Breaking News: Finally Bitcoin Taproot is enabled today
Bitcoin Taproot activated today!
Bitcoin Taproot is enabled
As of a few moments ago, the soft fork update on Bitcoin called “Taproot” has been activated in the Bitcoin protocol. Block 709.632 is the first block in which the new rules from the Bitcoin Improvement Proposals BIP 341 and BIP 342 apply. As expected, the update has gone smoothly so far and there isn’t really anything for “normal users” to see anyway. So what innovations does Taproot actually bring? In this article we summarize the most important points.
What is Taproot on Bitcoin transactions?
Taproot is a further development of Bitcoin, which is intended to create more privacy and data protection through improvements to the so-called scripts, among other things. With Taproot, complex smart contracts and multi-signature transactions (e.g., to open a payment channel in the Lightning network) can no longer be distinguished from simple peer-to-peer transactions. This is because Taproot also introduces a new signature scheme called Schnorr signatures. These make it possible to use multiple keys within a complex Bitcoin transaction and create a single unique signature. This means that the signatures of multiple parties involved in the transaction can be combined into a single Schnorr signature.
What innovations does Taproot bring?
New signatures
The signature algorithm used so far for Bitcoin is the so-called Elliptic Curve Digital Signature Algorithm (ECDSA), which Satsohi Nakamoto chose at the time primarily because it is open source and was also already well researched at the time.
Since the patent of Schnorr signatures expired in 2008, they have also proved to be a particularly elegant and efficient method of signature generation in the world of cryptography.
After long discussions within the Bitcoin community, Schnorr signatures will now be another way to prove that one is the rightful owner of the respective BTC. Through the key aggregation, which the Schnorr signatures offer in contrast to ECDSA, several public keys can be combined into one and then signed by a single private key, for example. Users of multi-signature setups, therefore, no longer have to create a signature for each of the keys involved, but only one. This saves storage space on the blockchain and makes the entire Bitcoin system more efficient.
New address format
Probably the most noticeable change that the Taproot update brings with it, even for laymen, is the new so-called “Pay-to-Taproot” or “Bech32m” addresses. The three previous address formats (legacy, SegWit and native SegWit) are now joined by a fourth format. A distinction with regard to the currently used “native Segwit” addresses is likely to be particularly difficult. While native SegWit addresses (also: “Bech32 addresses”) start with the character string “bc1q”, the new Taproot format will start with the characters “bc1p”.
Of course, the question now arises as to what advantages and possibly disadvantages are associated with the use of the new addresses.
More favorable transactions
Until now, new address formats have always brought with them a reduction in transaction size and thus a saving in transaction fees. In fact, this cannot be said across the board when comparing pay-to-taproot (P2TR) and native Segwit (P2WPKH) addresses. This is because a normal transaction with two inputs, two outputs and only one signature is even slightly larger when using P2TR than with the current native SegWit standard.
Now, it may seem at first glance that it would not make sense to use the new P2TR addresses if you are a normal user who manages his Bitcoins with a hardware wallet and does not use a multi-sig. And indeed, an immediate switch is not mandatory.
However, one should keep in mind that the one who wants to spend the Bitcoins cannot choose to which address types the payment should go. So if you stay with P2WPKH yourself and everyone else upgrades to P2TR, the typical size of your own 2-in-2-out transactions is 232.5 bytes, while all P2TR transactions are still only 211.5 Vbytes.
But even apart from that, the use of P2TR can bring further advantages especially for MultiSig users.
Better privacy
As mentioned above, the Taproot update also brings certain privacy benefits. Taproot transactions will no longer be distinguishable from those that participate in Coinjoins or open Lightning channels.
More predictable fees
ECDSA signatures can vary in size. Since wallets must choose the feerate of a transaction before creating the signature, most wallets simply assume the worst possible signature size and accept that they will slightly overpay the feerate if necessary when a smaller signature is created. With P2TR, the exact size of the signature is known in advance, so the wallet can reliably choose an accurate federate.
Better performance for full odes
The overall security of the Bitcoin system depends on operators of so-called fullnodes verifying each confirmed transaction with their own nodes. Taproot’s Schnorr signatures can be efficiently verified in Federation (batch verification), which reduces by about half the number of CPU cycles that nodes must spend verifying signatures during the process of reprocessing previous blocks.
Better performance for hardware signing
To protect against so-called “fee overpayment attacks,” there are some hardware wallets that only sign transactions if each UTXO to be issued is accompanied by metadata. This becomes especially problematic for devices that use a QR code of limited size as a communication medium (“air-gapped”). Taproot removes the vulnerability underlying fee-overpayment attacks and can thus significantly improve the performance of hardware devices.
MAST
If person A wants to make a BTC transaction to person B, but wants to attach certain conditions to the “redemption” of the sent BTC (e.g. person B can only spend the coins in a year), nowadays person A has to publish ALL conditions in the blockchain (visible to all). Among other things, this could reveal the intentions of the respective counterparty and thus entails losses of privacy and data protection. The so-called MAST are intended to remedy this.
The first ideas for Merklized Alternative Script Trees (MAST) were developed back in 2012. These MAST allow that not all information has to be published in a script anymore. A version of MAST is now also part of the Taproot proposal BIP341. Pay to Taproot (P2TR) output scripts are encoded in a single public key. Internally, they consist of an inner key associated with the root of a MAST. P2TR output can be issued either through the key path by creating a signature that satisfies the public key, or through the script path and the “leaves” of the MAST. With the help of MAST, the output conditions for a Bitcoin transaction can accordingly only be partially disclosed, resulting in less information to be packed into a transaction overall, saving storage space on the blockchain and thus transaction fees. By no longer having to disclose everything, it also promotes privacy.
Conclusion
In addition to its features that contribute to saving block space and transaction fees, the Taproot update primarily brings advantages in terms of privacy in the Bitcoin network. Through Taproot, transactions such as so-called coin swaps, in which network participants can exchange UTXOs with each other, can be made possible anonymously. Taproot will also bring some privacy improvements to the Lightning network. On the one hand, channel openings and closings can no longer be tracked so well, and on the other hand, the Schnorr signatures enable the use of so-called PTLCs, which are a further development of the HTLCs currently used in the Lightning network and also lead to better privacy of payments.
Some of the things that Taproot will enable in the future have not yet been invented. Due to the new properties of Bitcoin, more and more new use cases will open up over time. So we can be curious about what the future will bring us. If you would like to know more about Taproot, take a look at the following two videos: