe0344f52ff2915e3c11b3be9be11236895e5514b085c1f8a1bd8ef9c3db0cf1095aaf442cae11d88c3af026fabd1653ae // Redeem Script

再按照Redeem Script的腳本解析一下Redeem Script：

// OP_2 OP_3 OP_CHECKMULTISIG

52 // OP_2
4104a7ada7c84ae36e98735597ee770a7cfd2d5d9398154b088ee352d3a83b21bbf537c0b8e4ea0acc172285b37571a9b1e36c0da387d6d1f361f0b65cad5c3f659e // PublicKey A
4104fe411f77e5aa50b54e0f2be0204b26cd1d2bf77bf95f2108a6b012e34637289121cd351c696c8a519b4b58674a87e7907385b4a5e7c0cfa5019346c1b0404091 // PublicKey B
4104eeffa9bbfe6dd2c99a9747ca5d1c1ebd15fe0344f52ff2915e3c11b3be9be11236895e5514b085c1f8a1bd8ef9c3db0cf1095aaf442cae11d88c3af026fabd16 // PublicKey C
53 // OP_3
ae // OP_CHECKMULTISIG

附錄

示例1：有多重簽名鎖定腳本的交易

交易的hash為4373f6566e7f8095d3102485e540c948ca6932b34c8a4c38cf336cddc7be44f7，網頁展示，api JSON數據

網頁截圖：

JSON數據：

{
  "block_hash": "00000000000000000176b5e7c2b2d51308b34dda208df6f2459edbba05ec1b75",
  "block_height": 423147,
  "block_index": 1027,
  "hash": "4373f6566e7f8095d3102485e540c948ca6932b34c8a4c38cf336cddc7be44f7",
  "hex": "01000000010b15b9b578e600fdd71d07efaafeaaab10250f903374922bfe1e0f5389f5bd87010000006a4730440220008f0c0678854d2649448380adb02a7438ba8dfccfe0a85cd0bd353e08d068a4022075e6254f16d7943657127ebb6655dbd3d4fa30395b46d7a57f36ef59617b56b20121026c40b52e1bb5f301925adb124b1573b4297c234dd2c601bfaef46d40bceca70cffffffff02d8469800000000001976a914921a4c141746bbd7beb8e81b05ba93d84b076a0088ac001200000000000017a9144bb8b35e3c41be76d8c0c16a3a5a398a7688e4018700000000",
  "addresses": [
    "1EKXAAiJDntbEK3WSVW3vTcwYJ5ciJ5kSL",
    "38bPsA6ZXfRuxFD7efVXTkQd69422uzD4B"
  ],
  "total": 9984216,
  "fees": 784,
  "size": 223,
  "preference": "low",
  "relayed_by": "124.205.119.164",
  "confirmed": "2016-08-01T11:09:18Z",
  "received": "2016-08-01T06:36:38.935Z",
  "ver": 1,
  "double_spend": false,
  "vin_sz": 1,
  "vout_sz": 2,
  "confirmations": 100786,
  "confidence": 1,
  "inputs": [
    {
      "prev_hash": "87bdf589530f1efe2b927433900f2510abaafeaaef071dd7fd00e678b5b9150b",
      "output_index": 1,
      "script": "4730440220008f0c0678854d2649448380adb02a7438ba8dfccfe0a85cd0bd353e08d068a4022075e6254f16d7943657127ebb6655dbd3d4fa30395b46d7a57f36ef59617b56b20121026c40b52e1bb5f301925adb124b1573b4297c234dd2c601bfaef46d40bceca70c",
      "output_value": 9985000,
      "sequence": 4294967295,
      "addresses": [
        "1EKXAAiJDntbEK3WSVW3vTcwYJ5ciJ5kSL"
      ],
      "script_type": "pay-to-pubkey-hash",
      "age": 422655
    }
  ],
  "outputs": [
    {
      "value": 9979608,
      "script": "76a914921a4c141746bbd7beb8e81b05ba93d84b076a0088ac",
      "spent_by": "50ca192a04c92030bb08d2f67e1ec4618ebb9c8131661fc9d6efbed2966513ba",
      "addresses": [
        "1EKXAAiJDntbEK3WSVW3vTcwYJ5ciJ5kSL"
      ],
      "script_type": "pay-to-pubkey-hash"
    },
    {
      "value": 4608,
      "script": "a9144bb8b35e3c41be76d8c0c16a3a5a398a7688e40187",
      "spent_by": "ac89b280cc21854b82b4cc111a0e6c0d10315117b6001e3f4f3af3d2f7b2fd53",
      "addresses": [
        "38bPsA6ZXfRuxFD7efVXTkQd69422uzD4B"
      ],
      "script_type": "pay-to-script-hash"
    }
  ]
}

