P2MS: Pay-to-Multisig (Bare Multisig)

P2MS (Pay-to-Multisig) is the foundation of collaborative ownership in Bitcoin. It allows a transaction to be locked by a group of public keys, requiring a minimum number of signatures to spend. While mostly replaced by P2SH today, P2MS was the first way "Joint Accounts" were implemented on the blockchain.

1. The M-of-N Model

P2MS follows a simple logic: "Here are N public keys. To spend this money, you must provide signatures from at least M of them."

• Example (2-of-3): A business has three partners. Any two of them must agree to spend the funds.

• Example (1-of-2): A husband and wife share an account. Either one can spend the funds.

2. "Bare" Multisig vs. Hashed Multisig

P2MS is often called "Bare Multisig" because the public keys are written directly into the ScriptPubKey.

• In P2MS, the sender sees all the public keys of the recipients.

• In P2SH (Hashed Multisig), the sender only sees a hash, and the keys are hidden until the money is spent.

3. Why it was Phased Out

Raw P2MS has two major problems:

1. Address Bloat: Because there is no standard address format for P2MS, you have to send the full script to the sender. This is very long (hundreds of bytes for a 3-of-15 setup).

2. Standardness Limits: Due to the size, nodes will generally only relay P2MS transactions with 3 or fewer keys.

4. Historical Context

In the early days, P2MS was used for high-security storage, but it was incredibly clunky. You couldn't just give someone a "Multisig Address"; you had to give them a raw script. This changed with the invention of P2SH (Pay-to-Script-Hash), which we will cover in a later module.

Feature	P2MS (Bare)	P2PKH (Standard)
Number of Keys	M-of-N (Multiple)	1-of-1 (Single)
Address Format	None (Raw Script)	Base58 (Starts with 1)
Visibility	Keys are public on receipt	Keys are hidden until spend
Space Usage	Very High	Very Low

In the next section, we will analyze the ScriptPubKey Structure of P2MS.