Taproot: a review of a long-awaited update to the Bitcoin network

Taproot will be launched soon. It’s an upgrade aimed at increasing the privacy, scalability, and security of the Bitcoin network. Taproot is expected to be the biggest technological update since 2017. In the article, we will discuss what Taproot is and how it functions.

What is Taproot?

Taproot is the Bitcoin soft fork. It’s designed to change the protocol scripts in order to increase the overall performance. Any transaction in the network activates scripts that determine what actions users can conduct with the asset. Now, the Bitcoin network uses the P2SH script that hashes user data into an encrypted code. However, after the coins are spent, scripts are stored in the blockchain. As a result, the network grows, and confidentiality gets compromised.

Any member of the network can view transactions conducted using complex scripts. Thus, they are easier to trace. Taproot will allow hiding the very fact of using the script, therefore eliminating the differences between types of transactions, whether we’re speaking of a P2P operation or a complex smart contract. The Taproot update comes with Schnorr signatures and the MAST solution.

Merkle tree (MAST)

MAST (Merkelized Abstract Syntax Tree) allows separate hashing of coin spending conditions. The hashed data is then united in the Merkle tree. Unlike P2SH, MAST structures multiple spending conditions, but only the finished ones are accessible in the Merkle tree.

The described model serves to save the network space and contributes to the realization of more complex scripts. There’s a possibility to implement several conditions like multi-signature, the transfer of an asset at a certain time, and a secret code. The spending method depends on the first fulfilled condition. Once it’s revealed, it will be impossible to view unrealized conditions. However, without Schnorr signatures, the existence of the MAST structure cannot be hidden.

The Schnorr signature scheme

The main advantage of the technology is its linearity. This property allows aggregating keys and signatures into a single key and a signature to hide the transaction data, including the type, quantity of users and keys, etc.

Bitcoin was created with the implementation of ECDSA. According to that algorithm, digital signatures are flexible and can’t be used for signature aggregation. ECDSA requires the signature of every party. This increase the size of the blockchain.

Key aggregation eliminates the need to verify every single gateway, allowing to speed up the consensus process. Schnorr signatures require less network storage. As a result, transaction size and fees decrease. Besides, the technology conceals whether the address belongs to a single person or a group of people.

Taproot capability

The Taproot update includes the best characteristics of the mentioned technologies but modifies them.

To reach a consensus, all parties can perform a signature aggregation. Due to Schnorr signatures, all the conditions that are not a part of the signature aggregation are united into a separate script and hashed. After it, the hash is used for changing the threshold public key by multiplying. The same procedure with the threshold signature allows getting one more pair. Thus, a signature aggregation multiplied by script allows parties to perform transactions. However, anyone unaware won’t be able to notice the difference.

If signature aggregation isn’t possible, both the threshold public key and the script are revealed: this confirms the validity of the modified version and indicates that the transaction can be realized under the alternative conditions from the script.

Another way to modify the threshold key is to use the hash of the Merkle tree. Here, only the realized condition is revealed.

Conclusion

Taproot will make Bitcoin scripts more private, flexible, and efficient. Developers will be able to create complex scripts that do not congest the network. Advanced transactions with a signature aggregation will help to save on fees. Besides, Taproot will allow minimizing the reveal of transaction data, and Schnorr signatures will increase the group of transaction types that can be concealed.