Taproot. Source: https://academy.binance.com/
I was never a huge fan of Bitcoin.
In fact, I actually disliked it.
Although I really resonate with the values of decentralization and privacy that Bitcoin was created for in the first place, it has so far been unable to achieve them at all.
The large amount of computational power required to solve the preimage hash puzzles renders it so that true decentralization in Bitcoin will always be a mere pipe dream. The ability to verify transactions in the network will only ever be available to those who have the means to own a large quantity of the very powerful and expensive ASIC mining machines (that are used to solve said puzzles).
We see that very clearly today, with most network hashing power coming from only a few of the largest mining pools. In short, there is no true decentralization of power when it comes to the Bitcoin network.
Moreover, transactions on the Bitcoin network will also never truly be anonymous.
Sure, the only thing you’ll actually reveal when transacting on the Bitcoin network is your public address. Since this address has been hashed by a cryptographic function and a digital signature algorithm (SHA-256 and ECDSA respectively) to prevent reverse-engineering, surely it provides full anonymity, right?
Wrong.
In actuality, it is easier than most people think to connect a public address on the digital Bitcoin ledger to a real world identity. You may not even need programming skills to do that! Many organisations — even individuals — have successfully done so before.
Here, we come to the realisation there is also no true privacy when we transact on the Bitcoin network.
In sum, Bitcoin was born out of fantastic principles, but has failed to live up to them due to the difference between theoretical musings, and real-world application.
This is why I have never really liked Bitcoin, and have always hoped that its immense market dominance will one day be flipped by a substantively more useful project like Ethereum.
Bitcoin’s reign as the ‘big brother’ of the blockchain and cryptocurrency world must surely be coming to a swift end due to its many limitations and inability to live up to its founding principles.
Or so I thought.
Now with the Taproot update in the works, everything has changed.
Taproot’s Background Story
Before I dive into its exact details, let me first give you a better idea of the contextual background that the Taproot update is set against.
In January 2018, Bitcoin Core developer Greg Maxwell formally released the Taproot Update proposal. On June 12 2021, 3.5 years later, Taproot officially gained enough mining support to lock in activation.
To elaborate, at least 1,815 out of the 2,016 blocks mined within the most recently designated two-week difficulty period (or most recent ‘voting’ round) have been found to include information that points toward the miners being in collective favor (90% or more) of the Taproot upgrade.
During this particular difficulty period, and at block 687284, this 90% threshold was finally met.
In fact, by the time this two-week difficulty period ends on Sunday, it is likely the Taproot upgrade will have locked in with over 99% of blocks signaling decisively in its favor.
This is in sharp contrast to Bitcoin’s most recent upgrade in 2017, sometimes referred to as the ‘Civil War’, where an ideological split within the Bitcoin community itself led to a hard fork, culminating in two distinct projects, Bitcoin Cash and Bitcoin.
Adherents who followed the former wanted to improve transaction speeds by increasing the maximum block size to 8mb, whilst the latter deployed the Segregated Witness (SegWit) upgrade that separates Digital Signatures from transaction metadata in order to reduce storage load, to do so.
This time, however, Taproot has near universal support. This rare moment of collective consensus is largely due to the fact that the proposed changes represent monumental improvements to Bitcoin’s protocol that will radically increase its capacity to push forth several key functions that are principal to Bitcoin’s very existence (and that I will be discussing later).
The ‘voting’ results. A green block means that it signaled readiness for Taproot activation. A red block means that it did not. Transparent blocks represent upcoming blocks within this difficulty period. Source: Taproot.watch
What is Taproot, and what improvements will it bring?
The Taproot upgrade will bring about two main improvements to the Bitcoin network:
- Increased Privacy for Multisig transactions
- Potential for Smart Contracts (Scalability)
Before I elaborate on these improvements however, it is pertinent to look at extant protocols within the Bitcoin network first, for you to get a better idea of how Taproot constitutes an improvement over them.
Elliptic Curve Digital Signature Algorithm (ECDSA)
ECDSA curve. Source: https://metamug.com/
Currently, Bitcoin utilises the Elliptic Curve Digital Signature Algorithm (ECDSA) to derive public keys from randomly generated private keys (by using elliptic curve point scalar multiplication by n), and subsequently — the public Bitcoin addresses (after hashing the public key with the quantum-resistant SHA-256, and RIPEMD160).
What is special about the ECDSA is that it ensures that the aforementioned hashing process cannot be reverse-engineered. That is to say, ECDSA renders it such that it will be mathematically impossible to derive someone’s private key from his/her Bitcoin address or public key (because secp256k1, Bitcoin’s elliptic curve, ensures a trapdoor, or one-way function).
This is to protect and enforce ownership rights within the Bitcoin network because your private key is your passport to the Bitcoin network. It’s what allows you to generate an address for receiving coins, and what later allows you to spend them. If someone is able to derive private keys from your addresses, the Bitcoin network will not even be functional. The ECDSA (and SHA-256) makes sure that this does not happen.
Now, let’s say an individual — Alice, wants to make a transaction to another individual — Bob, on the Bitcoin network. She will have to sign on her message (dictating the transaction; ie. ‘I am sending you these coins that have been previously sent to me’) with her ECDSA-generated private key. This will generate a unique digital signature that proves that Alice created the message as it is.
She then sends her signature along with her original message to Bob. The idea is that the message is the main payload, and the digital signature is used to prove that Alice was truly the one who created that exact message.
Bob is then able to easily verify that the digital signature is valid, given Alice’s public key and the original message. And if the signature is valid, that means the message wasn’t tampered with.
Therefore, this is how digital signature schemes make messages tamper evident. Another key point is that Bob or anyone else should not be able to guess Alice’s private key, given just her public key. Otherwise, Bob or anyone else would be able to recreate Alice’s signatures and thus fake her identity. This is why the ECDSA is of utmost importance for transactions on the Bitcoin network.
Downsides of ECDSA
However, even though the ECDSA scheme has been working well for the network for more than a decade now, it also has its drawbacks.
For one, it is not the best scheme for privacy, especially for users who transact using complex functionalities like Multisig (multi-signature) transactions.
For another, it is also not the best scheme to use if the Bitcoin network wants to scale, because for users who transact using the aforementioned complex functionalities, their transactions will take up a lot of bandwidth and storage space on the network.
This is where Taproot, and specifically — the Schnorr signature scheme it brings along with it — comes into play.
The Schnorr Signature Scheme
The Schnorr Signature scheme operates similarly to ECDSA in that it allows for the generation of private and public keys in a safe and reliable manner. However, and for all intents and purposes, the former is vastly superior over the latter.
So the question that should be on all your minds right now — why didn’t Satoshi Nakamoto just use Schnorr signatures from the very beginning then?
This is mainly because the creator of Schnorr signatures, Claus P. Schnorr, actually patented them. As a result, Schnorr signatures were rarely used, if at all. Therefore, Satoshi decided to go with the more proven, more widely-accepted and open source (therefore possessing more ostensible longevity) ECDSA scheme.
Claus-Peter Schnorr. Source: https://owpdb.mfo.de/
However, now with the Taproot upgrade all but an eventuality, and assuming all nodes will adopt the software upgrade — every user on the Bitcoin network will switch over from the ECDSA scheme to the Schnorr Signature scheme by the end of 2021.
At this juncture, it should be pretty clear to you that Schnorr signatures are at the very heart — if not already the heart — of the benefits that Taproot will bring to the Bitcoin network at large. So if anyone were to ask you about what Taproot brings to the table, just tell them about Schnorr signatures!
Benefits of Schnorr Signatures
If you recall, I mentioned above that the Taproot upgrade will bring about two main improvements to the Bitcoin network:
Increased Privacy for Multisig transactionsPotential for Scalability
Both these improvements are only possible because of Schnorr signatures.
