Taproot: What Impact Will it Have on the Bitcoin Eco_?

2021-11-15, 10:40


[TL; DR]

  1. At Around 5:00 AM UTC on November 14th, Taproot, the Bitcoin upgrade, was officially activated at the block height of 709,632.
  2. The Taproot soft fork is the first major technical upgrade to the Bitcoin protocol since the introduction of Segregated Witness (SegWit) in 2017. It could have a profound impact on the Bitcoin ecosystem for the next 3 - 5 years.
  3. The Taproot soft fork upgrade is composed of three different Bitcoin Improvement Proposals (BIPs), which are BIP 340, BIP 341 and BIP 342.
  4. Schnorr signatures outperform ECDSA in terms of performance and security, and will offer greater privacy and anonymity.
  5. The MAST structure can significantly reduce the volume of transaction data and improve transaction performance.

At Around 5:00 AM UTC on November 14th, Taproot, the Bitcoin upgrade, was officially activated at the block height of 709,632. The Taproot soft fork is one of the most anticipated upgrades in the last two years. It is expected that the update could have a profound impact on the Bitcoin ecosystem for the next 3 - 5 years. This could be especially beneficial for institutional users and various application scenarios with multi-signature transactions.

It is the first major technical upgrade to the Bitcoin protocol since the introduction of Segregated Witness (SegWit) in 2017. SegWit increases the block size limit on a blockchain by removing signature data from the block header, partially reducing the cost of transfers on the Bitcoin network. While the Taproot upgrade aims to improve security, privacy and scalability on the network.

“Taproot” is the primary root of a plant. As explained by its founder Gregory Maxwell, the name refers to the desire for Bitcoin trading to focus only on the “main root” and hide the unimportant "branches". The Taproot upgrade was first proposed in 2018, and its implementation would make transactions on the Lightning Network indistinguishable from those on the Bitcoin blockchain, improving transaction privacy. Shortly afterwards, the Schnorr digital signature scheme was also incorporated into the Taproot upgrade solution, and the two were combined to serve as an overall enhancement to the performance of the Bitcoin network.

In January 2020, Bitcoin Core developer Pieter Wuille submitted three major Bitcoin Improvement Proposals (BIPs) for the Schnorr/Taproot soft fork upgrade. These three proposals are interrelated and play a part together. The BIPs are BIP 340, 341, and 342.

BIP-340 (Schnorr): BIP 340 replaces Elliptic Curve Digital Signature Algorithm (ECDSA) with Schnorr signatures.

BIP-341(Taproot): Improving Merkelised Abstract Syntax Trees (MAST) based on the Schnorr signatures.

BIP-342(Tap_script_): Delivering an improved version of the programming language used to conduct Bitcoin transactions.

What is the significance of Schnorr digital signatures?

Digital signatures, based on what is known in cryptography as "Asymmetric Cryptography", partially offer the feasibility of electronic cash systems. In symmetric cryptography, encryption and decryption share the same private keys, whereas in asymmetric cryptography, the public key is used for encryption and the private key for decryption. Generally speaking, the private key refers to long runs of numbers generated by a random algorithm, while the public key is generally calculated from the private key. The private key needs to be stored confidentially, while the public key is public and can be used to verify the validity of the signature without exposing the private key.

The security of asymmetric cryptography is guaranteed by the mathematical algorithms behind it. Classical mathematical mechanisms such as large prime factorization, elliptic curves, etc. are most commonly used. The asymmetric cryptography used in Bitcoin is based on the elliptic curve algorithm.

As we all know, there are no accounts or balances in Bitcoin. There are only unspent transaction outputs (UTXO) scattered in the blockchain. The input to a transaction is the previous UTXO and the final output is the new UTXO, in which the asymmetric cryptographic algorithm serves to prove in the transaction whether the person who spent a particular Bitcoin is the real holder.

For example, Alice intends to transfer 5 BTC to Bob, and that is a piece of transaction information. Alice hashes the information to generate the corresponding long runs of numbers, and then encrypts them with her private key to create her own digital signature. Then Alice sends the transaction message and the digital signature to Bob, who uses Alice's public key to decrypt the digital signature, obtains the corresponding numbers, and compares them with the hash of the transaction information that he processed himself. If they are the same, it proves that Alice does have the private key. In addition, as Alice provides Bob's address (i.e. public key) when creating the digital signature, the UTXO occurring in the transaction will be locked and only Bob, who has the corresponding private key, can unlock it.

Alice needed to generate the digital signature with ECDSA, whereas after the Taproot upgrade, the signature will be based on the Schnorr algorithm.


The Schnorr signature mechanism was invented by the German cryptographer Claus Schnorr. It has undergone rigorous academic scrutiny, outperforming ECDSA in terms of performance and security. However, considering the fact that Professor Schnorr registered a patent for this signature algorithm in 1990, which did not expire until 2008, Satoshi Nakamoto used the algorithm known as ECDSA when creating Bitcoin protocol, instead of Schnorr signatures. Since both the Schnorr signature and ECDSA are based on the secp256k1 elliptic curve and SHA256, Schnorr signatures can be relatively easy to implement on the Bitcoin network.

In addition to better security, Schnorr signatures have the added benefit of being “linear,” which means that the results of the computation can be overlapped. There is no such "linear" in ECDSA which requires different transactions to be signed separately. In the Schnorr signatures scheme, public keys of multiple users are linearly aggregated into one public key and signatures of different transactions can be aggregated into one signature, which is also known as Key Aggregation. This increases the privacy of transactions and reduces the block space occupied by each transaction by approximately 11%.

Taproot & Tap_script_
Schnorr signatures improve the privacy of BTC transactions, while Taproot can further optimize scalability. To understand this, we first need to know what Merkelized Abstract Syntax Trees (MAST) are.

Merkle Trees structure of each block is crucial to ensure the tamper-resistant nature of the blockchain. Each transaction at the bottom is grouped in pairs and the hash value is calculated sequentially to obtain a second Merkle Tree, which is then grouped again in pairs to obtain a unique top-level hash (also known as the Merkle Hash). With this calculation, even a change in one byte of a transaction or a shift in the order between two transactions will result in a change in the Merkle Hash. In addition, another benefit of the Merkle Tree is that a BTC lightweight client doesn't have to download all the transaction data. Only the data for each block header is needed. If the lightweight client wants to confirm the status of a transaction, it can initiate a "Merkle Proof" to confirm that the transaction is on the Merkle Tree.



MAST is a similar Merkle Tree data structure, where a similar hashing operation is performed on each _script_. This generates a Merkle Tree of _script_s, also known as _script_ Trees. With the addition of Schnorr signatures, the entire structure of the _script_ Tree will be hidden, allowing transactions with complex _script_ structures to be executed as if they were ordinary transactions. The MAST structure can significantly reduce the volume of transaction data and even enable smart contract capabilities.

Corresponding to the MAST, Tap_script_ has made changes to the Bitcoin _script_ structure, adding some opcodes to make it easier to write _script_s after the Taproot upgrade.

Conclusion
The Taproot update is the largest technological expansion to Bitcoin since the Lightning Network and SegWit upgrade. While Bitcoin has been slightly conservative in its innovation compared to Ethereum and Polkadot. Technological upgrades such as Taproot have actually brought about improvements in transaction fees, speeds and anonymity.

As there are limited restrictions for miners in the Taproot soft fork, we still need to wait and see how well the relevant improvements play out in the future.

Author: Edward. H, Gate.io Researcher
*This article represents only the views of the researcher and does not constitute any investment suggestions.

*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.




分享一下
gate logo
Credit Ranking
Complete Gate Post tasks to upgrade your rank