The Bitcoin Improvement Proposals 340 through 342 were merged into the Bitcoin codebase on Thursday, signaling that the anticipated Taproot upgrade is ready.
Schnorr signatures (BIP340)
Taproot (BIP341)
Tapscript (BIP342)
What is Taproot?Taproot is the name given to a proposal coined by former Blockstream CTO Gregory Maxwell in January 2018. The actual implementation was later developed by a team of Bitcoin contributors led by Pieter Wuille. Taproot is a proposal that enhances Bitcoin’s scripts, a set of instructions attached to each transaction that explains how the funds can be used. In its simplest form, a Bitcoin transaction is secured by the recipient’s public key, which guarantees that only he can spend them. Scripts can support more complicated features, like timelocks and multi-signature requirements. The former can restrict money to only be spent after a certain point in time. The latter makes it possible to create wallets with multiple owners. The conditions can be added together, so that there would be multiple options on how to spend the money. For example, the script might say that the funds can be moved immediately if three people agree, or after five days if only two of them do. In Bitcoin’s current implementation, the full scope of the smart contract needs to be revealed when its beneficiary wants to use the money. That means that if only one of the conditions was triggered, everyone would know that there were others.
Taproot removes the need to publish the entire script, and only shows the condition that was triggered. In addition, multi-signature contracts where all parties agreed on a transaction can avoid revealing the fact that there was a script at all. To an external observer it would look like an individual wallet-to-wallet transaction, assuming the parties involved are in full cooperation.
This is made possible by a different feature called Schnorr signatures, which is encoded in BIP 340. Schnorr is considered a more secure and efficient version of elliptic curve cryptography, which is what underpins the system driving private and public keys.
Limited benefits to privacyTaproot is often mistakenly believed to make CoinJoin transactions harder to see, or even make them indistinguishable from normal payments. In a conversation with Cointelegraph, Pieter Wuille revealed that this is not the case:
“Indeed, it [Taproot] hides scripts and makes multisig (often) indistinguishable. It does not directly do anything for CoinJoin.”Wuille then added that Taproot is “certainly no silver bullet” for privacy the confusion may have arisen due to an initially planned feature called cross-input aggregation. It was later removed from the Taproot proposal due to potential issues from its implementation. Furthermore, Wuille clarified that it would not directly improve privacy:
“Cross-input aggregation won’t hide CJ or anything else. It’s not a privacy improvement, only an efficiency one (which may indirectly encourage CJ by making it cheaper, but even then, it won’t reduce the ability to recognize such transactions as CJ).”
Thus, Taproot only improves privacy in limited aspects and under specific conditions. For a person using Bitcoin to buy drugs from a darknet market, there is no benefit.
Taproot and the associated technology of Schnorr signatures are considered to be the most important upgrade for Bitcoin in the past year. It is primarily a privacy improvement for complex spending conditions on Bitcoin like multisig transactions, time locks and other conditions based on Bitcoin Script. Taproot hides every additional spending condition beyond the one that was activated. For example, a transaction might be executed immediately if all four multisig signers agree, or it could require a certain amount of time to pass before funds are unlocke if only three out of four signers are present. Normally, an outsider is able to identify every possible condition, but with Taproot they will see only the one that was eve triggered.
Furthermore, thanks to Schnorr signatures, a pure multisig transaction can be made indistinguishable from normal transfers. It is worth addressing that Taproot makes no changes to mixing protocols like CoinJoin, which will remain easily distinguishable.While the initial code for Taproot was submitted for review in January, some complications primarily related to Schnorr signatures required an extensive amount of refinement.
The proposals have now been fully reviewed by Bitcoin core developers and are ready to be included in a client release. Pieter Wuille, the lead developer for Taproot, said “it’s all done, except activation.”
https://cointelegraph.com/news/bitcoin-s-taproot-is-ready-to-go-but-it-s-unlikely-to-be-included-in-the-next-releasehttps://cointelegraph.com/news/bitcoins-taproot-upgrade-wont-help-privacy-where-it-matters[bitcoin-dev] Taproot: Privacy preserving switchable scriptinghttps://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-January/015614.htmlTaproot review on githubhttps://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki
