This is possible with every output type except for P2TR. Taproot introduced to the Bitcoin protocol Schnorr signatures and Merklized Alternative Script Trees, both of which can be used to hide the true number of participants in a multisig.
Taproot uses a new signature scheme called Schnorr signatures, which allows key aggregation. A single public key can belong to one user or be aggregated from multiple users using an n-of-n scheme like MuSig2 or even a threshold m-of-n scheme like FROST/ROAST. This makes multisig transactions smaller and therefore cheaper, but it also means you cannot tell if a multisig even happened, let alone its size.
Merklized Alternative Script Trees
A P2TR output can optionally commit to a script tree (MAST). The key difference from previous output types is that you can now have many alternative spending conditions, and only reveal the one that you end up using.
Even without key aggregation, this allows you to obfuscate the actual size of your multisig. For example, if you want a 2-of-3 multisig, you can create a script tree with three different 2-of-2 multisigs: A&B, B&C and A&C. Only one of these 2-of-2s will need to be revealed and nobody will be able to tell if the actual multisig was 2-of-2, 2-of-n for some higher n, or even a decoy multisig in which both keys were in fact owned by the same person.
You can use key aggregation in combination with script trees, for example to implement 2-of-3 using three different keys aggregated using 2-of-2 MuSig2. A footnote in BIP342 goes into a bit of detail on multisigs in script trees.
Leave a Reply