The Bitcoin Schnorr / Taproot upgrade explained

Bitcoin remains the most well-known and valuable cryptocurrency with a current market cap of $200 billion. As a first-generation blockchain, Bitcoin faces a number of challenges. For example, transaction speeds on Bitcoin are limited to approximately 7 transactions per second. However, any upgrade or improvement to Bitcoin must go through a rigorous process designed to ensure that Bitcoin’s core properties as a decentralized, censorship-resistant digital currency are not compromised.

Bitcoin Improvement Proposals

To develop, maintain, and improve the Bitcoin blockchain, Bitcoin Core developers propose Bitcoin Improvement Proposals (BIPs). A Bitcoin BIP refers to a document by which developers propose a solution to a problem on the Bitcoin network. For example, following the introduction and implementation of BIP 141, more commonly known as Segregated Witness (SegWit), transaction speeds on the Bitcoin network have increased and transaction fees have dropped substantially. Crucially, this was achieved without an increase in Bitcoin’s block size and with no impact on Bitcoin’s decentralized properties.

The BIP process was created by early Bitcoin developer Amir Taaki. Taaki believed that the Bitcoin development process could be improved by creating a structured and transparent process. Taaki submitted the first BIP (BIP 0001) on August 19, 2011, and described the BIP process itself.

The Bitcoin Schnorr/Taproot soft fork

The Schnorr/Taproot soft fork is the most significant update to Bitcoin since the SegWit soft fork of August 2017. Adding Schnorr signatures to the Bitcoin protocol has been discussed for years. Schnorr signatures will be implemented as part of a bigger soft fork protocol upgrade called Taproot. Taproot was first proposed by Bitcoin Core developer Greg Maxwell in 2018 and is based on an older proposal called MAST (Merkelized Abstract Syntax Tree).

Taproot promises to increase Bitcoin’s fungibility, improve the functionality of smart contracts, and boost privacy by making all transactions appear the same to external blockchain observers.

The upgrade will implement a new style of cryptographic signature, Schnorr signatures, which have several benefits, particularly for smart contracts. At present, Elliptic Curve Digital Signature Algorithm (ECDSA) signatures are used to sign transactions on the Bitcoin blockchain. These are typically around 72 bytes, whereas Schnorr signatures are no more than 64 bytes, representing a 12 percent reduction in size. When Satoshi Nakamoto wrote the Bitcoin whitepaper Schnorr signatures were not available in common crypto libraries and were not available for commercial use as they were protected by a US patent. Had they been available, it’s thought that Satoshi would have opted for Schnorr signatures, and not just because of their smaller size.

Schnorr signatures enable signature aggregation through Taproot, which combines multiple private keys into a single ‘master private key’ that can sign transactions. This aggregation should reduce transaction fees, lower the cost of operating a node, and improve scalability. Taproot is especially useful for platforms using sophisticated smart contracts, such as exchanges that rely on multi-sig wallets.

Instead of using a typical 2-of-3 multi-sig wallet design featuring a hot key, a trusted third party key, and a cold wallet emergency backup key, where participants would need to broadcast all three keys to spend the coins, Taproot aggregates these keys into a single Schnorr signature, potentially reducing network fees for exchanges by up to 30 percent.

The Github technical document for BIP: 340 Title: Schnorr Signatures for secp256k1 is online at GitHub.

A step towards Bitcoin privacy

While the mainstream media often portrays Bitcoin as an anonymous currency that can’t be traced, that is not the case. Because of the fact that Bitcoin is an open public ledger, all transactions are public and can be examined using a block explorer. Blockchain analysis firms such as Chainalysis are adept at tracing blockchain transactions and linking them to the identities of private individuals. While the new changes will not transform Bitcoin into a genuinely untraceable currency, Taproot does represent an important incremental step towards privacy.

Though the upgrade is not privacy-specific, it will improve Bitcoin’s fungibility—the essential property of money whereby each individual unit is indistinguishable from any other unit. With Taproot, all payments look the same, and no distinction can be made from a payment sent to a public address, or to a smart contract address like a channel on the Lightning Network. This minimizes the digital fingerprints on any single transaction making the network more opaque and less vulnerable to censorship.

It will be much harder for blockchain analysis companies to understand how many parties are involved in a transaction and detect if it was just a simple payment or a complex smart contract operation.

In September, Bitcoin developers successfully merged the BIP-340 improvement proposal with Bitcoin’s master code library. The merger of the pull request for BIP-340 in the protocol’s master library is an important milestone on the road to implementation. Bitcoin developer Nicolas Dorier tweeted that the “most complicated” part of the process was complete and “With that behind us, I expect the rest of the Taproot upgrade will follow smoothly.”

The next step in the upgrade is the Taproot pull request merger, followed by the soft fork if successful. Miners and Bitcoin users will need to approve the soft fork.

Bitcoin Core v0.19.1, v0.20.0, and v0.20.1 upgrades have been released this year to provide various bug fixes and performance improvements.