Pieter Wuille publishes BIPs for Taproot & Schnorr Signatures

in #bip6 years ago


On May 6th 2019, prolific Bitcoin Core developer and Blockstream co-founder Pieter Wuille has formalized and sent (via bitcoin-dev mailing list) a series of significant BIPs (Bitcoin Improvement Proposals) that derive from game-changing cryptographic advancements. More precisely, the Belgian engineer has published two distinct yet complementary documents which provide more details on a potential soft fork which integrates Schnorr signatures, Taproot and Tapscript. For the sake of transparency and in order to encourage peer reviewing, all the contents are available on his GitHub repository.

Though these technologies have been discussed by community members for quite some time, this is the first formal public attempt to create a clearer and more comprehensive way of scrutinizing the ideas. Furthermore, the BIP format is excellent at setting goals and boundaries for a specific research: it's no longer about hypothetical scenarios and envisioned applications, as pragmatic ways to put matters into practice take over the public discourse.

In plain terms, we're speaking of a research draft for a series of good ideas whose implementation was vague until the moment someone took time to explain everything in written (and properly documented) form. Thanks to this effort, now we know exactly what Schnorr signatures and Taproot can do to Bitcoin, and what the realistic expectations should be (as opposed to the various speculations and rumors which circulated on social media and discussion forums).

https://twitter.com/kanzure/status/1125469414458122241

The trademarked soft fork approach of Pieter Wuille


Pieter Wuille wasn't the first Bitcoin Core developer to step into the scene, but he has been consistent in creating improvements that embellish the protocol via soft forks (without requiring a network split, through the opt-in "UASF" philosophy). Thanks to his contributions, we now have a market for BTC wallet clients outside of Bitcoin Core, we are able to use deterministic wallets that can be changed between clients (BIP 32), and the block size can be effectively increased in times of high network demand via SegWit (BIP141).

None of these upgrades create incompatibility issues with older clients, and the Bitcoin nodes are able to communicate and agree regardless if they chose to implement these benefits. Schnorr signatures, Taproot and Tapscript are set to be deployed on the basis of the same philosophy, so that the network participants can choose to use them or ignore them without schismatic consequences.

 



What are Taproot and Schnorr signatures?


According to the brief summary of Mr. Wuille from the bitcoin-dev e-mail, Taproot makes "all outputs and cooperative spends indistinguishable from each other", and Schnorr signatures "enable wallet software to use key aggregation/thresholds within one input". In a nutshell, we are dealing with improvements that are concerned with privacy and efficiency.

Pieter Wuille describes the two protocols in the following words: "Taproot's advantages become apparent under the assumption that most applications involve outputs that could be spent by all parties agreeing. That's where Schnorr signatures come in, as they permit key aggregation: a public key can be constructed from multiple participant public keys, and which requires cooperation between all participants to sign for. Such multi-party public keys and signatures are indistinguishable from their single-party equivalents. This means that under this Taproot assumption, the all-parties-agree case can be handled using the key-based spending path, which is both private and efficient using Taproot. This can be generalized to arbitrary M-of-N policies, as Schnorr signatures support threshold signing, at the cost of more complex setup protocols."

The combination of MAST (Merkelized Abstract Syntax Tree), Schnorr signatures, and Taproot can lead to the creation of very efficient and private Bitcoin smart contracts, where the participants only reveal the conditions that finalize the deal. The clauses involved in a deal should not be visible on a public ledger, and good contracts should retain a certain degree of confidentiality with the outside world. This is where Taproot and Schnorr step in and make sure that nobody else can see what the other contractual provisions were.

For instance, if Kate and her son James make a deal and decide that 2 BTC should be awarded to James by the time he turns 18 or when he becomes competent enough to make use of his part of the private key, then the intrusive eyes of blockchain analysts will only see the conditions under which the transaction occurs (but not the other terms which could have made it happen at a different time).

It's worth mentioning that the word "scalability" is not featured in either of the BIPs, which might be a slight disappointment for those expecting to have more issues fixed via Schnorr. However, as Mr. Wuille himself states, new discoveries are bound to be made along the way.

Privacy is a delicate topic in the case of Bitcoin, as advocates either praise the transparent approach or seek to obtain more confidentiality by joining second layers or by mixing their coins. Nonetheless, it's unlikely that Taproot and Schnorr will completely replace the need for confidential transactions and creative ways to obliterate the Big Brother approach to the blockchain.

What is evident is that Bitcoin is slowly, conservatively, and steadily growing, and not even the brightest minds in the field can envision all the future applications and the great potential of the technology. Satoshi Nakamoto has designed a framework with a great amount of potential, and the limitations constantly push brilliant engineers like Pieter Wuille to innovate and improvize. After all, the world's biggest network which supports non-governmental money should never undergo radical changes and is bound to operate on the grounds of voluntaryist philosophy.

Image credit: Everipedia

 

Read more:



Originally posted on Crypto Insider : https://cryptoinsider.com/pieter-wuille-publishes-bips-schnorr-taproot/