TeachMeBitcoin

Custom Python P2SH-P2WSH Auditor

From TeachMeBitcoin, the free encyclopedia Reading time: 2 min

Custom Python P2SH-P2WSH Auditor

In this final guide, we will build a Python script that identifies Nested SegWit Multisig spends. The script will distinguish between single-key Nested SegWit (22 bytes) and multisig Nested SegWit (34 bytes).

The Nested Multisig Auditor

def audit_nested_segwit(scriptsig_hex):
    # 1. Identify the length of the redeem script
    try:
        script_len = int(scriptsig_hex[:2], 16)
        redeem_script = scriptsig_hex[2:]
    except:
        print("[ERROR] Invalid ScriptSig format.")
        return

    print(f"--- Nested Multisig Audit ---")
    print(f"[*] Full ScriptSig: {scriptsig_hex}")
    print(f"[*] Length: {script_len} bytes")

    # 2. Check for P2WSH (Multisig) - 34 bytes, starts with 0020
    if script_len == 34 and redeem_script.startswith("0020"):
        print("[STATUS] MATCH: This is Nested SegWit Multisig (P2SH-P2WSH).")
        script_hash = redeem_script[4:]
        print(f"[*] SHA256 Script Hash: {script_hash}")
        print(f"[*] Security: 256-bit (Collision Resistant)")
        print(f"[*] Action: Validator must now look at the Witness Stack.")

    # 3. Check for P2WPKH (Single Key) - 22 bytes, starts with 0014
    elif script_len == 22 and redeem_script.startswith("0014"):
        print("[STATUS] MATCH: This is Single-Key Nested SegWit (P2SH-P2WPKH).")
        key_hash = redeem_script[4:]
        print(f"[*] HASH160 Key Hash: {key_hash}")
        print(f"[*] Security: 160-bit")

    else:
        print("[STATUS] NO MATCH: This is likely a Legacy P2SH spend.")

# --- Simulation ---

# Case 1: A standard Nested Multisig spend
# 22 (hex for 34) + 0020 + 32-byte hash
p2wsh_nested = "2200203333333333333333333333333333333333333333333333333333333333333333"
audit_nested_segwit(p2wsh_nested)

# Case 2: A single-key Nested spend
print("\n--- Next Audit ---")
p2wpkh_nested = "16001462e907b15cbf27d5425399ebf6f0fb50ebb88f18"
audit_nested_segwit(p2wpkh_nested)

How to Run the Auditor

  1. Ensure you have Python 3 installed.

  2. Copy the code into a file named nested_multisig_auditor.py.

  3. Run it using python3 nested_multisig_auditor.py.

Technical Takeaways

  1. Differentiated Signaling: Bitcoin uses the length of the data push to determine the hash algorithm. 20 bytes means HASH160; 32 bytes means SHA256.

  2. Multisig Scaling: By nesting P2WSH, even the most complex 15-of-15 multisig scripts only take up 34 bytes in the ScriptSig. The bulk of the script is pushed to the discounted Witness.

  3. Bridge Architecture: This auditor shows how we can tell what "Type" of SegWit is being used just by looking at the legacy part of the transaction.

Congratulations! You have completed the Nested SegWit Multisig (P2SH-P2WSH) module. You now understand the high-security bridge used by institutional Bitcoiners.

Related Articles
  • P2SH-P2WSH Overview — Introduction to multi-layered collaborative custody. Learn how P2SH-P2WSH enabled institutional mult...
  • The P2SH-P2WSH Redeem Script — Analyze the 34-byte multisig pointer. Break down the 0x0020 [SHA256_Hash] structure that signals a c...
  • Witness Script vs. Redeem Script — Clarify the terminology of nested scripts. Understand the relationship between the P2SH 'wrapper' sc...
☕ Help support TeachMeBitcoin

TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation:

Ethereum: 0x578417C51783663D8A6A811B3544E1f779D39A85
Bitcoin: bc1q77k9e95rn669kpzyjr8ke9w95zhk7pa5s63qzz
Solana: 4ycT2ayqeMucixj3wS8Ay8Tq9NRDYRPKYbj3UGESyQ4J
◄ Previous article (Security: HASH160 vs. SHA256) Next article (P2WPKH Overview) ►
Address copied to clipboard!