What are Schnorr Signatures and Taproot?
Gregory Maxwell, a developer for Bitcoin Core and a former Blockstream CTO, is the one responsible for designing and proposing Taproot. The Schnorr signature method and the Taproot technology are both examples of improvements that have been suggested for the BIP-340 and BIP-341...
Gregory Maxwell, a developer for Bitcoin Core and a former Blockstream CTO, is the one responsible for designing and proposing Taproot. The Schnorr signature method and the Taproot technology are both examples of improvements that have been suggested for the BIP-340 and BIP-341 bitcoin protocols. The modification request for the soft fork was submitted by developer Peter Welle on January 21, 2020.
The Schnorr Signature System Explained
The Schnorr signature system is a digital signature scheme that was created to strengthen the anonymity of the Bitcoin network as well as its scalability. In 1991, a German cryptographer named Klaus-Peter Schnorr, who is currently a professor at Frankfurt University, came up with the idea for the Schnorr signature technique.
Schnorr’s scheme is a variant of the ElGamal (1985) and Fiat-Shamir (1986) schemes; however, it leverages the work of cryptographer David Chaum and has a smaller signature size than other schemes. Schnorr had already received a number of patents for the method at the time it was published, but those patents had already run out by the time Satoshi Nakamoto released bitcoin in 2008. At that time, Schnorr signatures could already be used, but they were not standardized and were not utilized by a large number of people.
When Nakamoto first designed bitcoin, he was forced to select a signature system from among several already in use. He needed an open-source algorithm that was both simple and safe to implement. The ECDSA was able to fulfill these conditions. The DSA algorithm, which was the forerunner to the ECDSA method, was a combination of the Schnorr and ElGamal schemes. It was developed in order to get around the patents held by Schnorr.
Because Peter Velle and his colleagues developed a better elliptic curve known as secp256k1, ECDSA in bitcoin has become considerably more rapid and effective as a result of their efforts.
The ECDSA has a number of flaws, which prompted its creators to search for another solution. The first conversations regarding the potential introduction of Schnorr signatures in the Bitcoin network took place in 2014. A few years later, developer Peter Welle published the Schnorr BIP. The year 2014 marked the beginning of these discussions.
What is Taproot (BIP-341)?
Schnorr/Taproot/Tapscript is a proposal that also includes Taproot (BIP-341), which is the second half of the proposal. Taproot increases their usefulness by introducing a new version of the transaction output and a new means to establish the conditions of spending in the event that the Schnorr scheme provides a new type of signature.
When and who came up with the idea of Taproot?
Andrew Poelstra, a mathematician, announced the publication of a mathematical security proof in April of 2018. Anthony Towns, an engineer working for Xapo and a developer on the Bitcoin Core project, came up with a solution to boost the quantity of data that Taproot utilized in July of that year.
Peter Welle provided a set of ideas for enhancing the Bitcoin protocol on the 6th of May, 2019. In these proposals, he presented changes to Taproot in conjunction with Schnorr and MAST signatures. Velle advocated a soft fork as a means of implementing necessary improvements to the Bitcoin software.
On the 21st of January, 2020, Velle submitted a change request for the subsequent soft fork that incorporated Taproot.
What Benefits Does the Taproot System Offer?
If Schnorr signatures make it possible for multi-signature transactions to be disguised as standard (Pay-to-Public-Key-Hash) transactions, then Taproot, when used in conjunction with Schnorr signatures, broadens the scope of these possibilities by expanding the range of transaction types that can be made to appear to be standard. These expanded possibilities include the following:
- the application of P2PKH and P2WPKH, often known as single spending;
- spending with n of n signatures using MuSig or equivalents (akin to the use of P2SH and P2WSH multi-signature pairs that are now in place);
- k-out-n (for minimal values of n), which makes use of the most frequent k signers;
- shutting channels on the Lightning Network, conducting atomic swaps, and using a variety of other protocols have the potential to bring about consensus among all involved parties.
These four types of use cases account for the vast majority of bitcoin transactions that have been conducted so far. Taproot enables you to give the joint result in the blockchain the appearance of having been spent using a single key, regardless of the complexity of the underlying contract.
The remaining scripts that display other results of the contract are not published to the blockchain. This frees up space in a particular block so that it can be used for transactions that are more sophisticated.
Technical Features that Make Schnorr Signatures Important
Safety
Schnorr signatures are advantageous in that they make a smaller number of assumptions and have a reliable formal-logical proof. The security of Schnorr signatures can be easily demonstrated by employing a random oracle model and a relatively complex elliptic curve discrete logarithm problem. Both of these problems are referred to as the elliptic curve discrete logarithm problem (ECDLP).
Schnorr signatures are a simpler technology for cryptographers to deal with since they are more open and transparent than other application technologies.
Inflexibility
Schnorr signatures are provably rigid, but ECDSA signatures are flexible, allowing a third party who does not have access to the private key to update an existing valid signature and double spend. This is in contrast to ECDSA signatures, which are provably inflexible.
Linearity
The linearity attribute, which is realized using linear mathematics, is one of the primary benefits associated with Schnorr signatures.
Schnorr signatures are considered linear since they can be modified by performing operations such as addition and subtraction.