Ghost Labs
Bitcoin Ghost
Block Reference
MUSIG_THRESHOLD
Signature Family
TYPE 0x0004 · SIGNATURE FAMILY

MUSIG_THRESHOLD

MuSig2/FROST aggregate threshold signature verification. M-of-N signers produce a single aggregate Schnorr signature off-chain. On-chain footprint is identical to single-sig (~131 bytes) regardless of M or N.

Signature Non-Invertible
Ladder Diagram
MUSIG_THRESHOLD M-of-N + AGG KEY + SIG Aggregate key verified against commitment; single Schnorr sig check
Fields
FieldData TypeSizeSideDescription
threshold_m NUMERIC 1-4 B Conditions Minimum number of signers required (M)
group_size_n NUMERIC 1-4 B Conditions Total number of signers in the group (N)
pubkey PUBKEY 32-33 B Witness Aggregate public key (verified via Merkle leaf)
signature SIGNATURE 64-65 B Witness Aggregate Schnorr signature (single sig regardless of M/N)

Public key folded into Merkle leaf via merkle_pub_key (PubkeyCountForBlock = 1). No key field in conditions.

Wire Format Breakdown

Conditions side (in scriptPubKey):

0x0004 0 3 NUMERIC M NUMERIC N = 10 bytes

Witness side (in input witness):

0x0004 0 2 PUBKEY · 32B SIGNATURE · 64B = 104 bytes
Total (conditions + witness) ~131 bytes

Compared to MULTISIG (3-of-5): 549 bytes → 131 bytes (saves 76%). On-chain, MUSIG_THRESHOLD is indistinguishable from single-sig.

Evaluation Logic
1. Validate M ≥ 1, N ≥ M, N ≤ 100. If invalid → ERROR
2. Verify witness PUBKEY against Merkle leaf (merkle_pub_key). If mismatch → UNSATISFIED
3. Enforce Schnorr-only: SCHEME must be 0x01 (SCHNORR) or absent. No PQ path. If invalid → ERROR
4. Verify aggregate SIGNATURE against PUBKEY using BIP-340 Schnorr. If invalid → UNSATISFIED
5. Verification passed → SATISFIED
Return Values
ConditionResult
Missing required fieldsERROR
M = 0 or M > N or N > 100ERROR
PQ signature scheme requestedERROR
Merkle leaf verification failsUNSATISFIED
Schnorr signature verification failsUNSATISFIED
Aggregate key matches commitment AND signature validSATISFIED
JSON Wire Format
Conditions (scriptPubKey)
{
  "type": "MUSIG_THRESHOLD",
  "inverted": false,
  "fields": [
    { "type": "PUBKEY", "hex": "02abc1...33 bytes" },
    { "type": "NUMERIC", "value": 2 },
    { "type": "NUMERIC", "value": 3 }
  ]
}
Witness (input)
{
  "type": "MUSIG_THRESHOLD",
  "inverted": false,
  "fields": [
    { "type": "PUBKEY", "hex": "02abc1...33 bytes" },
    { "type": "SIGNATURE", "hex": "e4f2a1...64 bytes" }
  ]
}
Use Cases
Privacy-Preserving Multisig
A 3-of-5 corporate treasury uses MUSIG_THRESHOLD. On-chain, the spend looks identical to a single-sig P2TR output — no observer can distinguish it from a solo wallet or determine the threshold policy.
Lightning Channel Opens
2-of-2 funding outputs using MUSIG_THRESHOLD are indistinguishable from regular P2TR spends, improving the anonymity set for all channel participants.
Fee-Efficient DAOs
A 7-of-11 governance multisig pays the same fee as a single-sig transaction. The M and N parameters are committed in conditions for policy enforcement, but the on-chain signature is always 64 bytes.
← ADAPTOR_SIG KEY_REF_SIG →