Bitcoin Forum

Taproot was locked-in (https://content.taproot.watch/taproot.mp4) on June 12, 2021 and will be activated in November, after its activation, some reputed wallet will will support it. Taproot is the second part of the Schnorr (BIP340) (https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki), Taproot (BIP341) (https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki) and Tapscript
and (BIP342) (https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki) proposal, Taproot and schnorr signature helps in efficiency, scaling and privacy, reducing transaction fee and making indistinguishable spending possible. Schnorr Signatures is a standard for 64-byte signature over the elliptic curve secp256k1 unlike the traditional ECDSA signatures over the secp256k1 curve with SHA256 hashes for authenticating transactions. Schnorr signature in comparison with ECDSA will be briefly emphasized on in the significance of schnorr. The spending rules is based on Taproot, Schnorr signatures, and Merkle branches but the focus of this article is about (pay-to-taproot) P2TR transactions and the significance of Taproot that was proposed. While Schnorr adds a new signature type, Taproot builds on this further by introducing a new transaction output version and a new way to define spending conditions.

Keys aggregation and transaction Indistinguishability
P2SH and P2WSH multisig transactions require high fee for bitcoin on-chain spending, the higher the number of keys needed, the higher the fee. Like in 2-of-3 multisig, three public keys are required for spending, while the transaction fee will be more higher than two keys needed in 2-of-2 multisig while the fee required for a single public key will still be lower than 2-of-2 multisig higher. The higher the number of public key used to generate the multisig wallet, the higher the bitcoin required for fee. These is the reason it is better to make use of segwit (P2WSH) for low transaction on this multisig wallet rather than P2SH type, but yet the increase in the number of public keys, the increase in transaction fee required. The keys are not aggregated, resulting to more data buildup on the blockchain while such transactions are obviously distinguishable as blockchain observer can differentiate this type of multisig transactions from single pubkey transactions.

                 P2SH/P2WSH multisig transaction on blockchain

Unlike P2TR multisig transactions, the keys will be aggregated into a single pubkey which is the main benefit of Schnorr signature to P2TR multisig transactions, the result is a valid signature corresponding to the same addition (or subtraction) of the public keys, in the key aggregation, several public keys can be combined into one valid key which reduces data resulting to reduced transaction fee just like single pubkey transaction.

https://i.imgur.com/7IURHxr.png
Key/signature aggregation with Schnorr

So, P2SH/P2WSH multisig offer little privacy, allowing blockchain observers to easily identify multisig transactions on the blockchain, unlike Taproot transactions that guarantee more privacy, the key aggregation makes this type of multisig to be indistinguishable from single pubkey transactions and impossible for blockchain observers to know if the transaction is actually multisig.

                  Pay-to-taproot multisig transaction on blockchain




https://youtu.be/1gRCVLgkyAE
https://medium.com/interdax/how-will-schnorr-signatures-benefit-bitcoin-b4482cf85d40
https://medium.com/interdax/what-is-taproot-and-how-will-it-benefit-bitcoin-5c8944eed8da
https://medium.com/digitalassetresearch/schnorr-signatures-the-inevitability-of-privacy-in-bitcoin-b2f45a1f7287
https://bitcoincore.org/en/2017/03/23/schnorr-signature-aggregation/

https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki
https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki