How Schnorr signatures make Bitcoin more private

With the upcoming Taproot update, the Schnorr signatures will also be implemented in Bitcoin’s source code. The aim is to make the network more efficient and transactions more private. What you need to know about the long-awaited soft fork.

This article first appeared in the June issue of Cryptocompass, the magazine for everything to do with blockchain. Do you want to know more about it? Then click on this button:

It can take a while for Bitcoin to implement new software updates. Taproot was mentioned for the first time in 2018, when Bitcoin Core Developer Gregory Maxwell outlined the possible update, which, among other things, should implement a new signature algorithm. Three years have passed since then and Taproot is still a dream of the future. But that could change soon. Because with Bitcoins Difficulty Epoch 338 you have also implemented the so-called “Speedy Trial”. This is an update that allows miners to include additional data in mined blocks and thus signal their support for Taproot. If at least 90 percent of the miners decide in favor of taproot support by the end of a difficulty period (after 2,016 blocks), the update will be introduced as a soft fork in the source code in November of this year. This implementation process is also new.

According to taproot.watch, over 90 percent of the mining pools are on board. Taproot is now “logged in” and is activated at block 709.632. This is expected to be the case in mid-November this year.

What’s in the update?

At its core, Taproot is a technical update of the Bitcoin source code that includes several changes. The most important innovation is the implementation of Schnorr signatures, which are intended to complement the well-known ECDSA signatures.

Now it’s getting technical: ECDSA stands for “Elliptic Curve Digital Signature Algorithm” and forms the heart of Bitcoin’s cryptography. In short, this form of cryptographic signature ensures that only legitimate owners (in the sense of the protocol rules) of private keys can issue UTXOs, i.e. BTC, that are linked to this key. The purpose of the digital signature is to provide evidence that you are the owner of the respective BTC without revealing the private key. This is done using the ECDSA signature.

With the activation of Taproot, Bitcoin is expanded to include a signature option: We are talking about Schnorr. Schnorr offers the same security that ECDSA signatures offer, but also has some features that improve Bitcoin. Schnorr signatures, for example, allow key aggregation – a feature that ECDSA does not offer. With the help of key aggregation, different public keys can be combined. The user then only has to sign this once using a single private key. If you currently want to set up a MultiSig scheme, you have to create a signature for each of the keys involved, which the network checks for authenticity. However, this is much more time-consuming than aggregating all the keys involved and then running just one script that checks the signature.


Bitcoin is becoming more private

In addition to the gain in efficiency, Schnorr signatures offer a considerable gain in privacy. In contrast to the current ECDSA scheme, MultSig transactions that were created with the help of Schnorr can no longer be distinguished from “normal” SingleSig transactions for blockchain observers.

As can be seen in the diagram, a single public key is derived from a 3-out-of-3 MultiSig. Its associated private key is sufficient to output the UTXO.

Lightning in particular will give the introduction of the Schnorr signatures considerable tailwind. After all, the opening of Lightning Channels on the blockchain is easy to recognize as such due to the 2-out-of-2 MultiSig. This is one of the main reasons why Lightning is not as private as is often assumed.

Actually, Schnorr would have wanted to use Bitcoin’s native signature algorithm from the start. According to reports, Satoshi only opted for ECDSA because Schnorr was subject to patent restrictions until shortly before the start of the Genesis block. However, these have now been lifted.

The cumbersome procedure up to the release of the update shows once again how carefully the core developers deal with seemingly trivial changes to the source code. In addition to Gregory Maxwell, great developers such as Jonas Nick and Pieter Wuille are working on the project – all developers with many years of experience. The implementation of the introduction mechanism called “Speedy Trial” is also new. It made sense to bring the miners on board – a clever move to organize the various stakeholder groups. If everything goes smoothly, Bitcoin will be a fair bit more private and efficient with block 709,632 (expected in November 2021). That shouldn’t hurt the course either.