transactions – Is there a set size {that a} signature may be?

Throughout the script language there are two forms of directions:

Information pushes are encoded by a single byte n (with worth between 0 and 75 inclusive), adopted by n bytes (the information to be pushed). Its impact throughout execution is pushing that n-byte worth onto the stack.

Some other byte worth (so between 76 and 255 inclusive) denotes an opcode. Most opcodes are only a single byte, aside from OP_PUSHDATA1, OP_PUSHDATA2, and OP_PUSHDATA4, that are used for pushing bigger information parts than 75 bytes, however are nonetheless thought of opcodes.

Within the notation you cite above, <X> is a shorthand for “information push of X”. Within the precise byte encoding, which means it’s prefixed by its size. So particularly, OP_0 <A sig> <B sig> OP_2 <A pubkey> <B pubkey> <C pubkey> OP_3, e.g. when A sig is 71 bytes and B sig is 72 bytes (and the pubkeys are all 33 bytes):

• 0x00 (OP_0)
• 0x47 (information push of size 71 follows)
• A sig‘s 71 bytes
• 0x48 (information push of size 72 follows)
• B sig‘s 72 bytes
• 0x52 (OP_2)
• 0x21 (information push of size 33 follows)
• A pubkey‘s 33 bytes
• 0x21 (information push of size 33 follows)
• B pubkey‘s 33 bytes
• 0x21 (information push of size 33 follows)
• C pubkey‘s 33 bytes
• 0x53 (OP_3)

Observe that within the instance you are referring to, this entire sequence is not truly realized as a single script. The general public keys would sometimes be within the scriptPubKey or redeemScript (and doubtless adopted by OP_CHECKMULTISIG), whereas the signatures can be within the scriptSig. It is solely throughout spending that each get executed so as, making it equal to having this single script.

Observe additionally that the script language itself doesn’t know or care concerning the distinction between public keys and signatures – they’re simply information parts on a stack. It is the OP_CHECKMULTISIG opcode that follows which can be deciphering the information on the stack (and it is guided by the two and three pushed by OP_2 and OP_3 to know it is a 2-of-3 multisig, thus deciphering the opposite parts on the stack as 3 public keys and a couple of signatures).

Now to reply the query in your title: since BIP66 took impact in 2015, ECDSA signatures may be at most 73 bytes.