Topic: [D-8] Bitcoin is getting 3 major upgrades - Schnorr, Taproot and Tapscript (Read 709 times)

I first got to know about Taproot when I was attending my first ever meet on the 'Bitcoin Core PR Review Club'. The first meeting was great and I got to know a lot of insightful thoughts.
Then I researched what Taproot is all about and how it will increase privacy in bitcoin transactions. Then I got to know that it will also change from the tradition ECDSA to Schnorr signatures.
The fascinating thing is there's nobody to oppose these upgrades like how people had a huge debate over the SegWit upgrade.
A good number of mining pools have already started showing support for the upgrade. (List of pools supporting Taproot upgrade : https://taprootactivation.com/ )

there are a few recent developments:

• the coded versions of the taproot/tapscript/schnorr specifications are in the codebase for Bitcoin 0.21.0, this is available as a testing release from https://bitcoincore.org/bin
• mining pools with a collective 82.5% of the Bitcoin hashrate have made positive statements of some kind regarding their role in signalling for supporting the soft fork (they seem to prefer BIP8 signalling)

all that remains is for the actual soft-fork activation parameters to be agreed, then written for a possible Bitcoin version 0.21.1 (or 0.21.2, soft fork activation code usually goes into a minor 0.x.x release instead of a major 0.x.0 release). The remaining hashrate represented by the mining pools that haven't made a statement on the softfork will either follow the pools that signal (as there's a possibility of activation on timeout being included in the activation parameters), or run the risk of mining blocks that are invalidated by other Bitcoin nodes. So they would lose their miners to other pools sooner or later.

Once the soft fork activates, then wallet software needs to be rewritten to sign with schnorr, and to read and write taproot script. This will altogether (fork activation + wallet sf upgrading) take several months, hopefully it might be possible to use the features sometime next year. I imagine early 2022 at the latest.

Hello Jet Cash! The year almost passed and I was curious if you can offer some updates regarding the 3 enhancements you mentioned in OP, which were planned for this year - Taproot, Tapscript and Schnorr signatures. What happened with these network upgrades and the soft fork?

All three of these upgrades are really interesting. Personally cant wait to see the implementation of Schnorr and Taproot to give true privacy features into Bitcoin, indecently i was having a discussion on another thread  (https://bitcointalksearch.org/topic/how-do-they-tag-btc-from-gambling-mixers-dark-markets-etc-5272501) here about tainted coins and how a government and chain analysis company look into transaction history to taint coins (from sources they deem unworthy including mixers and dexes) and black list wallets. The implementation of schnorr and taproot for script privacy should make wallet/use-case fingerprinting more difficult for taint analysis.

Also wouldn't this also help with decorrelation for Lightning Network using PTLCs vs. HTLCs.

Here are some easy to understand articles i found on these proposals for anyone who wants to read up more:

1) https://medium.com/interdax/how-will-schnorr-signatures-benefit-bitcoin-b4482cf85d40

2) https://medium.com/interdax/what-is-taproot-and-how-will-it-benefit-bitcoin-5c8944eed8da

3) https://medium.com/interdax/what-is-tapscript-and-how-will-it-benefit-bitcoin-96fbb43a7169

4) https://bitcoinmagazine.com/articles/2020-and-beyond-bitcoins-potential-protocol-upgrades

5) https://www.coindesk.com/bitcoins-future-exactly-how-a-coming-upgrade-could-improve-privacy-and-scaling

Are these updates are added to the network, or those are into implementation. Going through the article Taproot, it is easily understandable for technically skilled one's. More technical things are found in it. If someone can simplify the advantages and the associated update change it'd be helpful to all levels of users.

SegWit was neither the first nor the last update to bitcoin protocol. it was one of many updates that we had and will continue having. it just made a lot of noise because there were groups of scammers trying to cause drama, the same people who ended up creating their own shitcoin by copying bitcoin and its name.

bcash is not bitcoin's rival! it is yet another copycat shitcoin among thousands of them. the fact that they make more noise doesn't make their shitcoin any different from the rest of them.

