How Taproot and Schnorr signatures will increase Bitcoin’s privacy and scalability

Taproot and Schnorr signatures are the next updates to be implemented to improve the privacy and scalability of the Bitcoin network.

Updates on privacy and scaling Taproot and Schnorr’s signature have made significant progress
recently, moving from a theoretical idea to a real code. These updates combine several different technologies that have been offered over the years, and each of them is technically and conceptually unique.

First, these updates include Merklized abstract Syntax Trees (MAST), which developers of smart contract technologies have been discussing since 2013. The update also includes Schnorr signature technology, proposed in 2015 by developer Pieter Wuille, and Taproot, a privacy technology proposed by
in 2018, Greg Maxwell.

Privacy and scalability are what Bitcoin still lacks. Despite the need for these changes, mass updates are difficult to implement in Bitcoin due to the large number of independent users, miners and services scattered around the world. One of the most pressing issues is the need to reach an agreement on what exactly will be included in the update.

“I think the biggest challenge in this process is creating an exact set of features for simultaneous deployment,” said Blockstream researcher Tim Ruffing.

Scope of the update

First, it’s worth remembering that this update is not a magic pill that will instantly turn Bitcoin into a super-scalable and confidential cryptocurrency.

However, the update will improve the network in several aspects at once. First, more complex transaction types will become easier to use. In a typical transaction, one person signs it, thus proving that they own the BTC and have the right to send them. On the other hand, transactions with multiple signatures require multiple signatures. This update will make it easier to perform such transactions.

“It is likely that more and more wallets will support multi – signatures, because it will become cheaper and more confidential with Taproot,” said Blockstream researcher Jonas Nick.

Multi-signature technology has many important uses. First, the Lightning Network, which depends on multi-signatures, can potentially speed up and scale payments for Bitcoin. If Lightning really turns out to be the future of Bitcoin, as some enthusiasts suggest, this improvement could have a big impact, significantly reducing the cost of transactions.

In addition, multi-signature transactions using the new technology will look the same as regular transactions. Thus, even though the Bitcoin blockchain is open, where anyone can easily find a specific transaction, with this technology, observers will not know exactly which transactions are made using Lightning channels.

“Opening and closing Lightning channels will be indistinguishable from regular payments. This also means that opening a Lightning channel will cost the same as a normal transaction,” Nick said.

Schnorr signatures – improving efficiency

To understand the essence of these updates requires some understanding of how Bitcoin works. Only with the correct private key can you sign a transaction, thereby sending bitcoins. This process creates a signature that is attached to the transaction.

Sometimes it takes more than one person to sign a transaction. When such a multi-signature transaction is signed using ECDSA (the current signature method in Bitcoin), it creates a separate signature for each wallet. However, this can be avoided by using Schnorr signatures to combine all this data into a single signature via key aggregation.

As noted
Bitcoin Optech, combining will help reduce the size of this type of transaction with BTC by 30% – 75%. Such scaling technologies are important because downloading the full blockchain is the most secure and trust-minimizing way to use Bitcoin. However, now you need to have more than 300 gigabytes of free space and be patient-downloading and processing the entire database takes from several hours to several days.

Schnorr signatures will also make possible the so-called” batch verification”, which allows you to check the validity of multiple signatures at once.

Developers have long suggested using “cross-aggregation of signature inputs” to embed Schnorr signatures in bitcoin transactions. Usually, each transaction requires more than one signature – one for each “input”. In this case, Schnorr signatures can theoretically compress all these signatures together for each transaction.

But the implementation of this feature will have to wait, since the developers are still working on some security issues that do not allow adding this feature to Bitcoin yet. However, with the addition of Schnorr signatures, this functionality will be one step closer to implementation.

“This could be implemented in a future update,” Ruffing said.

MAST: improved smart contracts

Although Stylized abstract syntax trees (MAST) did not make it into the update title, it is an interesting technology that developers have been discussing for a long time.

To understand how MASTS work, you can imagine a situation where a user wants to simultaneously implement two conditions when sending a transaction: add multi-signatures, and assign the transfer of BTC to a specific date and time. Now, when one of these scenarios is executed, the full script is added to the transaction, taking up a lot of space and showing the world what conditions the user has applied.

MAST implements these conditions using a new principle that looks like a tree. Each branch of the tree contains different conditions that the user must meet in order to spend bitcoin. Then, the Bitcoin blockchain includes only the top-of-the-tree hash instead of all the script conditions.

Taproot – increasing privacy

relies on MAST and Schnorr signatures to create confidential smart contracts. As a rule, now transactions with complex scenarios that use MAST are highly distinguished in the blockchain. Even if the MASTS themselves are more confidential, the format of these transactions is slightly different, so it is easy to determine whether a script is being used or not.

Using the signature aggregation provided by Schnorr signatures, Taproot makes these transactions look like normal transactions. However, this does not work for every MAST contract, only for shared expenses, where a single branch of the Merkle tree represents a multi-signature transaction that is successfully used. If any other branches are used, the privacy advantage disappears. However, developers expect that the option of joint spending will be the most common.

In addition, there is Tapscript, which will help facilitate further improvement of scripts.

“Although the changes to BIP Tapscript do not immediately benefit the average bitcoin user, they are intended to make it easier to update the script system in the future,” Nick said.

Currently, developers are actively testing this package of new technologies. So far, no serious problems have been detected, but developers continue to test the update before adding it to Bitcoin via the soft fork.

“More recently, we have proposed several small changes to make the Schnorr signature mechanism more resistant to implementation errors and physical attacks,” Nick said.

As developers create and expand Bitcoin technologies, it is changes like Taproot and Schnorr signatures that can make the platform more complete for developers and financial professionals.