Taproot: Bitcoin’s Most Ambitious Upgrade
The recent trend of increased functionality for Bitcoin transactions in the form of features like multi-sig (a transaction only occurs if enough signatures verify the transaction) and time lock (a transaction only occurs after a set date or block height), has come at the cost of privacy. The more a sophisticated party wishes to engage with some of the exciting new technologies that the Bitcoin network now offers, the more that party must sacrifice in terms of privacy. Additionally, the extra information that is included in a complex transaction uses up valuable space, cluttering up the blockchain with information instead of more transactions. Taproot aims to solve these issues. It will restore near-complete privacy to every transaction regardless of the features or conditions employed in a Bitcoin transfer, and may increase the efficiency and scalability of the Bitcoin blockchain by approximately 20%.
Bitcoin, Privacy, and Efficiency
One of the most attractive aspects of Bitcoin transactions is the privacy conferred on the parties to the transaction. Never before could money be moved nearly anonymously regardless of the scale of the transfer. Bitcoin’s biggest winners are therefore champions of financial privacy and the general public, who benefit from the liberation of personal financial information from governments, regulators, banks, and other institutional players.
However, as Bitcoin features like multi-sig, time-lock, and a host of others, became available, privacy on Bitcoin’s blockchain became more and more compromised. For simple transactions, the only information released to the public is the public keys of both wallets. This information is nearly impossible to trace to any particular person or group. But for complex transactions that use the additional transactional conditions, the information of the conditions that were used to effect the transaction is recorded on the blockchain at the time of the transaction. This means that if Audrey contracts with Angela to transfer 1 Bitcoin to her after August 1st, and only if Angela does XYZ, then the whole world can surmise that Audrey and Angela had some agreement whose performance took place on August 1st as well as all of the conditions (“XYZ”) that had to be met for the transfer to happen. Essentially, more functionality equates to less privacy. And as the Bitcoin blockchain’s functionality grows, this gulf will only widen - users will have to make the age-old choice of convenience or privacy. As discussed below, Taproot will incorporate the most advanced form of cryptography into the blockchain to enable users to utilize any feature of a blockchain transaction with complete privacy.
Taproot will also critically improve Bitcoin’s scalability simply as a byproduct of increasing privacy. One additional problem that all of this extra information regarding transactions has wrought is wasted block space. A block can house approximately 1MB of data, and usually around 500 transactions. All that extra information in complex transactions wastes valuable block space with the details of Audrey and Angela’s transaction, causing longer wait times for others to transact across the blockchain. While hiding this data improves privacy, Taproot will also remove all of this clutter and increase the efficiency of the Bitcoin blockchain by approximately 20%.
What is Taproot
Taproot utilizes the Schnorr signature scheme and Merkelized Abstract Syntax Trees (MAST) to hide all of the conditions of any transaction by aggregating several signatures in the same transaction into one signature. Though it’s not quite this straightforward, each layer of conditions added to a transaction yields more signatures. As an example, with a multi-sig transaction, each signature is provided publicly. However, a Schnorr signature aggregation allows for combining those signatures into one threshold signature, without compromising on verification of the transaction (and minimally compromising on the speed of that verification). Taproot utilizes the same cryptography to hide any conditions in a Bitcion transaction and display just one public key.
When Satoshi Nakamoto developed Bitcoin, he opted for elliptic curve digital signatures (ECD signatures). Satoshi may have opted for Schnorr signatures to increase the network’s functionality, but Schnorr signatures were patent protected until 2008 just one year prior to Bitcoin’s launch (a launch which likely required several years of development). The powerful mechanism behind Bitcoin’s verification is ECD signatures which allow for signatures to match public keys. This matching is necessary to verify both that a user is in fact authorized to spend this Bitcoin and that the recipient validly received this Bitcoin. However, once two keys are involved, multiple signatures are required for verification.
Schnorr signatures, on the other hand, operate in such a way that the sum of the set of signatures is equivalent to the signature of the sum of the private keys. This enables the signature aggregation referenced earlier, whereby one signature can be aggregated from several signatures and corresponds to one public key that is aggregated from several public keys. To simplify, let’s follow Audrey and Angela and Carmen as they try to transact using multisig technology. Using ECD signatures, for example, let’s say that Audrey’s signature is “Audrey,” Angela’s is “Angela,” and Carmen’s is “Carmen”. If we were to combine their signatures, the result would be something like “AuAnCar.” Now, let’s say that Audrey’s public key is 5, Angela’s is 10, and Carmen’s is 20. If we were to sum their keys, the result would be 35. There is no way to relate “AuAnCar” to 35 in a way that we could verify the individual components that made up the two sums.
In contrast, imagine if Audrey’s signature is 50, Angela’s is 100, and Carmen’s is 200, and that their keys are 5, 10, and 20, respectively. Here, it is pretty easy to see how we can use addition, multiplication, and other mathematical mechanisms to aggregate the signatures into one “threshold” signature and the keys into one “threshold” key and allow for verification. While this example is overly simplistic and does not capture all of the nuance present, the first example is analogous to ECD signatures, and the second example is analogous to MAST trees and Schnorr signatures.
When Will Taproot Be Adopted
Aside from privacy, Bitcoin’s other main draw is its decentralization. There is no shadowy central institution in control of the money that flows through the platform. Instead, all decisions are made by the people and for people, and, more specifically, the Bitcoin blockchain users. The Taproot proposal was first unveiled by Bitcoin Core developer Greg Maxwell in January 2018. In October 2020, at the request of Pieter Wuille, Taproot was merged with the Bitcoin Core library. For Taproot to be adopted into the Bitcoin protocol, ninety percent of blocks have to signal support for Taproot within a two week difficulty epoch period to the rest of the community. In order to signal to others, miners make use of a “signal bit” when mining a block, which serves as a beacon that lets others know they approve of Taproot’s addition. This sort of signaling is the clever method that Bitcoin developers have devised to indicate acceptance of a protocol or additional network features.
As an aside, after each difficulty epoch, the difficulty of mining bitcoin is re-measured, letting miners (and potential miners) know how fierce the competition will be for the next two weeks. Recently, Bitcoin difficulty has seen record highs, likely attributable to its meteoric rise in value over the last six months. In short, once ninety percent of blocks have signaled support for Taproot, the process of incorporating it into the Bitcoin protocol will begin in earnest. The first Taproot signaling attempt failed earlier in May 2021, garnering just 40% of the 90% required signaling. However, the second Taproot signaling attempt is going much smoother, as more and more mining pools signal their support. The support of mining pools is essential if Taproot is to be integrated.
Five of the Largest Pools That Support Taproot
Fortunately, many of the largest pools have already indicated support for Taproot’s adoption. At the time of writing, over a week after the next round of signaling began, more than 90% of the total network has signaled support for Taproot. Here are the five largest mining pools that have already signaled support for Taproot: Antpool (16.69% share), F2Pool (15.28% share), Poolin (13.69% share), ViaBTC (9.76% share), and Bitcoin.com (9.63%).
This sort of buy-in should not be overlooked. It has taken a lot of work and promotion to get all of these pools on board and make Taproot close to being a reality. As mentioned above, a Taproot signaling attempt actually failed earlier this month. However, many pointed to the fact that the beginning of the difficulty epoch (or signaling period) coincided with the Chinese Labor Day holiday which lasted for four days, from May 1 to May 5. This time around, the Bitcoin has already garnered over 90% signaling support for Taproot integration, so as long as nothing changes and no pools back out of their support, Taproot will soon be a reality.
As Bitcoin has become more popular and developed more and more use cases, certain elements of both privacy and scalability have been sacrificed in the name of functionality. The integration of Taproot into the Bitcoin protocol promises to restore the privacy and scalability that first made Bitcoin such an attractive alternative to currency in the first place. The state of the current round of signalling means that Taproot will begin integration in earnest in the next few days, giving Bitcoin a sorely needed update and dawning a new era for the crypto powerhouse.