交易數據解析：

01000000 // Version
01 // 交易輸入個數
0b15b9b578e600fdd71d07efaafeaaab10250f903374922bfe1e0f5389f5bd87 // UTXO
01000000 // UTXO index
6a // 解鎖腳本長度
4730440220008f0c0678854d2649448380adb02a7438ba8dfccfe0a85cd0bd353e08d068a4022075e6254f16d7943657127ebb6655dbd3d4fa30395b46d7a57f36ef59617b56b20121026c40b52e1bb5f301925adb124b1573b4297c234dd2c601bfaef46d40bceca70c // 解鎖腳本
ffffffff // sequence,序列號
02 // 交易輸出個數
d846980000000000 // 金額
19 // 鎖定腳本長度
76a914921a4c141746bbd7beb8e81b05ba93d84b076a0088ac // 鎖定腳本1
0012000000000000 // 金額
17 // 鎖定腳本長度
a9144bb8b35e3c41be76d8c0c16a3a5a398a7688e40187 // 鎖定腳本2
00000000 // Time Lock

示例2：有多重簽名解鎖腳本的交易

交易的hash為ac89b280cc21854b82b4cc111a0e6c0d10315117b6001e3f4f3af3d2f7b2fd53，網頁展示，api JSON數據

網頁截圖：

JSON數據：

{
  "block_hash": "0000000000000000011edeab34b5145125efa596fbc2e6a88825acd9570aa4d8",
  "block_height": 423431,
  "block_index": 927,
  "hash": "ac89b280cc21854b82b4cc111a0e6c0d10315117b6001e3f4f3af3d2f7b2fd53",
  "hex": "0100000001f744bec7dd6c33cf384c8a4cb33269ca48c940e5852410d395807f6e56f6734301000000fd5e0100483045022100bd16b2ffa112937856716909162c00a66e7c5e6cccd0093ec9aece127632f8dc02205a567c53161e5fb62ac8d202acf8f8cc2f5a6496f47a878555dae7ffde85a41d01483045022100ac3c0365e103d97d3cc935755d5177e8f383993a558998200f8537e64f6b520002202216716f7fa54adc69095c4127ff6f97d42e28517a103f7691808db3cde6ee5b014cc9524104a7ada7c84ae36e98735597ee770a7cfd2d5d9398154b088ee352d3a83b21bbf537c0b8e4ea0acc172285b37571a9b1e36c0da387d6d1f361f0b65cad5c3f659e4104fe411f77e5aa50b54e0f2be0204b26cd1d2bf77bf95f2108a6b012e34637289121cd351c696c8a519b4b58674a87e7907385b4a5e7c0cfa5019346c1b04040914104eeffa9bbfe6dd2c99a9747ca5d1c1ebd15fe0344f52ff2915e3c11b3be9be11236895e5514b085c1f8a1bd8ef9c3db0cf1095aaf442cae11d88c3af026fabd1653aeffffffff0100090000000000001976a914921a4c141746bbd7beb8e81b05ba93d84b076a0088ac00000000",
  "addresses": [
    "1EKXAAiJDntbEK3WSVW3vTcwYJ5ciJ5kSL",
    "38bPsA6ZXfRuxFD7efVXTkQd69422uzD4B"
  ],
  "total": 2304,
  "fees": 2304,
  "size": 437,
  "preference": "low",
  "relayed_by": "124.205.119.164",
  "confirmed": "2016-08-03T06:18:06Z",
  "received": "2016-08-03T03:26:33.685Z",
  "ver": 1,
  "double_spend": false,
  "vin_sz": 1,
  "vout_sz": 1,
  "confirmations": 100499,
  "confidence": 1,
  "inputs": [
    {
      "prev_hash": "4373f6566e7f8095d3102485e540c948ca6932b34c8a4c38cf336cddc7be44f7",
