Blockchain And Cryptocurrency Provider

The Bitcoin Schnorr / Taproot Upgrade – What Does it Mean?

Bitcoin Taproot Upgrade

Table of Contents

Introduction

If you’ve been paying attention to the news in the Bitcoin world lately then you’ll probably have heard the word Taproot mentioned more than once. Privacy and scalability are key concerns for all cryptocurrencies and this upgrade is expected to bring about benefits in both.

Taproot was first proposed in January 2018 by the Bitcoin Dev Gregory Maxwell and is the most significant protocol update since the SegWit in 2017. The upgrade is locked in since June and the activation will happen in November 2021

There has been broad agreement from everyone in the community that the change should be made, but much of the debate has been on the activation process to actually implement the change. Bitcoin has a slow, careful governance process for implementing any changes. Sometimes this is criticized, but it can also be seen as one of the core strengths. Less changes means less chance of mistakes or unintended consequences.

So what exactly is Taproot and how will it be activated?

What is the Taproot upgrade

Taproot is an upgrade to the Bitcoin protocol that will bring about several new complementary features. The upgrade is in fact composed of several different Bitcoin Improvement Proposals (BIPs).

  1. Schnorr signatures (BIP 340)
  2. Taproot (BIP 341)
  3. Tapscript (BIP 342)

 

With Taproot enabled, no matter how complex a transaction logic is, the outcome will appear the same as a normal “single key spend” on the blockchain. The scripts or conditions that are not used in the transaction are not added to the blockchain, which has a number of implications that we’ll get into below.

First, let’s talk a bit about scripting.

Taproot and scripting

Scripts are used to spend bitcoin and transactions are validated using a locking script and an unlocking script. A locking script is basically a condition that is placed on spending the outputs in the future. The unlocking script, as the name suggests, is a script that allows you to spend or unlock the outputs in order to spend. Unlocking scripts are part of all transaction inputs and they contain a digital signature generated from the user’s private key. This confirms they are the owner and can spend the coins. A script can also specify a wide range of different spending conditions.

With Pay-to-Script-Hash (P2SH) the locking script is replaced with a redeem script hash and it helps to simplify the use of complex transaction scripts. A multisignature (Multisig) transaction is one type of complex transaction type. For example a 2-of-3 multisig is commonly used where 2 out of 3 private keys are needed to spend the funds. For security or business reasons you may want to have more than one key that can be used to unlock and spend your bitcoin. Timelocks are another type of condition that can be added to a script. You can use these locks to postdate a transaction so it can only be spent beyond a certain point in the future. It’s also possible to combine multi-signature and timelocks in scripts to create quite complex smart contracts. One drawback with P2SH is when coins are spent all the conditions in the script must be revealed, even the conditions that were not met. So, for example, a script might say that Alice, Bob and John are signatories, but only 2 of the three need to sign (majority rule). It might also state that, if Alica and Bob don’t sign within 90 days, then John can sign on his own ( 1-of-3). Revealing all of the conditional logic is data-intensive, especially as you stack more and more conditions on top. It’s also bad for privacy because it reveals a lot of information publicly on the blockchain.

An example of a redeem script decoded to reveal the details

Redeem Script

As you can see above, anyone can take this redeem script and decode it using a tool to see all the conditional logic – even the logic that was not executed. Here we can see it’s a classic 2-of-3 multisig transaction (OP_CHECKMULTISIG) and you can see the 3 individual three public keys

Key takeaway: Bitcoin users are not anonymous but rather pseudonyms. Existing “redeem scripts” placed in spending “signature scripts” contain a lot of information that is publicly available on the blockchain.

Enter MAST

Another feature of the Taproot upgrade is the utilisation of MAST (Merkelized Abstract Syntax Tree) which is built on the common Merkle tree structure. The tree stores the various conditions that are individually hashed which then produces a single hash called the Merkle root. This Merkle root “locks up” the coins and the rest of the tree remains hidden. Only the condition that is met needs to be revealed.

MAST Root

This is more data-efficient and protects privacy. However, it’s still possible to distinguish these MAST transactions from regular P2SH transactions and this is where Schnorr comes into the mix.

Key takeaway:Taproot uses a structure called MAST to separate the execution of complex scripts and so you only need to reveal the parts of a script that are executed.

Schnorr Signatures for Bitcoin

Schnorr has been around for a while. The digital signature algorithm was developed by the German mathematician Claus Schnorr in 1989. It was patented up to February 2008, and Satoshi decided to go with the Elliptic Curve Digital Signature Algorithm (ECDSA) instead.

However, most people agree that Schnorr is superior to ECDSA. It also comes with the ability to aggregate multiple signatures into a single one. This can make transactions indistinguishable thus increasing privacy. The “signature aggregation” would make even the most complex contracts look the same as a regular transaction and it adds greater privacy for the individual users signing.

Schnorr Signature aggregation
Schnorr Signature aggregation

Key takeaway: Schnorr enables smaller on-chain transaction sizes, quicker validations and improvements in privacy

Traditional multi-signature vs MuSig

With schnorr-based multi-signature (MuSig), a group of signers can produce a short, joint signature. This allows multiple users each with their own private key to create a combined public key that’s indistinguishable from any other schnorr public key. Compared to traditional script-based multisig, MuSig uses less block space and offers more privacy.

For more on MuSig, we recommend checking out this article from Blockstream.

Pay-to-Taproot (P2TR) and Tapscript

A new script type called Pay-to-Taproot (P2TR) will give the user the ability to choose how they spend – either using the default schnorr signature (key path spending for single sig for example) or the MAST merkle tree (script path spending based on spending conditions satisfied).

There will also be a new scripting language called Tapscript which will enable Bitcoin nodes to create and validate Pay-to-Taproot (P2TR) outputs by upgrading the opcodes Bitcoin uses. It also makes all Taproot outputs look similar. This allows participants of a multisig to aggregate their signatures and spend the transaction as a normal transaction.

Key takeaway: Pay-to-Taproot (P2TR) is a type of ScriptPubKey which locks bitcoin to a script that can be unlocked by either a single public key or using a MAST condition. Tapscript is the scripting language used for taproot script-path spends.

Will Taproot pave the way for smart contracts?

Taproot definitely makes it easier for smart contracts on the Bitcoin blockchain. The upgrade will lessen the amount of space needed for complex transactions and make it easier for users to develop more sophisticated smart contracts on Bitcoin.

How will Taproot be activated?

Taproot is a softfork to the Bitcoin network and so needs consensus. The soft fork will be backwards-compatible, meaning users needn’t do anything to start using it. However, miners who secure the network will need to commit to a software upgrade.

A Bitcoin coin toss was used by miners to reach a decision on how to activate Taproot. Essentially, the Bitcoin community couldn’t agree on the specifics of Taproot’s activation, so they tossed a virtual coin on the Bitcoin blockchain to decide on the approach. The debate was between an activation timeline based on block height or an activation timeline based on Median Time Past (MTP). The toss was decided at block 678079 with MTP proving to be the winner. The rules of the coin toss stated that if the last bit in the block hash was a zero then MTP would be chosen and if it was a 1 then block height would be the decision.

After the coin toss, there was a time interval of three months for miners to signal support. Recently it reached the 90% approval threshold so it is now “locked-in”. The actual activation in the network will happen in November 2021

Taproot summary

  • Fees
    – Reduced transaction fee costs for using more complex transactions (such as multisig, or time-locking)
  • Privacy
    – Makes transactions similar so they cannot be recognized
    – Improve privacy of the Lightning Network by making channels look like regular bitcoin transactions
  • Scaling
    – Schnorr signatures take up less space
    – Taproot (P2TR) outputs consume less space on the blockchain than normal P2PKH outputs
  • Scripting
    – More flexibility for complex scripts means more functionality is likely to be available in wallets
  • Malleability
    – Schnorr transactions are not malleable meaning they cannot be being shaped or altered

Conclusion

Taproot, Schnorr and MAST are complementary innovations that together deliver incremental improvements in privacy, scalability and complex transactions. The Taproot upgrade to Bitcoin is an exciting step forward for the bitcoin protocol and one that we’ll be paying close attention to.

Subscribe to our newsletter

Do you have any topics you’d like to learn more about? Reach out to us and let us know.

Share this 

Facebook
Twitter
LinkedIn
Bryan

Bryan

Based in Ireland, Bryan is the founder and CEO of Boinnex. He has worked for almost a decade as an IT Project Manager contracting across finance, banking, insurance, tech, and healthcare industries. He found his way into the crypto space in 2017 when he started a contract role with IOHK — the dev company behind the Cardano blockchain. Since then, he has continued to be actively involved in different projects in the crypto and blockchain space. He enjoys learning, writing, and sharing knowledge about all things crypto.

Have any questions? Write them below

Sign up for our Newsletter

Receive daily updates directly in your favorite email.