Enforcing the Recipient with P2SH

[No_2]

Using P2SH multisig is there a way to create a script which enforces who the recipient will be?

I.e. if you had two parties who had locked funds up under a 4-of-6 escrow, where the two parties are not the signatories required to release the funds and any four of the six escrow could sign to release to either party. Could the script be set up such that it can only be released to party 1 or 2. Because under this scheme four of the escrow could conspire to send the funds to an address other than one of the party address?

[1715137232]

1715137232

[1715137232]

1715137232

[DannyHamilton]

Using P2SH multisig is there a way to create a script which enforces who the recipient will be?

I.e. if you had two parties who had locked funds up under a 4-of-6 escrow, where the two parties are not the signatories required to release the funds and any four of the six escrow could sign to release to either party. Could the script be set up such that it can only be released to party 1 or 2. Because under this scheme four of the escrow could conspire to send the funds to an address other than one of the party address?

Sure.

Make it a 5-of-7 instead of a 4-of-6 and require that one of the 5 signatories be the recipient that you are wanting to enforce.

Now none of the 6 can send the funds anywhere without the approval of the proper recipient, and the recipient can't send the funds anywhere without the approval of at least 4 of the remaining 6 signatories.

[jl2012]

Using P2SH multisig is there a way to create a script which enforces who the recipient will be?

I.e. if you had two parties who had locked funds up under a 4-of-6 escrow, where the two parties are not the signatories required to release the funds and any four of the six escrow could sign to release to either party. Could the script be set up such that it can only be released to party 1 or 2. Because under this scheme four of the escrow could conspire to send the funds to an address other than one of the party address?

If you want to do it in the protocol level, the answer is no.

If you just want the effect but don't care how it is done, DannyHamilton has suggested.

[No_2]

Thanks.

[justusranvier]

Make it a 5-of-7 instead of a 4-of-6

If the four parties are the payer, payee, and two mediators, then the redeem script could be a p2pkh script for an address controlled by the payee OP_AND a 3-of-3 multisig with the payer and the two mediators.

[DannyHamilton]

Make it a 5-of-7 instead of a 4-of-6

If the four parties are the payer, payee, and two mediators, then the redeem script could be a p2pkh script for an address controlled by the payee OP_AND a 3-of-3 multisig with the payer and the two mediators.

Certainly, however the question specifically asked about:

- snip -
where the two parties are not the signatories required to release the funds and any four of the six escrow could sign to release
- snip -

[justusranvier]

Make it a 5-of-7 instead of a 4-of-6

If the four parties are the payer, payee, and two mediators, then the redeem script could be a p2pkh script for an address controlled by the payee OP_AND a 3-of-3 multisig with the payer and the two mediators.

Certainly, however the question specifically asked about:

- snip -
where the two parties are not the signatories required to release the funds and any four of the six escrow could sign to release
- snip -

So that should have been four mediators.

Still, the point is the two scripts connected with an OP_AND approach vs the "higher m and n" approach.

[DannyHamilton]

Make it a 5-of-7 instead of a 4-of-6

If the four parties are the payer, payee, and two mediators, then the redeem script could be a p2pkh script for an address controlled by the payee OP_AND a 3-of-3 multisig with the payer and the two mediators.

Certainly, however the question specifically asked about:

- snip -
where the two parties are not the signatories required to release the funds and any four of the six escrow could sign to release
- snip -

So that should have been four mediators.

Still, the point is the two scripts connected with an OP_AND approach vs the "higher m and n" approach.

So, you are saying the exact same thing as I did?

The transaction will require a total of 5 out of 7 possible signatures.

It will require:

- snip -
that one of the 5 signatories be the recipient
- snip -

OP_AND

- snip -
the approval of at least 4 of the remaining 6 signatories.

1 required recipient sig + 4 required escrow sigs = 5 total sigs required (M)
1 recipient sig possible + 6 escrow sigs possible = 7 total sigs possible (N)

M-of-N is 5-of-7 with one of the 5 sigs being required to be from the recipient.

[justusranvier]

So, you are saying the exact same thing as I did?

The transaction will require a total of 5 out of 7 possible signatures.

If we are saying the same thing, then you're playing really fast and lose with terminology.

At least, I'd consider it misleading to talk about a "5-of-7 multisig" transaction where OP_5 and OP_7 never appear as arguments to an OP_CHECKMULTISIG.

If you meant "1-of-1 AND 4-of-6" describing that as "5-of-7" is just a bit ambiguous.

[DannyHamilton]

- snip -
If we are saying the same thing, then you're playing really fast and lose with terminology.
- snip -
If you meant "1-of-1 AND 4-of-6" describing that as "5-of-7" is just a bit ambiguous.

Perhaps.

I do have a reputation for being far to ambiguous and not focusing enough on the details sometimes.

I suppose I just felt it was clear that the words "require that one of the 5 signatories be the recipient that you are wanting to enforce" implied a 1-of-1 signature.  Is there some other reasonably useful way to require that 1 of the 5 signatures come from a specific private key?