TYPE 0x0004 · SIGNATURE FAMILY

MUSIG_THRESHOLD

MuSig2/FROST aggregate threshold signature verification. M-of-N signers produce a single aggregate Schnorr signature off-chain. On-chain footprint is identical to single-sig (~131 bytes) regardless of M or N.

Signature Non-Invertible
Ladder Diagram
MUSIG_THRESHOLD M-of-N + AGG KEY + SIG Aggregate key verified against commitment; single Schnorr sig check
Fields
FieldData TypeSizeSideDescription
threshold_m NUMERIC 1-4 B Conditions Minimum number of signers required (M)
group_size_n NUMERIC 1-4 B Conditions Total number of signers in the group (N)
pubkey PUBKEY 32-33 B Witness Aggregate public key (verified via Merkle leaf)
signature SIGNATURE 64-65 B Witness Aggregate Schnorr signature (single sig regardless of M/N)

Public key folded into Merkle leaf via merkle_pub_key (PubkeyCountForBlock = 1). No key field in conditions.

Wire Format Breakdown

Conditions side (committed in the rung leaf):

0x0004 0 3 NUMERIC M NUMERIC N = 10 bytes

Witness side (in input witness):

0x0004 0 2 PUBKEY · 32B SIGNATURE · 64B = 104 bytes
Total (conditions + witness) ~131 bytes

Compared to MULTISIG (3-of-5): 549 bytes → 131 bytes (saves 76%). On-chain, MUSIG_THRESHOLD is indistinguishable from single-sig.

Evaluation Logic
1. Locate PUBKEY + SIGNATURE witness fields and the two NUMERIC conditions fields (M, N). Any missing → ERROR. Validate M > 0, N > 0, M ≤ N. Otherwise → ERROR
2. Pubkey integrity already enforced at MLSC-proof level (merkle_pub_key binds the witness PUBKEY into the rung leaf; a mismatched pubkey produces a different leaf and the proof rejects before any block runs).
3. Enforce Schnorr-only at the wire: SIGNATURE size must be 64 or 65 bytes (the Schnorr range; ECDSA's 8-72 B range is rejected). Outside that range → ERROR
4. VerifySigWithScheme dispatches to BIP-340 Schnorr verify against the aggregate PUBKEY. Verification fails → UNSATISFIED
5. Verification passed → SATISFIED
Return Values
ConditionResult
Missing PUBKEY, SIGNATURE, or one of the two NUMERIC fieldsERROR
M ≤ 0 or N ≤ 0 or M > NERROR
SIGNATURE size outside 64-65 bytes (Schnorr range)ERROR
Schnorr signature verification failsUNSATISFIED
Aggregate signature valid against the aggregate pubkeySATISFIED
JSON Wire Format
Conditions (committed in the rung leaf)
{
  "type": "MUSIG_THRESHOLD",
  "inverted": false,
  "fields": [
    { "type": "NUMERIC", "value": 2 },
    { "type": "NUMERIC", "value": 3 }
  ]
}
Witness (input)
{
  "type": "MUSIG_THRESHOLD",
  "inverted": false,
  "fields": [
    { "type": "PUBKEY", "hex": "02abc1...33 bytes" },
    { "type": "SIGNATURE", "hex": "e4f2a1...64 bytes" }
  ]
}
Use Cases
Privacy-Preserving Multisig
A 3-of-5 corporate treasury uses MUSIG_THRESHOLD. On-chain, the spend looks identical to a single-sig P2TR output — no observer can distinguish it from a solo wallet or determine the threshold policy.
Lightning Channel Opens
2-of-2 funding outputs using MUSIG_THRESHOLD are indistinguishable from regular P2TR spends, improving the anonymity set for all channel participants.
Fee-Efficient DAOs
A 7-of-11 governance multisig pays the same fee as a single-sig transaction. The M and N parameters are committed in conditions for policy enforcement, but the on-chain signature is always 64 bytes.
← ADAPTOR_SIG KEY_REF_SIG →