Taproot: Bitcoin's Major Protocol Upgrade

Timer 10 Min. Lesezeit

Taproot is the first major Bitcoin software upgrade since SegWit was implemented in 2017. In short, it is a package of voluntary upgrades to the Bitcoin protocol designed to:

Increase network efficiency
Lower costs of complex transactions
Introduce new developer capabilities
Improve user privacy, and
Allow for less intrusive future upgrades

Bitcoin is open-source software, meaning the codebase exists in many different versions and is maintained by a widespread group of loosely coordinated people. Open-source software has no centralised line of command, roadmap or specific targets — the community of developers and users determine how the codebase evolves.

The somewhat standardised codebase for Bitcoin, Bitcoin Core (referred to as the reference implementation), is maintained on Github[1] by a set of nominated or appointed developers responsible for general moderation and addition of proposed contributions. However, in terms of structure, there are no specially privileged participants in Bitcoin development as anyone is welcome to contribute, test, and review its codebase.

To date, there have been over 800 contributors to the main Github version of Bitcoin Core, and many more have contributed to other alternative and compatible implementations available for users to deploy as they wish.[2]

In the Bitcoin user and developer communities there is a rough consensus regarding how Bitcoin should evolve. The general philosophy of Bitcoin development is one of security over speed. Any proposed changes undergo an arduous proposal, review, and testing cycle before being considered by a broader community of network participants.

Unless there are immediate and entirely uncontroversial dangers to the well-being of the system, upgrades are always made voluntary and backwards compatible. This ensures that users operating with older versions of the software are capable of making payments to users operating with newer versions, and that no one is left behind against their will.

Importantly, all users maintain the same copy of the transaction record (the blockchain) regardless of their version, this is even true of the original early 2009 release of Bitcoin by anonymous founder Satoshi Nakamoto.

Now let’s have a closer look at the upgrade itself:

Network Efficiency

Taproot is expected to slightly increase the processing speed of transactions, lower fees, and enable a faster onboarding experience for those looking to participate in the network (shorter block download)[3]. Some of these benefits stem from a reduction in the average data size of transactions, which increases the amount of transactions able to fit in each block, as well as decreasing the amount of computation required to verify them.

These improvements are made possible by introducing another signature scheme (Schnorr) and a new transaction type (Pay-to-Taproot, or P2TR for short), which together can help decrease the data requirements of both simple peer-to-peer transactions and more complex financial or business logic (smart contracts).

Schnorr also allows users to verify transactions in batches rather than on an individual basis (batch verification), which is expected to provide marginal efficiency gains for regular network participants and significant efficiency gains for participants joining for the first time.

While these changes may seem like minor improvements, the marginal reduction of data in these transactions has ongoing effects that impact both fees and application development -- more on this later.

The new signature scheme allows for more compact transactions by shrinking the data size of two components common to any Bitcoin transfer: public keys and signatures. Meanwhile, in tandem with other aspects of Taproot[4], it’s expected to also reduce the data size of transactions with intricate spending conditions (discrete log contracts) or multiple steps of execution (multisignature transactions).

For multisignature transactions the benefit is particularly large. Schnorr signatures allow the keys in a multisignature setup to be combined into a single key, resulting in a single signature instead of many. A multisignature transaction, no matter how many keys are involved, will therefore only take up the same data size as a single transaction in a block, and it will not be possible to tell from the blockchain how many keys were involved in signing the transaction.

Importantly, it is also anticipated that this additional signature scheme can be implemented without trading off Bitcoin’s security. This has been explained[5] through the new security proof requiring less assumptions compared to the existing one (ECDSA), and without introducing any new assumptions. Throughout Taproot’s proposal process, it has been widely considered that this new signature scheme is just as secure, if not more secure, than the existing digital signature encryption applied to Bitcoin transactions.[6][7][8]

Given its superior qualities, it is likely that the reason Bitcoin didn’t use Schnorr signatures from the beginning is that it had only recently been released from patent in 2009, and very few people had any experience implementing the scheme.[9] The existing ECDSA signature scheme was a part of OpenSSL[10], a set of open-source encryption tools that were mostly developed by computer scientists and mathematicians, many of whom were on the mailing list where Bitcoin was originally shared. This made it a natural choice for maximising interest and competence among early development contributors.

Application Functionality

Many of Bitcoin’s applications and second-layer networks rely on more complicated multisignature transactions that will now become more efficient in terms of computation and privacy because of several upgrades packaged into Taproot[11]. As mentioned above, the improvements are expected to allow these complex transactions to appear indistinguishable to simple everyday transactions, as well as enable new capabilities[12] for the applications and second layer networks (e.g. Lightning and Liquid) built on Bitcoin. In a way, it’s expected to allow developers to do more (functionality), for less (data required).

Some expect this may result in Bitcoin-based applications that are similar to existing Decentralised Finance (DeFi) projects, which are generally more closely associated with alternative blockchain systems.[13][14] This remains to be seen, however, Taproot’s ability to reduce the cost and increase the functionality of more intricate and complicated transactions may indeed offer room for more creativity outside of Bitcoin’s base layer.

To be clear, Taproot will not enable the same fully expressive and recursive smart contracts that exist in alternative blockchain systems (Ethereum, Solana etc.) and this will almost certainly never happen as recursive smart contracts are widely considered to be unacceptably risky for Bitcoin. That said, with Taproot the programmability of Bitcoin transactions will increase to a higher level than what was previously possible, all with the expectation that the improvements will not introduce any security vulnerabilities.

As previously mentioned, Bitcoin’s base layer system is based on a philosophy that generally prioritises security over speedy experimentation. Given that Taproot’s improvements are mostly expected to benefit development outside of Bitcoin’s base layer, we don’t think it's an unreasonable possibility that Taproot could lead to an increase in financial applications for users in its broader ecosystem (in the long-term).

These financial applications are however likely to differ considerably from existing DeFi projects, rely heavily on the expected benefits of Taproot actually coming to fruition, and ultimately depend on the success of newer technologies in Bitcoin’s broader ecosystem (layer two and sidechains).

By minimising the information published to the blockchain regarding these complex transactions, Taproot is further expected to make it more difficult to distinguish them from generic user transactions and identify the conditions by which they were spent. This is considered to make transactions more fungible as well as enable better and cheaper privacy techniques for users, especially users deploying complex business logic using Bitcoin smart contracts.

Upgradability

Lastly, Taproot adds several new paths to upgrade Bitcoin[15] that may have the potential to be less intrusive than other techniques that have resulted in extensive development and review periods.

We find these upgrade paths are highly technical and outside of the scope of this paper (and likely also the average user of Bitcoin). For this reason, a takeaway may be that Taproot paves the way for new upgrades, and potentially, introduces the ability to add powerful capabilities with relatively smaller and less involved changes.

Briefly and for those interested, this potential is based on how Taproot (specifically, TapScript) implements something called OP_Success. This takes all currently disabled and unused OP codes, which are just functions that operate on data[16], and replaces them with an operation called OP_Success[17]. This could allow the community to add valuable capabilities to Bitcoin by simply introducing new OP codes in the future.[18][19]

In Conclusion

Taproot has the potential to increase the efficiency of the Bitcoin network, improve user privacy, and introduce new applications on Bitcoin’s second layer. However, for these improvements to fully meet their expectations and challenge some existing application platforms, time and development will be required.

Bitcoin users retain the option to not participate in these new changes, and many of the benefits of Taproot depend on widespread deployment of the upgrade by users. It may also be that a significant threshold of network participation is necessary for these dynamics to have any noticeable effects at all.

Nonetheless, Taproot has successfully been activated at block height 709,632, or sometime on 13-14 November 2021 depending on your timezone. For those interested in participating or supporting this change, you can upgrade to Bitcoin Core version 0.21.1 (or later release) to enforce these rules. However, users who choose not to upgrade will continue to participate in the network and interact with others who opt for Taproot without any disturbance to their Bitcoin node. At the time of writing (November 15th), roughly 54% of Bitcoin’s network participants are enforcing Taproot.[20]

Lastly, we’d like to give a special thanks to Gregory Maxwell, Pieter Wuille, Marco Falke, Aj Towns, and Jonas Nick, along with all other developers and reviewers — too many to name — that have participated in the development and review of Taproot, ever since it was first proposed more than three years ago in early 2018.

[1] https://github.com/bitcoin

[2] https://luke.dashjr.org/programs/bitcoin/files/cha...

[3] This assumes a significant amount of users and businesses are using Taproot to a threshold where intended benefits are realised

[4] For more on this, see key aggregation, scriptless scripts and MAST structures

[5] https://twitter.com/benthecarman/status/1330638129...

[6] https://reyify.com/blog/liars-cheats-scammers-and-...

[7] https://bitcoin.stackexchange.com/questions/77234/...

[8] https://suredbits.com/introduction-to-schnorr-sign...

[9] https://en.wikipedia.org/wiki/Schnorr_signature

[10] https://en.wikipedia.org/wiki/OpenSSL

[11] Schnorr Signatures and Merklized Abstract Syntax Trees (MAST)

[12] MuSig (1, 2, DN) & Point Time-Locked Contracts (PTLCs)