The P2SH-P2WSH Redeem Script
The P2SH-P2WSH Redeem Script
To "Nest" a multisig SegWit script, we use a specific 34-byte Redeem Script. This script acts as a pointer, telling the Bitcoin Virtual Machine to look for a 32-byte hash in the Witness data.
1. The 34-Byte Template
The Redeem Script for a P2SH-P2WSH output follows this pattern:
00 20 [32-Byte SHA256 Script Hash]
-
00: The SegWit version byte (Version 0).
-
20: The push-data opcode for 32 bytes (hex
0x20). -
[32-Byte Hash]: The SHA256 hash of the actual multisig script.
2. Why 32 bytes instead of 20?
Legacy P2SH and single-key SegWit use 20-byte HASH160. However, for multisig and complex scripts, SegWit upgraded to 32-byte SHA256.
-
Safety: 32 bytes provide much stronger protection against "Collision Attacks" (Birthday Attacks).
-
Future Proofing: Complex scripts are more likely targets for attackers trying to find two different scripts that produce the same hash. 32 bytes makes this mathematically impossible with current technology.
3. The Unlocking Script (ScriptSig)
When spending these coins, your ScriptSig must contain the 34-byte Redeem Script:
22 0020[32-byte-hash]
-
22: Hex for 34 (the length of the script). -
0020...: The script itself.
4. Nested vs. Native
-
In Nested (P2SH-P2WSH): The 34-byte script is hashed and placed in a
3address. -
In Native (P2WSH): The 32-byte hash is used directly to create a
bc1q...address.
| Type | ID Length | Hash Algorithm | Signal Opcode |
|---|---|---|---|
| P2WPKH (Single) | 20 Bytes | HASH160 | 0x14 |
| P2WSH (Multisig) | 32 Bytes | SHA256 | 0x20 |
In the next section, we will clarify the difference between the Witness Script and the Redeem Script.
TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation: