Taproot is designed to increase Bitcoin's fungibility, improve the functionality of smart contracts, and improve privacy by making all transactions appear the same to external blockchain observers.
More than two years after SegWit was activated in August 2017, Bitcoin is preparing for its next big update.
Taproot, which was first proposed in 2018 by Greg Maxwell, is being reviewed by developers and could soon be rolled out on the network. This was announced in a presentation by Peter Wuille on December 17th. Wuille said that developers had almost finished responding to feedback and the proposal was “nearly ready.”
Once implemented, the upgrade promises to increase Bitcoin’s fungibility, improve the functionality of smart contracts, and increase privacy by making all transactions appear the same to external blockchain observers.
The main thrust of the upgrade is the implementation of a new style of cryptographic signature – Schnorr signatures. These are expected to bring several benefits to the network, particularly for those using complex smart contract transactions.
Currently, Elliptic Curve Digital Signature Algorithm (ECDSA) signatures are used to sign transactions on the Bitcoin blockchain. These are typically around 72 bytes, whereas Schnorr signatures are no more than 64 bytes—a 12 percent reduction in size. At the time of Bitcoin’s inception, Schnorr signatures were not available in common crypto libraries and remained protected by a US patent until shortly before the Bitcoin whitepaper was released.
Had they been available, some say Satoshi would have opted for Schnorr signatures—and not just because of their smaller size.
Schorr signatures enable signature aggregation through Taproot, which combines multiple private keys into a single ‘master private key’ that can sign transactions. As Steve Lee from Bitcoin OpTech explained in a presentation in June last year, this aggregation creates reduced transaction fees, lowering node operating costs, and creating greater scalability. This makes Taproot especially useful for platforms using sophisticated smart contracts, such as exchanges that rely on multi-sig wallets.
Instead of using a typical 2-of-3 multi-sig wallet design featuring a hot key, a trusted third party key, and a cold wallet emergency backup key, where participants would need to broadcast all three keys to spend the coins, Taproot aggregates these keys into a single Schnorr signature, potentially reducing network fees for exchanges by up to 30 percent, according to Lee.
As Bitcoin educator Jimmy Song told The Block, this would be a net benefit for security, "There will no longer be any penalties in terms of fees for multi-sig and that should lead the industry toward using best practices."
With a reduced burden on the network, multi-sig smart contract wallets would be cheaper to operate and more sophisticated smart contract scripts will be made possible.
A step towards privacy
For everyday Bitcoin users concerned about censorship resistance, Taproot represents an important incremental step towards privacy.
Though the upgrade is not privacy-specific, it will improve Bitcoin’s fungibility—the essential property of money whereby each individual unit is indistinguishable from any other unit. With Taproot, all payments look the same, and no distinction can be made from a payment sent to a public address, or to a smart contract address like a channel on the Lightning Network. This minimizes the digital fingerprints that are left on any single transaction and makes the payment network more opaque and less vulnerable to censorship.
"All outputs for spending look identical, and most spends are indistinguishable, so this is a big improvement for fungibility," said Lee in the presentation. "Smart contract payments, Lightning payments, and sophisticated multi-signature smart contract payments all look the same."
Blockchain forensic firms will thus be unable to see how many parties were involved in each transaction or detect if it was just a simple payment or a complex smart contract operation.
This could provide greater cover for those using mixing services like CoinJoin, and make it more difficult for blockchain detectives to make accurate guesses at the rationale behind each transaction.
When Taproot does eventually roll out, it is likely to be followed by more incremental protocol upgrades. Graftroot, which delegates signatures to allow for additional multi-sig functionality, is also on the developmental horizon, along with the "Great Consensus Clean-up", which promises to fix network vulnerabilities.