How does Taproot, the latest Bitcoin upgrade proposal, improve the flexibility and privacy of the network?
Total text: 2,215 words
Estimated reading time: 8 minutes
This article, written by Priyeshu Garg, details how Taproot, Bitcoin’s latest upgrade proposal, expands the network’s smart contract flexibility and provides privacy features.
The following is the original translation:
secondary title
Solve the problem of complex smart contracts
Although Bitcoin is by far the first and most ambitious blockchain project, it has also been criticized for its lack of scalability and ability to solve the privacy issues posed by complex smart contracts.
Bitcoin developers have been working hard to solve these problems for nearly a decade. Now, a near-perfect solution to the problem of in-network scripting is at hand. Several projects have been proposed at the same time, but Taproot is the most promising one.
Taproot was first proposed by Bitcoin core developer and former Blockstream CTO Gregory Maxwell in January 2018. The solution is dedicated to extending the flexibility of Bitcoin's smart contracts. Aside from the unexpected flexibility Taproot brings to smart contract signing, it also brings more privacy features to transfers.
secondary title
How Taproot works
To understand how Taproot works, we have to go back to the basics of Bitcoin transfers — scripts. Scripts are lines of code embedded in a transfer that run on the blockchain and define how the transferred coins can be spent.
Before these transferred coins can be spent, there are still some steps that need to be completed: the ownership of these coins must be proved by signature; if there is a time lock, it needs to reach a specific block height or date; or a private key set A certain number of private keys are required to provide signatures for transfers. These conditions above can be combined to form a very complex smart contract.
These constraints of smart contracts, or scripts, are only visible to new owners of these coins due to P2SH. This allows only the hash of the script, or what appears to be just a set of random numbers, to be included in the blockchain. However, the script will eventually be revealed when the coins are spent. This means that all conditions of the transfer, including those not triggered, will be revealed on-chain.
While pretty straight-forward, this process generates a lot of data and is very bad at protecting the privacy of transfers on the blockchain.
One way to solve this problem is to use Merkleized Abstract Syntax Trees (MAST). The proposal is based on Merkle trees, a long-established compact data structure that allows all the different constraints on a transfer to be hashed individually. All these conditions will be stored in a Merkle tree, producing a single hash value called the Merkle root to lock the coins.
*Note: This diagram attempts to explain the transfer structure when MAST is used in conjunction with Schnorr. In the above structure, if Bob and Alice sign together, the funds can be withdrawn; and if Alice and Bob do not sign, after the time specified by the time lock, the funds can also be withdrawn in a non-cooperative form. The above is intended to explain the types of structures needed to open and close Lightning Network channels.
If any data in the Merkle tree is revealed to the blockchain, this data can be easily verified by the Merkle root and other data on the tree that become the Merkle path. However, most other data on the Merkle tree will remain cryptographically hidden.
secondary title
Schnorr soft fork protocol upgrade could enable Taproot
Pieter Wuille, CEO of Blockstream and a well-known blockchain developer, explained that Taproot is built directly on top of MAST and the Merkle fork. In its GitHub proposal, it explains that Taproot will allow almost any smart contract structure to include a condition, allowing all participants to vote on an outcome. Participants can work together to agree to a clearing transfer. This saves even more space and increases script privacy when spending, Wuille said.
While Taproot already has enormous potential on its own, it can only unleash its true power when combined with Schnorr. This new signature method is currently under development and will be deployed to the blockchain through a soft fork. This will be one of the most anticipated upgrades in the Bitcoin network.
Named after its inventor, Claus-Peter Schnorr, this signature method is a set of mathematical rules that connect private keys, public keys, and transfer signatures. Schnorr is widely regarded as the best form of signature in the cryptocurrency space. Wuille knew it could provide good correctness without loss of scalability.
In addition, Schnorr signatures are fast to verify, which means faster transfer confirmations, and extremely fast transfer times. However, the most unique point is that it integrates support for multi-signatures.
secondary title
complicated part
Most developers are interested in more complex implementations of signing mechanisms. Schnorr can use data to alter private and public keys. This change can be as simple as multiplying the two keys by 2.
"Private key multiplied by 2" corresponds to "public key multiplied by 2", and "private key multiplied by 2" can sign information for verification by "public key multiplied by 2".
The newly generated key looks the same as any other key pair, and it is impossible to tell if the original key has been tampered with.
Taproot always includes a condition, called a "joint close", whereby all participants in a transfer can cooperate to spend the funds. By using Schnorr signatures, "federated closures" can appear indistinguishable from normal peer-to-peer transfers. This is accomplished by adding together the public keys of all participants in the transfer to generate a threshold public key. The combined signatures of all participants generate a threshold signature corresponding to a threshold public key that allows the corresponding funds to be spent.
However, Schnorr signatures also allow funds within a transfer to be spent in a non-cooperative manner. Alternative ways to spend funds are combined into a different script. This script is hashed and used to modify the threshold public key. The combination of the threshold public key and the script also corresponds to the combination of the threshold signature and the script.
The complex structure of this smart contract provides the maximum degree of privacy, and the combination of the threshold public key and the script looks the same as the regular public key. In some rare cases, after the blockchain learns that the public key has actually been changed, the "joint closure" of the transfer becomes invalid.
This protocol upgrade may have a profound impact on the entire Bitcoin network. Reduced block size means faster transfers and fewer transfer fees. This will make Schnorr signatures the way everyone on the blockchain will use them.
