Taproot - new tools for bitcoin programming
Implications of the update for future Smart Contract development
Intro
Taproot is a package of changes being proposed for the bitcoin protocol bundling together a set of BIP (Bitcoin Improvement Proposal), namely BIP340, BIP341 and BIP342. They set up the foundation for future developments throughout new commands in the bitcoin programming language, improve scalability and privacy.
But what is a BIP?
A BIP is a formalized system that tweaks the network and gets adopted by the community through the consensus of the miners. Segwit, for example, was the last big update in bitcoin which improved scalability and setted the ground for Lightning Network. Bitcoin upgrades usually take a lot of time since many researches, reviews and modeling of game theories scenarios need to be done, in order to achieve long term stability and security.
Taproot is a soft fork, a change in the network that is still compatible with the old version of the code. Even those who decide not to upgrade can still participate in the network. It is a gentler option compared to hard forks, where upgrading the code is incompatible with the older version and can divide the community leading to two separate networks (Bitcoin Cash for ex.).
It’s important to understand that when there is an upgrade, node operators are the ultimate judges for its execution. They can decide which type of software to run based on what is better for them, no one can impose such a decision.
The Taproot upgrade was fully activated as a soft fork of the protocol at block 709,632 on Nov 14 2021. It is a combination of many BIPs. Let’s analyze them singularly.
BIP340 - Schnorr signature
Until Schnorr signature implementation, ECDSA signature (Elliptic Curve Digital Signature Algorithm) was the standard in Bitcoin. It can be said that it was a sort of workaround over Schnorr, as Schnorr signature was protected by patent since its invention in 1990.
The patent expired in 2008, when Satoshi was defining the final details of the protocol, but he opted for the opensource ECDSA signature, since it was already trustworthy and rigorously tested over the years. Since then, everyone wondered about How Bitcoin would improve with Schnorr signatures.
What is a signature
Schnorr signatures, like ECDSA, are a mathematical way to prove that you have control over your privateKey. A digital signature could be seen as a document, containing all the informations you want to allow through you phisycal signature:
I allow my inheritance to be given to my daughter.
Jon Jones
So, don’t get confused: the whole document is the equivalent of the digital signature, the phisycal signature is the equivalent of the privateKey while the details of the document represent the tx-data.
Aggregation
Compared to ECDSA one of the properties Schnorr is aggregation: multiple signatures can be resumed in a single one, as well as multiple publicKeys can be summed together as one publicKey and as one single privateKey can prove the control over the sum of multiple privateKeys.
These has 2 direct effects:
scalability → less data to be stored in the blocks allow to scale to more txs;
anonimity increase →Schnorr make transactions look indistinguishable, making transaction-tracking based on public wallet addresses harder to realize. Complex scripts can be hidden with a single sign that looks as simple as a payment. (example: closing a Lightning Network channel would appear as a common tx).
Theoretically, if all txs inside a block use Schnorr signatures, they could be aggregated resulting in a single signature for the whole block!
Byte-dimension optimization
Byte-dimension is also reduced for all the components of a tx. For a complex multisig this would result roughly in a 8,5% reduction in byte-dimension, since:
signature ~ from 72 bytes to 64 bytes;
publicKey ~ from 33 bytes to 32 bytes.
Batch verification
This is not about aggregation but is an optimization derived from Schnorr properties when verifying lot of signatures, for example when verifying a block. In the context of initial blockchain download this gets very useful, where the clients need to verify a magnitude of blocks (that are signatures). Batch verification could speed up to 20% the syncronization of new nodes.
BIP341 - Taproot
This BIP defines Pay-to-Taproot (P2TR) and implements Merklized Alternative Script Trees (MAST).
Bitcoin Script - P2TR
The programming language used in Bitcoin to define the logic behind txs is called Script. It allows to define a set of conditions coded into smart contracts, which establish who is eligible to spend certain funds. Smart contracts basically give you 2 types of outputs: the funds are spendable, the funds are not spendable. P2TR is a new type of script which allows the owner (or owners) to choose how he wants to spend his money, picking a subset of specific conditions between all the available coded ones. It is a combination of already existing functionalities of Pay-to-Public-Key (P2PK) and Pay-to-Script-Hash (P2SH) scripts.
MAST
Privacy is heavily improved with MAST, which enables to hide conditions that are not used in a tx. Suppose for ex. that some funds are tight with a smart contract with the following two conditions:
multisig → 2 of 3 signatures needed;
timelock → if 90 days pass after reception, funds are unlocked with only 1 signature.
When spending those funds:
without Taproot →you are forced to reveal both condition 1. and 2. even if you use only one of them;
with Taproot → you only reveal the condition you are actually using, while the unused ones stay hidden.
This is possible because every single condition of the script is hashed separately in a Merkle tree structure, where the Merkle root is a hash representing all of the conditions of the smart contract. At spending time, only the used hashed condition needs to be revealed and verified against the Merkle root. This is a way to shield all the parts of the smart contract you don’t want to show.
Publicly (in the bitcoin explorer) the smart contract looks like another common tx, since it is a root → this is why it is called taproot!
In order to unlock the smart contract, the owner needs to reveal only a piece of the Merkle tree.
BIP342 - Tapscript
This last BIP updates the Script coding language in order to accommodate Schnorr Signatures and Taproot technology for those that opt-in to the upgrade. It introduces a collection of new OPCODES, allowing more expressiveness of the language and more composability of smart contracts.
👁️🗨️ OPCODE are instructions in machine code. Bitcoin Script is stack-based language, meaning that all the instructions are executed in a particular order, namely LIFO (Last In First Out). The last instruction included in the stack will be the first to be executed, then the execution proceeds from this last one up to the first one. These instructions are given in OPCODE format.
Conclusions - Taproot advantages
Smart contract improvement
Taproot set up the ground for future bitcoin smart contract improvements, giving developers new tools to build more sophisticated products over the bitcoin network or its layers/sidechains (for ex. building over the Lightning Network).
Before Taproot, a multisig on-chain could achieve maximum 16 participants. With Schnorr is now possible to aggregate thousands of signatures.
Giacomo Zucco
Smart contracts could theoretically be used for any kind of tx, from paying the rent every month, to registering your vehicle, to establish your inheritance and moreover all of their informations are kept private to all the participants of the network.
Privacy & security
Improved privacy translates in more security, since not to know the details of certain scripts decreases the chances for bad actors to attack them.
No one can tell what type of lock you have in your house. Maybe one type is easy to identify, another could be harder. Now they both look the same, so is hard to tell how your house is locked.
Jimmy Song
Scalability
Higher scalability is achieved, since Taproot makes smart contracts cheaper and smaller in terms of space they take in the blockchain. Less data is stored in every block, fees are diminished, leading to more adoption and utility.
Sources
- Interview Giacomo Zucco
- Andreas Antonopoulos
- Anthony Pompliano
- Bitcoin Magazine
- bit2me Academy
https://academy.bit2me.com/en/what-is-taproot/