A look at the three Bitcoin Improvement Proposals that make up the Bitcoin Core update, Schnorr/Taproot
The version 0.21.0 of Bitcoin Core was released yesterday, while Schnorr/Taproot is in testnet, slated for deployment in early February. It is the most important Bitcoin upgrade in years, so let’s look at what it is and what difference it makes for the Bitcoin ecosystem.
1. What is Schnorr/Taproot?
The update known as “Schnorr/Taproot” consists of three Bitcoin Improvement Proposals (BIPs), new code proposals to improve Bitcoin Core, the reference client used to run the Bitcoin protocol. The BIP #340 adds so called “Schnorr signatures”, the BIP #341 adds “Taproot” and the BIP #342 adds “Tapscript”. As Schnorr signatures and Taproot are the most consequential parts of this update, we will focus on them here.
Schnorr/Taproot is the culmination of years of work. The idea of Taproot was proposed by Bitcoin developer Gregory Maxwell Taproot in January 2018. Another Bitcoin developer, Pieter Wuille, created the proposal to implement the idea in September 2019. It then went through an extensive review and test phase, with 150 developers participating in a 7 weeks long review process in November 2019. The code is going to be implemented in the next release of Bitcoin Core, in December 2020 – but it doesn’t even mean it will actually be adopted by participants in the Bitcoin network.
The Taproot proposal builds on top of Schnorr signatures. The main function of Schnorr signatures is to make “multi-signature” (multisig) transactions, which require multiple signatures to be processed, and traditional, single signature transactions (called P2PKH, for ‘pay-to-public-key-hash’ transactions), look the same on the blockchain. The function of Taproot is to extend this approach to other, more complex sorts of transactions (called P2SH, for ‘pay-to-script-hash’ transactions) and also make them look like traditional P2PKH transactions.
How does that work? The fundamental benefit of Schnorr signatures is that they allow for key and signature aggregation. This means that it becomes possible to combine different public keys into a new, single one. Say Alice and Bob’s signatures are required for a multisig payment to John: thanks to Schnorr, it is possible to combine Signature A and Signature B into Signature C. When Alice and Bob provide their (so-called ‘treshold’) signatures and public keys, only “Signature C to John” will appear on the blockchain. The transaction will therefore look like a traditional single signature transaction from C to John.
2. What everyday users gain from the update: privacy and fungibility
What does the Schnorr/Taproot upgrade change for the everyday user? In a nutshell, it increases the fungibility and privacy of Bitcoin. For a currency to be ‘fungible’, all of its individual units need to be indistinguishable from any other unit. The US Dollar is fungible because any individual 1$ bill is worth the exact same. One dollar bill could have been used to pay for illegal drugs, another to fund a wedding, their past use will not change their value: they’re worth the exact same. Currently, because transactions are publicly broadcasted on the blockchain, and because different types of transactions have different digital fingerprints, it is fairly easy to obtain identifying information about specific transactions. Being able to identify the past use of certain coins can ‘taint’ them and make them less valuable than ‘clean’ coins. This is a significant threat to Bitcoin’s fungibility and to its prospects as a currency. With Schnorr signatures, and even more with Taproot, all transactions appear to be of the same kind on the blockchain. It renders much harder to know if a certain transaction was a one-to-one payment (from Alice to Bob) or a complex transaction, involving multiple signatures, time based conditions, or the Lightning network. It is therefore a net fungibility gain.
Schnorr/Taproot increases the privacy of Bitcoin in a similar way. By analyzing a multisig transaction, one can also identify the specific multisig set-up that was used, the ways the success conditions of a certain smart contract have been met, the type of wallet that was used, etc. Obfuscating this information is a great privacy gain for Bitcoin users. But the upgrade doesn’t benefit only the average user.
3. What developers and exchanges gain from the update: efficiency and flexibility
The upgrade also benefits two other groups: Bitcoin developers and crypto exchanges. Bitcoin currently uses Elliptic Curve Digital Signature Algorithm (ECDSA) signatures, which usually weigh around 72 bytes, while Schnorr signatures weigh 64 bytes. So the switch from one standard to the other already comes with a 11-12% gain in efficiency. But there is more because, as mentioned above, Schnorr signatures allow for signature aggregation. Imagine that Alice, Bob and John need to sign a transaction, as it is common in multisig schemes which require 3 out of 5 signatures. This means that 3 signatures would have to be broadcasted to the blockchain: that of Alice, Bob and John. The more signatures are needed, the more the size of the transaction increases, the higher the transaction fees get. So, with ECDSA signatures, the more complex the smart contract, the more expensive it gets to run it. By allowing for complex smart contracts to be executed by a single signature, the Schnorr/Taproot upgrade greatly reduces the cost of running smart contracts.
This helps developers because it means they can write more complex smart contracts on top of Bitcoin without putting a heavy burden on the blockchain. It also helps exchanges and other key actors of the Bitcoin ecosystem, such as OKCoin, because it means they can run complex smart contracts, such as multisig wallets and timelock transactions, for much cheaper. It is expected that the compounded efficiency gains of the upgrade could make the fees exchanges are paying drop by up to 30%. The gain in flexibility and efficiency will help scale the different endeavours to bring DeFi (decentralized finance) features to Bitcoin.
4. Cooperation towards adoption
The new version of Bitcoin Core implements the code for BIPs 340, 341 and 342, respectively Schnorr signatures, Taproot and Tapscript. It does not mean that this new code will be activated immediately however. First, the code will have to be activated on ‘signet’ and/or ‘testnet’, the Bitcoin blockchains exclusively used for testing. Such a big change, indeed, has required extensive review and will require further testing. Testing is absolutely key to maintain the security of the Bitcoin network, and is a central part of the work of Bitcoin Core developers. See our piece on how Marco Falke, one of OKCoin’s Independent Developer Grant recipients, has worked on improving the Bitcoin testing framework over the years.
When the activation code will be included in Bitcoin Core, the miners will have to signal (or not) their willingness to adopt it. At the moment, the sum of the miners who control 91% of the hashrate on the Bitcoin network and have expressed a firm opinion are in favor of activating Taproot. There are different ways to go about the activation process, the two main ones are discussed on a dedicated website.
Even if the upgrade is activated by the miners, it will remain necessary for wallet developers, exchange engineers and other key infrastructure workers to update their services too for the upgrade to be fully functional. Contrary to what happened in 2017 with the block-size limit controversy, this time it seems like miners, developers, exchanges and users all see the benefits of working together to make the most of this upgrade. What the Schnorr/Taproot upgrade shows, therefore, is also that the Bitcoin community at large has truly understood the virtuous circle of innovation and cooperation Bitcoin itself is based on.