Taproot and Schnorr signatures have been in development for a long time, and now these proposed upgrades to the Bitcoin (BTC) protocol have finally been submitted as formal Bitcoin Improvement Proposals (BIPs) by Pieter Wuille, Jonas Nick, and Anthony Towns. Specifically, three different BIPs have been submitted, including BIP 340 ‘Schnorr Signatures for secp256k1’, BIP 341 ‘Taproot: SegWit version 1 spending rules’, and BIP 342 ‘Validation of Taproot Scripts’. The following article deep dives how these BIPs will enhance the privacy and security of Bitcoin (BTC), while simultaneously increasing Bitcoin’s (BTC) capabilities.
BIP 340 proposes a standard for 64 byte Schnorr signatures over the elliptic curve secp256k1. Traditionally Bitcoin (BTC) has used ECDSA signatures over the secp256k1 curve, but apparently Schnorr signatures have a relative advantage.
One critical advantage is that Schnorr signatures are non-malleable, while ECDSA signatures are malleable. This means that a 3rd party without access to the private key can alter the signature for an existing public key and message into another key that is valid for the same public key and message. Indeed, there is even a tool available to create messages that look like they are signed by Satoshi Nakamoto. With Schnorr signatures this sort of forgery will no longer be possible.
Another critical advantage is that Schnorr signatures provide a simple method for multiple parties to produce a signature that is a sum of their public keys. This paves the way for better multi signatures, and also threshold signatures, where a certain amount of keys is required to unlock a Bitcoin (BTC) output. Both multi signatures and threshold signatures would be indistinguishable from single signatures, increasing privacy.
Also Schnorr signatures facilitate adaptor signatures, which can be used to perform atomic swaps and to open general payment channels. This can be used to build decentralized exchanges (DEX) on the Bitcoin (BTC) blockchain. Notably, with Schnorr signatures privacy is enhanced in this case, since atomic swaps and general payment channels would appear to be regular transactions.
Another improvement is this enables blind signatures, where a signer can sign on behalf of another party without learning any information about the signed message or the signature. This enables partially blind atomic swaps, where coins can be transferred via an untrusted escrow agent without connecting the transacting parties on the public blockchain. Thus, Schnorr signatures facilitate anonymous trades using the Bitcoin (BTC) blockchain.
BIP 341 proposes a new SegWit version 1 output type, with spending rules based on Schnorr signatures, Taproot, and Merkle branches, and essentially aims to minimize how much information is revealed regarding the spendability conditions of a transaction output.
This proposal dives into the meat and potatoes of Taproot, which merges pay-to-pubkey and the pay-to-scripthash policies so that all spendable outputs, whether they are spendable by a key or a script, are indistinguishable from one another. In other words, Taproot allows coins to be spent with the key path, so outside observers cannot learn the spending conditions of outputs.
Taproot improves Bitcoin’s (BTC) privacy, since instead of revealing all possible conditions for spending an output, only the satisfied spending condition is published. Essentially, Schnorr signatures enable multi signatures, threshold signatures, adaptor signatures, and blind signatures which yield a variety of ways for an output to be spent based on certain conditions, and Taproot keeps those conditions anonymous, while Schnorr signatures make it so all of these complex signatures look like regular single signatures.
BIP 342 specifies scripting semantics that will be needed to make Taproot work. Specifically, OP_CHECKSIG and OP_CHECKSIGVERIFY are disabled and OP_CHECKSIGADD is introduced so that the multi signatures policies can be created in a batch verifiable way. Essentially, BIP 342 is designed to make Schnorr signatures, batch validation, and signature hash improvements available for spends that use the script system.
Taproot and Schnorr Signatures Improve The Privacy and Security of Bitcoin (BTC)
Overall, the combination of Taproot and Schnorr signatures makes Bitcoin (BTC) more anonymous, by making complex smart contracts and Lightning Network channels, as well as atomic swaps and DEX activity, to all appear the same as regular Bitcoin (BTC) transactions.
In other words, Taproot and Schnorr signatures allow the Bitcoin (BTC) blockchain to be used for trading activity, payments via the Lightning Network, applications that use smart contracts, and business agreements which use smart contracts, while keeping the details private from outside observers. Only the transacting parties will know the exact details for smart contracts, Lightning Network payments, and trades via atomic swaps.
Clearly, Taproot and Schnorr signatures improve the privacy of Bitcoin (BTC), which inherently increases security, and this could increase Bitcoin (BTC) adoption for a variety of applications.
That being said, Taproot and Schnorr signatures need to go through another round of review, and ultimately miners will have the final say on whether or not Taproot and Schnorr signatures are implemented. However, it seems Taproot and Schnorr signatures are only beneficial, so it is likely that this new technology will be implemented into the Bitcoin (BTC) protocol via a soft fork in the coming months.