      "output_index": 1,
      "script": "00483045022100bd16b2ffa112937856716909162c00a66e7c5e6cccd0093ec9aece127632f8dc02205a567c53161e5fb62ac8d202acf8f8cc2f5a6496f47a878555dae7ffde85a41d01483045022100ac3c0365e103d97d3cc935755d5177e8f383993a558998200f8537e64f6b520002202216716f7fa54adc69095c4127ff6f97d42e28517a103f7691808db3cde6ee5b014cc9524104a7ada7c84ae36e98735597ee770a7cfd2d5d9398154b088ee352d3a83b21bbf537c0b8e4ea0acc172285b37571a9b1e36c0da387d6d1f361f0b65cad5c3f659e4104fe411f77e5aa50b54e0f2be0204b26cd1d2bf77bf95f2108a6b012e34637289121cd351c696c8a519b4b58674a87e7907385b4a5e7c0cfa5019346c1b04040914104eeffa9bbfe6dd2c99a9747ca5d1c1ebd15fe0344f52ff2915e3c11b3be9be11236895e5514b085c1f8a1bd8ef9c3db0cf1095aaf442cae11d88c3af026fabd1653ae",
      "output_value": 4608,
      "sequence": 4294967295,
      "addresses": [
        "38bPsA6ZXfRuxFD7efVXTkQd69422uzD4B"
      ],
      "script_type": "pay-to-script-hash",
      "age": 423147
    }
  ],
  "outputs": [
    {
      "value": 2304,
      "script": "76a914921a4c141746bbd7beb8e81b05ba93d84b076a0088ac",
      "addresses": [
        "1EKXAAiJDntbEK3WSVW3vTcwYJ5ciJ5kSL"
      ],
      "script_type": "pay-to-pubkey-hash"
    }
  ]
}

交易數據解析：

01000000 // Version，4字節
01 // 交易輸入個數，1字節
f744bec7dd6c33cf384c8a4cb33269ca48c940e5852410d395807f6e56f67343 // UTXO(Unspent Transaction Output)，32字節
01000000 // UTXO的index，4字節
fd5e01 // 解鎖腳本長度，VarInt，變長
00483045022100bd16b2ffa112937856716909162c00a66e7c5e6cccd0093ec9aece127632f8dc02205a567c53161e5fb62ac8d202acf8f8cc2f5a6496f47a878555dae7ffde85a41d01483045022100ac3c0365e103d97d3cc935755d5177e8f383993a558998200f8537e64f6b520002202216716f7fa54adc69095c4127ff6f97d42e28517a103f7691808db3cde6ee5b014cc9524104a7ada7c84ae36e98735597ee770a7cfd2d5d9398154b088ee352d3a83b21bbf537c0b8e4ea0acc172285b37571a9b1e36c0da387d6d1f361f0b65cad5c3f659e4104fe411f77e5aa50b54e0f2be0204b26cd1d2bf77bf95f2108a6b012e34637289121cd351c696c8a519b4b58674a87e7907385b4a5e7c0cfa5019346c1b04040914104eeffa9bbfe6dd2c99a9747ca5d1c1ebd15fe0344f52ff2915e3c11b3be9be11236895e5514b085c1f8a1bd8ef9c3db0cf1095aaf442cae11d88c3af026fabd1653ae // 解鎖腳本，變長
ffffffff // 交易序列號，4字節
01 // 交易輸出個數，1字節
0009000000000000 // 輸出金額，8字節
19 // 鎖定腳本長度，VarInt，變長
76a914921a4c141746bbd7beb8e81b05ba93d84b076a0088ac // 鎖定腳本，變長
00000000 // Time Lock，4字節