BTCBTCThis is my first time hearing these new updates, I thought Segwit was the last and final update since it will finally make us able to pay a low-cost transactions fees. with these new updates, we can say that Bitcoin will make another improvement steps ahead from its underdog rival (BCH).

i only heard about this topic/upgrades yesterday and have also opened a german thread about it
https://bitcointalksearch.org/topic/was-ist-das-taprootschnorr-upgrade-und-wann-kommt-es-5267427

Thanks. I'll quote this as a +1 to myself and for clarity on differences between Schnorr's effects and confidential transactions.

I am yet to get a hang of the atomic swap concept. That is actually quite interesting that swapping bitcoin would be indistinguishable from a simple payment. While reading about sidechains, i came across the fact that a UTXO generated on parent chain is locked to the SPV proof on the child chain. This gets confusing very quickly and will take some more time to understand, at which point, I'd be happy to share my understanding.

Absolutely good sir.. Such increased functionality gives more power to every bitcoin user to defend themselves from arbitrary bank controls and the overarching effect that central banks world over have on jobs, economy and inflation in cohort with Governments and big corporations. Like nullius would say, "Bitcoin is for everyone."

Correct, those would require hard fork changes to Bitcoin like the implementation of RingCT in Monero and/or CT on the Liquid sidechain.


True, but combined with Schnorr signatures, there are some pretty interesting applications. One could atomically swap from Bitcoin to a different cryptocurrency, but all an observer could see on the blockchain is a simple payment.

That opens up a whole new world for output mixing and amount obfuscation via private payment channels and atomic swaps.

I look at crypto from multiple angles.

Think of crypto as presidential candidate Andrew Yang.

Think of banks as presidential candidate Micheal Bloomberg.

New school vs Old school 🏫.

These ideas 💡 look to make crypto much more like money 💵.

I see lots of roadblocks tossed at BTC .

New York state made very strict rules against pools.  Forcing a major pool based in New York to close.

Maybe someone can confirm if it was  btc guild.

USA government made every coin to to coin  trade a reportable tax event.

Other countries followed suit.

I don’t think these ideas to make Btc more flexible to move around are bad.

I think they will make old money old idea guys nervous.

kind of like oil vs solar.

This should have been an interesting discussion purely on the basis of the implications on security and usability of bitcoin in a business scenario with multiple entities. I am sharing my understanding which may have some chinks. You are welcome to poke holes and discuss.

---

Talking just about Taproot and Schnorr signatures, Schnorr signature is proposed to be an additional scheme of generating signatures (Public-Private key pairs) along with the existing ECDSA signatures. Apart from increased provable security, the main benefit that is meant to be derived from Schnorr is the ability to implement "Signature aggregation".

It allows the generation of a single signature which is valid for the sum of multiple public keys. This is particularly useful in multisig transactions. A multisig transaction's size is dependent on the number of parties involved. For example, in a typical 2 of 3 Multisig, the 2 collaborating parties put their signatures. Both these signatures need to be included to make the transaction valid. This increases the size of a multisig transaction.

Using Schnorr signatures allow the formation of a signature which is the "aggregate" of the two collaborating signatures but takes up the same space as a single signature.

Next up, the privacy related problem is that such an aggregated transaction is distinguishable from a normal transaction. (How this distinction happens is for technically-higher beings to explain). This is where taproot comes in that enables the formation of aggregate/ multisig transactions in such a way that they are indistinguishable from normal transactions.

Note:I see a few comments saying that Schnorr signatures will result in making public keys indistinguishable from the transactions and the amounts involved will be invisible, making bitcoin more private. This seems to be a myth as this is not the effect neither the intent of Schnorr induced privacy feature, AFAICT.

