James Chiang explained how the CHECKSIGADD opcode works in this Bitcoin Optech workshop. (The code for CHECKSIGADD in the Bitcoin Core codebase is here.)
As you can see on the left we have an output script that uses CHECKSIGADD and CHECKSIG opcodes to express a n-of-n multisig output.
pk0
checksig
pk1
checksigadd
pk2
checksigadd
3
equalThis is our initial stack which is populated with 3 signatures:
sig0
sig1
sig2In the first step we will push this public key (pk0) onto the stack and evaluate that against sig0 with the opcode CHECKSIG. Letβs assume this evaluates to TRUE. Since it evaluates to TRUE we will now have a
1byte on the top of the stack:
1
sig1
sig2We will use a counter.
2
sig2As we evaluate the signatures against other public keys, if that script evaluates successfully we will then have a counter of
3on the stack and that counter can then be compared to the one encoded in the output script. If they are equal we have successfully spent a 3-of-3 multisig output which uses CHECKSIGADD to encode that multisig.
3How does it compare to its predecessor CHECKMULTISIG?
CHECKMULTISIG doesn't (it is still used for SegWit v0 spends) use an increasing counter. The equivalent locking script using CHECKMULTISIG would be:
3
pk0
pk1
pk2
3
checkmultisigCHECKMULTISIG also contains a longstanding bug which means the unlocking script requires a 0 at the bottom to satisfy the locking script.
sig0
sig1
sig2
0The operation of CHECKMULTISIG is explained in this StackExchange question.
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments