10

A pay-to-script-hash/P2SH full redeem script can be up to 520-bytes in size. Just to clarify, prior to being revealed/spent, is the redeem script stored in the spender/Bob's wallet or elsewhere?

The developer guide says:

"When Bob wants to spend the output, he provides his signature along with the full (serialized) redeem script in the signature script." (https://bitcoin.org/en/developer-guide#p2sh-scripts)

enter image description here

Soroushjp states:

"The redeem script itself is only revealed, checked against the redeem script hash, and evaluated during the spending transaction." (http://www.soroushjp.com/2014/12/20/bitcoin-multisig-the-hard-way-understanding-raw-multisignature-bitcoin-transactions/)

Antonpuolous states:

"P2SH shifts the burden in data storage for the long script from the output (which is in the UTXO set and therefore affect memory) to the input (only stored on the blockchain)." (2014:133)

(This question asks almost the same thing: Where the P2SH script gets written?)

(There's an unintended relationship with this question "Storing scripts (smart contracts) outside the blockchain", insofar as the location of redeem scripts.)

Improve this question
2
  • Just to clarify, do you mean where the full script is stored by the one who builds it until he decides to spent the UTXOs locked by its has? (All the UTXOs that contain that specific hash as the output scriptPubkey)?
    – sr_gi
    Commented Mar 22, 2017 at 13:10
  • Yes, literally where is it stored/kept until it is revealed for spend? In the diagram, is says Bob's computer. I just want to nail down where/how it is stored in a typical usage scenario.
    – Colman McMahon
    Commented Mar 22, 2017 at 13:28

1 Answer 1

Reset to default
11

Here's a working example that lays the groundwork for answering your question:

  1. Alice wants to pay Bob, so she asks Bob for an address.

  2. Bob wants to receive payment to a P2SH address.

  3. So Bob creates the redeemScript and then uses that to create a redeemScript hash, which is then encoded into a P2SH address.

  4. Bob gives the P2SH address to Alice, and Alice pays it.

  5. Sometime later, Bob wants to spend those bitcoins to Charlie.

  6. Bob creates a transaction with an input whose scriptSig contains the redeemScript he created earlier.

Now for an answer to your question: Bob needs to know the redeemScript at the time he creates the P2SH address for Alice and when he spends the bitcoins to Charlie. He can, as you suggest, store the redeemScript in his wallet for that whole time, or he can regenerate it on demand from other data in his wallet, or he can store it externally---however, nobody else stores it for him automatically and it doesn't become part of the blockchain until he uses it in the spend to Charlie.

I believe Bitcoin Core does the simple thing and stores the whole redeemScript in its wallet for addresses created with the addmultsigaddress RPC.

There might be some wallets that use something like BIP45 to regenerate P2SH addresses when necessary from pairs/combinations of HD wallet seeds.

BitPay Cosign might externalize storage of P2SH addresses in some cases, although I'm really not sure about that.

Improve this answer
1
  • 3
    Thank you. That gives a lot of insight. I hadn't thought (or read) about those other approaches yet. I find a lot of Bitcoin tutorials and documentation use vague descriptions like, "maintained", "stored", "held", etc. I find many allegedly "simple" / elementary questions, e.g." where is X script stored?" hard to get specific answers on. (It's very possible I'm not looking in the right places.) I'm off to read about addmultsigaddress and BIP45. Thanks again.
    – Colman McMahon
    Commented Mar 22, 2017 at 13:38

Not the answer you're looking for? Browse other questions tagged or ask your own question.