Markdown Memoirs

Understanding Pay to Script Hash (P2SH) in Bitcoin

August 20, 2025
By Aditya Mishra
Bitcoin P2SH Blockchain Smart Contracts Multisig Cryptography BIP16

What is Pay to Script Hash (P2SH)?

Pay to Script Hash (P2SH) is a transaction type introduced in Bitcoin via Bitcoin Improvement Proposal 16 (BIP 16) in April 2012. It allows transactions to be sent to a script hash (address) rather than directly to a public key hash. This means that the recipient specifies the spending conditions, which are hashed to create a P2SH address. The sender sends bitcoins to this address without needing to know the complex redemption script.

Key Benefits of P2SH:

  • Flexibility: Enables more complex transaction scripts, such as multisignature transactions, without burdening the sender with the details.
  • Privacy: The spending conditions remain hidden until the funds are spent.
  • Simplification: Standardizes the address format for complex scripts, making it easier for users.

How Does P2SH Work?

In a traditional Pay to Public Key Hash (P2PKH) transaction:

  • scriptPubKey (locking script): Specifies the public key hash.
  • scriptSig (unlocking script): Provides the signature and public key.

In a P2SH transaction:

  • scriptPubKey: Contains the hash of the redemption script (OP_HASH160 <scriptHash> OP_EQUAL).
  • scriptSig: Provides the data needed for the redemption script and the redemption script itself.

Process:

  1. Creating a P2SH Address:
    • The recipient creates a redemption script with specific spending conditions.
    • Hashes the redemption script using HASH160.
    • Encodes the script hash into a P2SH address (starts with 3 on mainnet).
  2. Sending Funds:
    • The sender sends bitcoins to the P2SH address.
    • The sender does not need to know the redemption script.
  3. Spending Funds:
    • The spender provides the redemption script and any required data (e.g., signatures) in the scriptSig.
    • The redemption script and data are used to unlock the funds.

Why is P2SH Necessary?

Complex Transactions

  • Multisignature Wallets: Allows creation of addresses that require multiple signatures to authorize a transaction (e.g., 2-of-3 multisig).
  • Escrow Transactions: Enables funds to be released based on multiple conditions or parties.
  • Atomic Swaps: Facilitates trustless exchange of cryptocurrencies across different blockchains.

Improved Privacy

  • Concealed Conditions: Spending conditions are not revealed until the funds are spent, enhancing privacy.
  • Simplified Addresses: Users can share a standard-looking address without exposing complex scripts.

Efficiency and Scalability

  • Reduced Blockchain Data: Complex scripts are not stored in the UTXO set until they are spent, saving space.
  • Standardization: Simplifies the process for wallets and services to support complex scripts.

Usage of P2SH in Bitcoin Transactions

P2SH is widely used for:

  • Multisignature Wallets: Enhances security by requiring multiple private keys for transaction authorization.
  • Escrow Services: Involves neutral third parties to facilitate transactions securely.
  • Time-Locked Transactions: Implements conditions that control when bitcoins can be spent using OP_CHECKLOCKTIMEVERIFY or OP_CHECKSEQUENCEVERIFY.
  • Complex Scripting Requirements: Allows for customized scripts to support various use cases like payment channels.

Implementing P2SH in JavaScript

To implement a P2SH transaction in JavaScript, you can use a Bitcoin library like bitcoinjs-lib. Below is a step-by-step guide:

  1. Setup Your Environment

    • Ensure Node.js is installed.
    • Install bitcoinjs-lib using npm:
    npm install bitcoinjs-lib

  2. Create a Multisignature Wallet

    • Generate Private Keys:
    const bitcoin = require('bitcoinjs-lib');
const network = bitcoin.networks.testnet; // Use testnet for experimentation
// Generate key pairs
const keyPair1 = bitcoin.ECPair.makeRandom({ network });
const keyPair2 = bitcoin.ECPair.makeRandom({ network });
const keyPair3 = bitcoin.ECPair.makeRandom({ network });
    • Extract Public Keys:
    const pubkey1 = keyPair1.publicKey;
const pubkey2 = keyPair2.publicKey;
const pubkey3 = keyPair3.publicKey;

