Bitcoin Core – Why are 20 the maximum public keys in a multisig transaction?

The number 20 seems to have its origin in this commitment: 8c9479c6bbbc38b897dc97de9d04e4d5a5a36730, also labeled as v0.3.12, which introduced the term & # 39; SigOps. "Unfortunately, I see no mention of this change in the confirmation message or in the release note of this release, and there is no documentation.

We see that a limit was set for a maximum number of sigops in a block:

static const int MAX_BLOCK_SIGOPS = MAX_BLOCK_SIZE / 50;

And a way to count them:

int GetSigOpCount () const
{
int n = 0;
const_iterator pc = begin ();
while (pc <end ())
{
opcodetype opcode;
if (! GetOp (pc, opcode))
break;
if (opcode == OP_CHECKSIG || opcode == OP_CHECKSIGVERIFY)
n ++;
else if (opcode == OP_CHECKMULTISIG || opcode == OP_CHECKMULTISIGVERIFY)
n + = 20;
}
returns n;
}

And the rules are still the same, specifically for multisig scripts (those that are not nested in p2sh or p2wsh). A nude CHECKMULTISIG the operation is always counted as 20 sigops (today 80, with a scale factor of witness), so more than 20 checks are allowed in CHECKMULTISIG will invalidate this assumption and will do so by creating blocks with more possible sigops allowed.

The rules are less strict for the p2sh p2wsh scripts. If the operation code just before CHECKMULTISIG is in the range [OP_1, OP_16], then that number is counted as sigops for multisig verification, and anything else is counted as 20. In practice, 15 is the maximum of publication keys that you can insert as a p2sh script because of the push limit of 520 bytes, but for p2wsh, an example of 17 of 20 would look like this:

0x01 0x11      ...  0x01 0x14 CHECKMULTISIG