---

---

This brings me to one of the best points raised in terms of pure discussion of things like consensus and privacy which normal users should be interested in.
Taproot gives more functionality to bitcoin in terms of implementing complex scripts involving multiple parties while keeping the details private. It opens up several use-cases that "money" should have. Like allowing you to form a "will" or a "trust fund" while taking into consideration several real-world conditions/ contingencies while keeping it hidden that such a collaboration is involved behind the scene. It surely makes bitcoin have more functionality in terms of the buzz word FinTech. This is but an obvious evolution IMO.

Taproot will not hide the actual address/ transaction amounts involved. It will simply reduce the signature size involved while signing transactions from such a wallet.

From what i read, i think the fear is misplaced. If anyone else thinks its a valid fear then this is something worth more discussion and research.

okay a bank moves money all over and has maybe a 10% cash 💰 reserve.


This just like segwit is going to allow off book 📚 transactions.

I look at the over all concept and see it making btc more like a bank/money item then a stock/commodity item.

I am not sure worldwide banking would like this. As it makes btc more threatening to them.

Personally I don’t think 🤔 Its a good idea.

But maybe its okay. It is an issue for btc to make a lot more transactions.

I think off book coin sales based on reserves of 10 percent in a given exchange are really a bigger problem

Then people realize. I think this makes it easier to do just that.

Cryptocoins are so subject to manipulation by large players and hiding all transactions behind a taproot means a multi sign wallet like coinbase or bittrex will be hidden better.



edit:  this idea below will be easier to do with taproot.


So if bittrex coinbase and hitbtc all have trackable multiple signature wallets.  taproot will hide them from us.

 then they can conspire to raise and crash coin price with very little ability to see they are doing it.

any three exchanges can do the example. or four or five.

all hiding behind taproot in the name of privacy.

So basically the idea scares me.

I had this single proposal in my mind, but in a sort of abstract way.
I thought Schnorr could be added on its own but Taproot was a Schnorr
add-on so to speak.

How I understand it is that Schnorr is enabling the scaling and some
privacy features while Taproot and Tapscript are additional complimentary
scaling and privacy features.

The 3 indeed acting as a single proposal as explained above
by gmaxwell and in one of my links.


*Credit to Greg Maxwell

There is a *single* proposal.  It has three parts, for engineering/review reasons.  You can't separately implement the different parts and you wouldn't want to if you could.  By themselves each of the parts is not very useful, its their combination that makes them very useful. Sort of like how a car has many parts which can be separately engineered and analyized, but the drive shaft in isolation isn't useful.

Segwit was split across 4 BIPs (5 if you count the later bc1 address stuff).

Its not speculation the 3 BIP's are coded all that is waiting to happen is
a decision on how to implement it so there will be discussion around that.

Tapscript provides the updated script part of Taproot, the two BIP's are
not that extensive but they  are what creates the privacy of the Schnorr signatures.

Brewmaster has posted a link to the Schnorr Signature proposition


and here is a link to the 3 proposals > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-May/016914.html

Time locks! Finally.
We will get unbreakable time capsule for our coins, that's awesome.
Everyone with not so strong will and patience will get native blockchain support for making  HODL easier  
To me it all looks like a big hand shake in the general direction of big business aka banks or other financial institutions.
I have no problem with that, in fact that may be quite beneficiary which is obvious.

Taproot upgrade consists of Schnorr, that is a form of MAST but upgraded and possible protocol upgrade called tapscript.
Hope that this clears that out for you. But keep on researching though.

Can you provide a source to show that these are going to be implemented in Bitcoin?

I know there's a lot of debate going on right now saying Schnorr signatures should be added in addition to Taproot, but I haven't seen much debate surrounding Tapscript.

Is this just speculation, or has it been formally announced that these changes will be implemented?

So complicated for me 

As far as i understand Taproot combines Schnorr and MAST.?

It is clear that a better privacy and scalability upgrades will be benefitical for the ecosystem.  if it will change the lightening network transactions more private and cheaper, i think it is something good huh?

i don't think it is that recent though.
Schnorr related discussions existed around the time of SegWit and the BIP was actually created last year in July and has been discussed and improved ever since. you can see it here: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016203.html
it was only recently that the final draft was added to the "bitcoin account" on github.