This should have been an interesting discussion purely on the basis of the implications on security and usability of bitcoin in a business scenario with multiple entities. I am sharing my understanding which may have some chinks. You are welcome to poke holes and discuss.
Talking just about Taproot and Schnorr signatures, Schnorr signature is proposed to be an additional scheme of generating signatures (Public-Private key pairs) along with the existing ECDSA signatures. Apart from increased provable security, the main benefit that is meant to be derived from Schnorr is the ability to implement "Signature aggregation".
It allows the generation of a single signature which is valid for the sum of multiple public keys. This is particularly useful in multisig transactions. A multisig transaction's size is dependent on the number of parties involved. For example, in a typical 2 of 3 Multisig, the 2 collaborating parties put their signatures. Both these signatures need to be included to make the transaction valid. This increases the size of a multisig transaction.
Using Schnorr signatures allow the formation of a signature which is the "aggregate" of the two collaborating signatures but takes up the same space as a single signature.
Next up, the privacy related problem is that such an aggregated transaction is distinguishable from a normal transaction. (
How this distinction happens is for technically-higher beings to explain). This is where taproot comes in that enables the formation of aggregate/ multisig transactions in such a way that they are
indistinguishable from normal transactions.Note:I see a few comments saying that Schnorr signatures will result in making public keys indistinguishable from the transactions and the amounts involved will be invisible, making bitcoin
more private. This seems to be a myth as this is not the effect neither the intent of Schnorr induced privacy feature, AFAICT.
This brings me to one of the best points raised
in terms of pure discussion of things like consensus and privacy which normal users should be interested in.I look at the over all concept and see it making btc more like a bank/money item then a stock/commodity item.
I am not sure worldwide banking would like this. As it makes btc more threatening to them.
Taproot gives more functionality to bitcoin in terms of implementing complex scripts involving multiple parties while keeping the details private. It opens up several use-cases that "money" should have. Like allowing you to form a "will" or a "trust fund" while taking into consideration several real-world conditions/ contingencies while keeping it hidden that such a collaboration is involved behind the scene. It surely makes bitcoin have more functionality in terms of the buzz word FinTech. This is but an obvious evolution IMO.
So if bittrex coinbase and hitbtc all have trackable multiple signature wallets. taproot will hide them from us.
...
then they can conspire to raise and crash coin price with very little ability to see they are doing it.
Taproot will not hide the actual address/ transaction amounts involved. It will simply reduce the signature size involved while signing transactions from such a wallet.
So basically the idea scares me.
From what i read, i think the fear is misplaced. If anyone else thinks its a valid fear then this is something worth more discussion and research.