Bitcoin is the most well-known and decentralized cryptocurrency. Its decentralization is both its strength and weakness. The strength lies in its resistance to censorship and restrictions. The weakness? It’s a slow and complex process to implement innovations, as any proposed update must go through multiple stages, which can take years. Plus, the community must support these innovations almost unanimously. Despite these challenges, Bitcoin continues to evolve.
One of the most significant upgrades the Bitcoin community introduced was Taproot, rolled out in November 2021. This update brought a range of innovations to Bitcoin’s core, creating a foundation for further development while massively improving privacy, scalability, and flexibility for the project’s blockchain. One of the key technologies introduced with Taproot was Schnorr signatures.
Historical Overview of Schnorr Signatures
Cryptographer Claus Schnorr first introduced the concept of electronic signatures in 1991, naming the tech after himself — the Schnorr scheme. It’s seen as a modification of earlier schemes proposed in the mid-1980s by Taher Elgamal, Amos Fiat, and Adi Shamir. The main feature of the Schnorr scheme was the reduction in signature size.
Before publishing his scheme, Schnorr patented several versions of its implementation. These patents officially expired in February 2008, around the same time Bitcoin was presented to the world. When creating Bitcoin, Satoshi Nakamoto needed to choose a digital signature scheme with simple, secure algorithms and open-source code. Back then, the ECDSA was chosen.
The ECDSA (Elliptic Curve Digital Signature Algorithm) is a digital signature algorithm based on elliptic curves and was used in Bitcoin for transaction verification and user authentication before Schnorr signatures were implemented.
Elliptic curves are mathematical structures used in cryptography to generate private and public keys.
Pieter Wuille, Bitcoin Core Developer, improved the elliptic curve, making the ECDSA more efficient. However, Bitcoin Core developers were also searching for an even more efficient alternative. Research into integrating the Schnorr signature scheme into Bitcoin began back in 2014, but the technology wasn’t fully implemented as a key part of the Taproot upgrade until seven years later.
Schnorr Signature Scheme: Why Is It Significant?
The Schnorr digital signature scheme offers several undeniable advantages over the ECDSA. Let’s dive into the key differences and benefits.
Enhanced Security
Both the ECDSA and the Schnorr scheme are based on discrete logarithms.
In simple terms, discrete logarithms involve figuring out how many times a number must be multiplied by itself to get another number, using modular arithmetic. This task is hard to solve, especially with large numbers, and is the basis for the security of many cryptographic systems.
The Schnorr scheme’s main advantage is that it operates with fewer assumptions and has a strong formal-logical proof of security. This makes its security more easily provable using the random oracle model combined with discrete logarithms on elliptic curve labels.
In other words, Schnorr is a more transparent applied technology that offers better security compared to the ECDSA. Additionally, because of its simplicity, the Schnorr scheme is easier to analyze and check for vulnerabilities.
Inflexibility of Signatures
The Schnorr scheme is known for its inflexible signatures, while the ECDSA operates with flexible signatures. In the ECDSA, third parties, without access to private keys, can modify valid signatures. In contrast, the inflexibility of Schnorr signatures prevents this, reducing the risk of double-spending and enhancing the overall security of transactions.
Linearity Property
Schnorr signatures have a linear property, allowing individual signatures and public keys to be mathematically combined. This means that multiple participants can merge their public keys into one and generate a joint signature that proves the consensus of all parties.
Thanks to this linearity, the Schnorr scheme supports efficient signature aggregation. This improves scalability and privacy, as multi-signature transactions become indistinguishable from regular single-signature transactions and take up less space on the blockchain.
In contrast, the ECDSA’s algorithm is nonlinear, making such aggregation impossible. As a result, multi-signature transactions in the ECDSA are bulkier and easier to identify, which decreases efficiency and privacy overall.
Smaller Transaction Size
The ECDSA requires multiple inputs for a transaction and a signature from each participant with individual verification. Moreover, verifying the set of signatures involves complex mathematical calculations.
With Schnorr, only one combined multi-signature is used for each transaction input. This eliminates the need to verify each input separately, speeding up confirmations. In the Schnorr scheme, the fixed transaction signature size is 64 bytes, about 10% smaller than the ECDSA.
This helps reduce fees, speeds up transaction processing, and optimizes block space and computational power.
What Is Taproot and Who Invented This Technology?
Taproot refers to both a technology combining several cryptographic features and a comprehensive Bitcoin protocol update where these features were introduced. The development of Taproot involved Bitcoin Core developers, many of whom also worked at Blockstream. Notable contributors include Gregory Maxwell, Andrew Poelstra, and Pieter Wuille, among others.
Gregory Maxwell is considered the primary author of the Taproot concept, which he detailed in an open letter in January 2018. By May of the same year, a group of authors, including the aforementioned developers, outlined the implementation of Schnorr signatures.
While Schnorr signatures were a key part of the Taproot update, they weren’t the only innovation. Other important updates included:
- a new transaction output type, Pay-to-Taproot (P2TR);
- the Merkelized Abstract Syntax Tree (MAST);
- the introduction of the Tapscript coding language.
After a year of discussions and refinements, Pieter Wuille organized and merged all the proposed updates into three Bitcoin Improvement Proposals (BIP-340, BIP-341, and BIP-342). Further discussions and refinements took over two years, and the proposals were finally implemented in November 2021.
Importance of Taproot Upgrade for Bitcoin’s Development
The Taproot technology upgrade significantly boosted the privacy, efficiency, and functionality of the Bitcoin network. This update enhanced security and introduced new opportunities for users and developers alike. Taproot also laid the groundwork for future innovations to be integrated into Bitcoin’s code.
With the implementation of new cryptographic functions and expanded scripting, this update enabled:
- advanced multi-signature schemes like MuSig2;
- the creation of more complex smart contracts, expanding DeFi functionalities;
- more efficient atomic cross-chain swaps;
- enhanced Lightning Network capabilities;
- further development of second-layer protocols, among others.
Overall, the Taproot implementation has solidified Bitcoin’s position as a digital asset capable of adapting to evolving technologies and demands while maintaining its core principles of decentralization and privacy.