In the near future, Bitcoin will usher in an important soft fork upgrade of its own, Taproot. More than 90% of miners agreed to this upgrade. Therefore, it is unlikely that there will be community fork debates that occurred during the SegWit upgrade. It seems that this upgrade has not attracted much attention, but there are also many articles calling it the most important upgrade.
What exactly is the Taproot upgrade, and is it really exciting?
Taproot itself means taproot plant. Gregory Maxwell, the creator of Taproot, explained that he hopes that in the process of Bitcoin transaction and payment, he can pay attention to the big main root like a main root plant, while hiding unnecessary small branches.
The road to the impossible triangle
No matter what kind of blockchain is upgraded, it will ultimately solve the impossible triangle problem in the blockchain. The impossible triangle theory in the blockchain world was proposed by Vitalik in an article titled “On sharding blockchains”. It means that it is very difficult to achieve the three conditions of decentralization, security, and performance at the same time in a blockchain network. Often the reality is that when we improve certain two conditions, we have to sacrifice the third condition.
And this Taproot upgrade has not deviated from this big framework. Taproot upgrade mainly corresponds to two aspects. The first purpose is to further improve its anonymity, that is, to further improve security. On the other hand, it is expected to improve the performance of the transaction by changing the data structure of the block itself and reduce the unnecessary data burden in the transaction.
Decompose Taproot
Taproot upgrade is a collective term for three complementary BIPs, including Schnorr signature (BIP 340), Taproot (BIP 341) and TapScript (BIP 342).
Schnorr signature
The Schnorr signature was proposed by the German cryptographer Claus Schnorr. However, due to patent reasons, Schnorr signatures were not available for free use until 2008, which made the Bitcoin born in 2008 miss it and adopted ECDSA signatures.
At present, Schnorr signature almost surpasses ECDSA signature in terms of performance and security. Schnorr and ECDSA use the same elliptic curve algorithm, so it is easier to implement the upgrade problem. Among them, the most eye-catching part of Schnorr is the aggregate signature that acts on the transaction output level.
Under multi-signature conditions, we often have to put multiple signatures into the transaction data, especially when there are many signatures, which will bring a lot of transaction fees and memory burden. But with aggregate signatures, we can combine multiple signatures into one signature.
Similarly, under the Schnorr signature, public keys can also be aggregated, which greatly improves the performance of the Bitcoin network during transactions.
When verifying, the traditional ECDSA can only support one-by-one verification. But Schnoor benefits from its aggregation idea and can perform batch verification on nodes.
Taproot
We know that anonymity has always been an important security issue that Bitcoin pursues. At the address level, although the pseudo-anonymity of Bitcoin addresses isolates the physical world identity from the world address on the chain to a certain extent. But for different transactions, the types of addresses are very distinct.
The goal of Taproot is to improve the anonymity of Bitcoin addresses, so that all addresses look the same, and you cannot analyze the types of transactions from the addresses. Using Taproot can merge independent P2PKH and P2SH, making it indistinguishable from each other, but the transaction fees they bear are the same, and this is exactly the use of Schnorr’s ideas.
At the same time, Taproot uses Schnorr to create Merkel abstract syntax trees (MAST, a data structure that combines abstract syntax trees and Merkel trees). In the previous situation, suppose we have a transaction. The conditions for this transaction are that user A can use the transaction 30 days before the transaction is initiated, and user B can use the transaction 30 days after the transaction is initiated. In the end, no matter who uses the transaction, the information of users A and B will be exposed, which is obviously unnecessary.
In MAST, only the user who used the transaction will be exposed, while the information of another user will be hidden, which greatly protects the user’s privacy.
TapScript
BIP 342 is about the specific content of the Taproot script implementation. It adds some opcodes for execution and deployment of Taproot, Schnorr, soft fork and other code-level functions. Such as “OP_CHECKSIGADD”. Disabled inefficient opcodes such as “OP_CHECKMULTISIG” and “OP_CHECKMULTISIGVERIFY”. Revised “OP_CHECKSIG” and “OP_CHECKSIGVERIFY” to provide Schnorr functions. The content of the Bitcoin script has been improved as a whole to adapt to the Taproot upgrade.
Summarize
In summary, Taproot upgrades do have some highlights, but more Taproots are more like improvements and supplements to SegWit’s legacy issues. As the abstract described in bip-0341: “This document proposes a new SegWit version 1 output type …” This is just a new solution for SegWit output level.
Another problem is that the Taproot upgrade is a soft fork. Among them, the real activation of Schnorr will not start until next year, so the upgrade process of Taproot itself will not happen overnight. If P2TR (the address under Taproot) fails to become the mainstream, then P2TR obviously has not achieved its purpose of anonymity with other addresses.
In addition, there is another voice questioning the actual effect of Taproot, which believes that Taproot will fragment the address space, making it easier for attackers to analyze.
For ordinary users, the most intuitive benefit of Taproot is that it reduces transaction costs and improves the anonymity and efficiency of transactions. In any case, what impact the upgrade of Taproot will have on Bitcoin, and whether it can achieve the expected goal, has only to be verified by time.