Increased Privacy for Multisig transactions
With ECDSA, it will always be very obvious whenever a m-of-m or m-of-n Multisig address initiates a transaction on the network due to the simple fact that all such addresses will begin with a number ‘3’. Therefore, transactions from any given Multisig address will be distinctly recognizable for anyone who just bothers to look at the ledger.
Visual representation of a m-of-n (1-of-2) Multisig transaction. Source: https://docs.symbolplatform.com/
This isn’t great at all from a privacy standpoint, especially since Multisig transactions are meant to enable greater security for all the users involved.
Schnorr signatures counteract this problem by allowing for a very important function — signature aggregation. This signature aggregation function allows for the combining of multiple signatures into one singular signature, or what is termed as the ‘master’ signature. This master signature will make it a lot more difficult, or even impossible, for an observer to determine who signed (or didn’t sign) in any given m-on-m or m-of-n Multisig transaction.
Signature Aggregation in Schnorr signatures. Source: https://www.dcforecasts.com/
Although Schnorr signatures, and Taproot by extension, won’t provide any greater anonymity or privacy for your individual bitcoin addresses, it will certainly make simple transactions indistinguishable from those that are more complex and composed of multiple signatures.
This will benefit the latter group to no end in terms of privacy — something that the ECDSA scheme currently does not help with.
Potential for Scalability
Moreover, with ECDSA, large-scale Multisig transactions will take up a lot of space and bandwidth on the Bitcoin network as everyone involved in such a transaction will have to provide their valid digital signatures and public keys to the network.
For example, if a 7-of-7 Multisig address wants to make a transaction, this would mean that 7 pairs of digital signatures and public keys will have to be generated to the network.
Schnorr signatures’ aforementioned signature aggregation function thus enables significant space savings due to the fact that the master signatures generated will be of the same length as regular, one-person signatures.
If we were to use the 7-of-7 Multisig address transaction analogy from above — there is no longer a need to store 7 pairs of digital signatures and public keys on the network with the Schnorr Signature scheme.
These smaller and faster signatures are absolutely a huge game changer when it comes to the scalability of the Bitcoin network.
There has even been talk of an implementation of complex smart contracts on the Bitcoin network due to Schnorr signatures’ enablement of more flexible and accessible discrete log contracts (DLCs).
Additionally, Schnorr signatures have also been theorized to allow for something called a “batched validation”, wherein Bitcoin full nodes will be able to validate 1,000 Taproot signatures in nearly the same time it takes to validate one ECDSA signature.
This Schnorr signature-empowered scaling solution would thussignificantly shorten the time it takes a node to verify all signatures in a block, potentially increasing transaction speed and throughput exponentially.
Further, Schnorr signatures could also potentially help scale related layer-2 blockchain platforms like the Lightning Network (a payment channel built on top of the Bitcoin network that enables instant transactions) too.
Bitcoin’s Lightning Network. Source: https://blog.blockonomics.co/
They can do so by introducing Point Time-lock Contracts (PTLC) to Lightning as a notable upgrade on the extant Hash Time-lock Contracts (HTLC). This will ultimately allow for more private and efficient smart contracts to be built on Lightning, potentially resulting in significant increments in transaction speed and throughput.
Final Thoughts on Taproot
In all, the Taproot upgrade is a very promising one that has made me change my mind a little with regard to Bitcoin; it may just be the very spark that brings Bitcoin back to the core principles upon which it was so nobly founded upon by Satoshi Nakamoto, and that I fell in love with.
However, and as with everything in life — theory and real-world application are two very very different things. Taproot can sound perfect on paper; how it is implemented remains very much to be seen.
If Taproot can even deliver on 50% of what it promises, the moon (or even beyond) will become the literal limit for Bitcoin. Who knows, it may even venture into the fabled DeFi space and become a juggernaut there.
When all is said and done, and the upgrade is finally rolled out in November 2021, I may just become the biggest Bitcoin fan yet.
Only time will tell.