  3. Construct the P2SH Address

    • Create a Redeem Script (e.g., 2-of-3 multisig):
    const { payments } = bitcoin;
const multisig = payments.p2ms({
  m: 2, // Number of required signatures
  pubkeys: [pubkey1, pubkey2, pubkey3],
  network,
});
    • Create the P2SH Address:
    const p2sh = payments.p2sh({
  redeem: multisig,
  network,
});
console.log('P2SH Address:', p2sh.address);

  4. Receiving and Spending Funds

    • Receiving Funds:
      • Share the P2SH address (p2sh.address) to receive bitcoins.
    • Spending Funds:
      • Create a transaction providing:
        • The necessary signatures (from at least 2 of the 3 private keys).
        • The redeem script (multisig.redeem.output).
    • Example Code:
    const bitcoin = require('bitcoinjs-lib');
const network = bitcoin.networks.testnet; // Use testnet for experimentation
// Generate three key pairs
const keyPair1 = bitcoin.ECPair.makeRandom({ network });
const keyPair2 = bitcoin.ECPair.makeRandom({ network });
const keyPair3 = bitcoin.ECPair.makeRandom({ network });
// Extract public keys
const pubkey1 = keyPair1.publicKey;
const pubkey2 = keyPair2.publicKey;
const pubkey3 = keyPair3.publicKey;
// Create a 2-of-3 multisig redeem script
const multisig = bitcoin.payments.p2ms({
  m: 2,
  pubkeys: [pubkey1, pubkey2, pubkey3],
  network,
});
// Create the P2SH address
const p2sh = bitcoin.payments.p2sh({
  redeem: multisig,
  network,
});

console.log('P2SH Address:', p2sh.address);
// The P2SH address can now receive funds. To spend the funds, create a transaction that includes:
// - Signatures from at least two of the key pairs.
// - The redeem script.
    • Note: This example uses the testnet network for safety. For mainnet transactions, use bitcoin.networks.bitcoin.

Security Considerations

Collision Attacks and Hash Functions

  • Hash Functions Used:
    • P2SH uses HASH160, which is RIPEMD160(SHA256(script)).
  • Collision Resistance:
    • Preimage Attacks: Finding an input that hashes to a specific output has a probability of 1 in 2<sup>160</sup>, which is currently computationally infeasible.
    • Collision Attacks: Finding two different inputs that hash to the same output has a probability of 1 in 2<sup>80</sup> due to the birthday paradox, but practical attacks are not feasible with current technology.

Practical Risks

  • Low Risk of Collision:
    • The astronomical number of possibilities makes collision attacks impractical.
  • Hash Function Strength:
    • While HASH160 provides strong security, newer address types (e.g., P2WPKH in SegWit) use SHA256 hashes, offering even higher security margins.

Recommendations

  • Use Up-to-Date Address Types:
    • Utilize SegWit addresses (Bech32) for improved efficiency and security.
  • Secure Key Management:
    • Protect private keys and use hardware wallets when possible.
  • Stay Informed:
    • Keep abreast of the latest security developments in the Bitcoin protocol.

Conclusion

Pay to Script Hash (P2SH) has significantly enhanced Bitcoin's functionality by enabling complex transaction scripts while maintaining user-friendly address formats. It strikes a balance between flexibility, privacy, and efficiency, allowing for advanced features like multisignature wallets, escrow services, and time-locked transactions. By shifting the responsibility of defining spending conditions to the recipient, P2SH simplifies the process for senders and opens up a wider range of applications within the Bitcoin network. As Bitcoin continues to evolve, understanding and utilizing features like P2SH is crucial for developers and users seeking to leverage the full potential of the protocol.