![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 06, 2020, 04:34:06 PM |
|
The efficient multisig referred to in your message requires that the spending parties interact before computing their single collective address. This wouldn't help with spending multiple coins, since they are sent by uncoordinated parties at different times and you don't know until the moment you spend which ones you'll use.
That said, separately I did propose a way to aggregate signatures, which does allow combining the signatures of multiple keys purely at signing time (but still interactively). This was not included in taproot for basically engineering reasons-- too much change to manage at once and there was a risk that the feature would never complete if it was too big. The idea is that after taproot is deployed and we've learned from the usage, a new version can later be introduced which adds the aggregation along with whatever improvements are learned from the usage. Aggregation wasn't the only thing left out either.
I'm not sure if this was ultimately wise: taproot has taken years longer than expected regardless... but it is what it is.
|