Author

Topic: Bitcoin's Taproot Privacy Tech Is Ready – But One Thing's Standing In The Way (Read 182 times)

member
Activity: 324
Merit: 17
Bitflate developer
I think the privacy talk for Bitcoin is overstated. There are other blockchains that handle privacy. If Bitcoin adds more privacy features, it'll only compete with those privacy coins. I don't think the problem with Bitcoin adoption is in the technology.
member
Activity: 141
Merit: 62
Taproot is a way to combine Schnorr signatures with MAST[62]. The Schnorr signature can be used to spend the coin, but also a MAST tree can be revealed only when the user wants to use it. The schnorr signature can be any N-of-N or use any scriptless script contract. The consequence of taproot is a much larger anonymity set for interesting smart contracts, as any contract such as Lightning Network, CoinSwap, multisignature, etc would appear indistinguishable from regular single-signature on-chain transaction.

The taproot scheme is so useful because it is almost always the case that interesting scripts have a logical top level branch which allows satisfaction of the contract with nothing other than a signature by all parties. Other branches would only be used where some participant is failing to cooperate.

https://en.bitcoin.it/wiki/Privacy

There is even Graftroot which are even better on reducing transaction size than taproot, at the cost of increased participant interaction.
newbie
Activity: 294
Merit: 0
We had to be very patient for whatever technology we have right now. Even blockchain and bitcoin have needed years to get developed to their current state and still there are changes being made which are developing these technologies and making them usable for future. If Schnorr takes more time, I think we are all willing to wait for it too.
newbie
Activity: 168
Merit: 0
From a neutral point of view I wouldn't want such technology to be implemented where people wouldn't even be able to track the coins that have been stolen from them. If they can come up with a technology that can help people from losing their coins to petty thieves and scammers that would help the community in a great way.
jr. member
Activity: 238
Merit: 2
Bitcoin's privacy is pretty abysmal – after all, what else can you say when anyone in the world can look up any transaction using a web explorer?

But while that's the case today, developers have long been trying to find a fix, or at least improve it over time. One of bitcoin's most famous developers, Greg Maxwell, even aroused quite a bit of interest when he proposed something called Taproot back in January.

Far from providing full bitcoin privacy, Taproot's code offers a way to make all transactions on the blockchain look the same to outsiders. Still, chatter about the proposal has arguably faded as other projects caught the community's eye and bitcoin's price tumbled.

Among those who haven't forgotten about the proposal, though, are bitcoin's developers, as plenty of toiling has been going on behind the scenes. Mathematician Andrew Poelstra pulled together a mathematical security proof in April, while Xapo engineer and Bitcoin Core contributor Anthony Towns put forward an idea for potentially decreasing how much data the privacy technique uses in July.

The continued work showcases why many believe Taproot to be a discovery that provides an "enormous privacy win" for bitcoin, as Blockstream co-founder Pieter Wuille put it in a recent talk. Even better, it's actually not a crazy difficult change to make to bitcoin. Test code is already implemented , in fact, putting Maxwell's theory into practice.

"Taproot is simple enough it could probably go in straight away," Towns told CoinDesk.

The problem, and it's a big one, is it's dependent on tech that doesn't exist yet.

Towns explained:

"Without Schnorr, Taproot doesn't get you all the way to where you want to go."

The missing piece
The reason is that Taproot would keep it a secret that any advanced payment is occurring on bitcoin.

More commonly known as smart contracts, there are a variety of complex transactions used in bitcoin, like the kind that enables the off-blockchain protocol lightning for more scalable bitcoin payments and other complex types that are still in development.

But because bitcoin's ledger is public, it's obvious when someone uses one of these complex transactions.

Taproot puts an end to that by making these transactions look the same as every other "boring payment," as Maxwell put it in the technology's announcement post.

Yet, it can't do this without Schnorr, an upgrade to bitcoin's signature scheme that's been on developer's coding agenda for years. The signature scheme is supposed to be better than bitcoin's current signature scheme "in basically every way." And it enables Taproot because it allows signature data to be mashed together into one.

"Schnorr is necessary for that because without it, we cannot encode multiple keys into a single key," Wuille continued in his presentation.

Schnorr's just finally getting off the ground. In fact, it looks like it's going to be bitcoin's next crucial change, with Wuille recently publishing a (very) technical proposal detailing how it might one day be added to bitcoin.

But since Schnorr's been taking years, developers have long been dreaming about what they can build on top once the technology is actually live.

As Towns put it, Schnorr is a "more exciting" change, but Taproot is "the cherry on the top."

But since developers have long been thinking about other enhancements, including those enabled by Schnorr, it's worth noting that Taproot isn't the only important change being considered. Towns thinks the privacy enhancement might be rolled in with a bunch of other upgrades going into bitcoin at the same time.

"As far as I'm concerned, Taproot, Schnorr, Graftroot is a bundle that all goes together," he said, referring to yet another technology Maxwell pioneered.

And it doesn't stop there. Towns guesses that still even other long-anticipated changes will go in at the same time, including MAST, a proposal to boost bitcoin smart contracts, and SIGHASH_NOINPUT, a change that could usher in a more reliable lightning network - the tech bitcoiners hope will help bring bitcoin to the masses.

Even though these technologies have different names and have been proposed at different times, Towns is starting to think of them as one thing.

Deciding what's next
There are so many proposed changes, in fact, developers have been grappling with which should be made first.

Wuille explained in his talk why it's not such an easy decision. There's a small pressure for deploying all these features together at once. Each time they deploy a new "consensus change," it requires a new addressing format.

Since the addresses are different than the old one, this makes it very obvious who's using the new feature - especially since not everyone is going to suddenly adopt the feature the day it launches. It's going to take time, just like past changes have taken time.

That's a small hit to privacy. And doing this more than once would be even worse.

On the other hand, deploying all these changes together would be a mess.

Speaking of other changes, there's also so-called "signature aggregation," the most-hyped application of Schnorr, which could help to scale bitcoin even further. But since it's so complex and needs further review, this is one change that developers think should be added to bitcoin later on.

But Schnorr might not ultimately prove to be a roadblock for Taproot.

In fact, Wuille's been focusing on a proposal to deploy Schnorr and Taproot together, partly because he thinks the privacy addition from Taproot is so exciting, calling it an "enormous win" for smart contracts in bitcoin.

On the Schnorr front, Towns mentioned that developers are still working out some kinks, such as a hardware attack vector that Maxwell discovered.

Developers are cagey to give code timelines, since upgrades often take longer than expected. And Schnorr is no different.

Poelstra, is hopeful it could be deployed by the end of the year, giving bitcoin users a chance to decide whether to adopt it or not. But it all depends on whether developers can settle on a path for the change.

As Towns put it:

"You can't come up with a proposal until you know what to stick in it. The only real delay is finalizing what's going into it. "

https://www.coindesk.com/bitcoins-taproot-privacy-tech-is-ready-but-one-things-standing-in-the-way/
Jump to: