TeachMeBitcoin

P2MS (Pay-to-Multisig): The Anchor Guide to Bare Multisig

From TeachMeBitcoin, the free encyclopedia Reading time: 5 min

P2MS (Pay-to-Multisig): The Anchor Guide to Bare Multisig

IMPORTANT

Executive Summary: Pay-to-Multisig (P2MS), often referred to as "Bare Multisig," is the primitive Bitcoin script type that enables multi-party ownership. It follows an M-of-N logic, where a transaction requires $M$ signatures from a predefined set of $N$ public keys to be considered valid. While largely superseded by the more efficient P2SH (Pay-to-Script-Hash) format, P2MS remains the functional engine beneath every multisig wallet in existence today.


🔍 Why This Module Matters

One of Bitcoin's greatest strengths is that it doesn't require a single "Owner." It can be owned by a board of directors, a pair of spouses, or a distributed group of escrow agents. This capability is powered by P2MS. This module will deconstruct the "Bare" multisig format, explaining how it works at the script level, why it doesn't have a standard address format, and the technical limitations that led to the development of P2SH. Mastering P2MS is the prerequisite for understanding complex Bitcoin smart contracts.


🏛️ The M-of-N Model: Collaborative Security

P2MS allows you to create a "Joint Account" with mathematical enforcement.

1. The Threshold (M)

The number of signatures required to authorize a spend.

2. The Set (N)

The total pool of potential signers.


⚙️ The "Bare" Problem: Why We Don't See P2MS Addresses

If you look at your wallet, you see addresses like 1BvBM... or bc1q.... You will never see a P2MS address.


🛠️ Comparison: Bare Multisig vs. Hashed Multisig (P2SH)

Feature P2MS (Bare) P2SH (Standard)
Locked To Raw Public Keys A Hash of the Script
Address No (Raw Script) Yes (Starts with a '3')
Privacy Low (All keys are public) High (Keys hidden until spend)
Fees High (Long scripts in output) Low (Recipient pays for script size)
Key Limit Usually 3 Up to 15

💎 Use Cases: When is P2MS used today?

While rare for normal payments, P2MS is still seen in specific technical contexts:

  1. OP_RETURN Metadata: Some protocols use 1-of-1 P2MS to store small amounts of data in a transaction output.

  2. Miner Signaling: Early versions of miner signaling for soft forks used bare multisig scripts.

  3. Experimental Scripts: Developers testing new "Lock" patterns often start with bare scripts before wrapping them in P2SH or SegWit.


🛡️ The "Off-by-One" Legacy Bug

P2MS is famous for a technical quirk called the OP_CHECKMULTISIG bug.


🎯 Learning Objectives for this Module

By the end of this module, you will be able to:

  1. Define P2MS and the M-of-N threshold model.

  2. Explain why P2MS is called "Bare" multisig.

  3. Identify the technical burdens that made P2MS difficult for normal users.

  4. Contrast P2MS with P2SH in terms of privacy and address formatting.

  5. Understand the "Extra Zero" bug and why it persists in Bitcoin today.


🗺️ Module Roadmap: What's Next?

Now that we've seen the logic of multi-party ownership, we will look at the bytes:

  1. P2MS ScriptPubKey Structure: Deconstructing the OP_CHECKMULTISIG command.

  2. The Off-By-One Bug: A technical walkthrough of the stack error.

  3. Consensus Limits: Why nodes won't relay multisig scripts larger than 3 keys.

  4. Python P2MS Auditor: Writing a script to verify a multi-signature spend.


🎓 Summary

P2MS is the "Primal" smart contract of Bitcoin. It proved that decentralized money could be managed by a consensus of people, not just a single individual. While we have moved to more efficient formats like P2SH and Taproot, the core logic of M-of-N remains the most powerful security tool in the Bitcoin ecosystem.

☕ Help support TeachMeBitcoin

TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation:

Ethereum: 0x578417C51783663D8A6A811B3544E1f779D39A85
Bitcoin: bc1q77k9e95rn669kpzyjr8ke9w95zhk7pa5s63qzz
Solana: 4ycT2ayqeMucixj3wS8Ay8Tq9NRDYRPKYbj3UGESyQ4J
Address copied to clipboard!