What is Bitcoin Taproot?

Taproot is the largest update in recent years to the Bitcoin network.

Since the 2017 segwit soft fork, bitcoin hasn’t seen an upgrade. But don’t worry! This update didn’t change any fundamentals of scarcity, decentralization, or immutability in the Bitcoin blockchain records.

In this article, you will understand what the Taproot update is and why it was implemented.

What is the purpose of the Taproot update?

To understand why this update is crucial, you need to understand certain aspects of how the blockchain functions.

Every blockchain operates by programming codes and consensus algorithms. When we send a transaction on the Bitcoin blockchain, we are, in fact, sending a command to a network script to which our satoshis are linked.

These scripts function like smart contracts, automated contracts, and a set of operations that are automatically triggered without intermediaries.

These scripts inform the blockchain whether the conditions to spend your coins are being met. If the conditions aren’t met, you can’t move or spend your Bitcoin.

Most often, the most commonly used condition by the protocol is: to prove that you own your private key by signing a transaction digitally.

In practice, signing a transaction is when you slide your finger sideways and confirm sending a value on your Bitcoin wallet. This act signifies that you’ve demonstrated to the protocol that you’re indeed the owner of the private keys giving access to your balance.

However, a blockchain doesn’t just deal with simple transactions!

There are, for instance, multisig addresses, or multi-signature addresses, where several people or devices are responsible for a BTC address with a balance.

Multisig Address

A multisig address is like a joint account, a type of address that belongs to a group. Each participant has a public key and a private key.

This means that to unlock and move the Bitcoin balance of this address, and each participant needs to sign the transaction, proving private key ownership.

Multisig Transaction

The necessary number of signatures to move Bitcoin from this type of joint address is agreed upon in the beginning when people create the address. This means a group of 3 people, for instance, decides whether two or all three signatures can move the total balance.

This type of address in the Bitcoin network is widely used to open lightning channels, where at least two people need to lock bitcoins in a multisig address to open the payment channel.

For multisig transactions and channel openings, you need to create a script, an automated contract on the Bitcoin network, and sensitive information from these scripts is exposed on the blockchain.

Besides revealing data that often isn’t necessary to conclude the operation, this type of transaction is more expensive than sending Bitcoin with a simple signature.

To make these multisig operations cheaper and more private, the Taproot update was proposed.

It consists of three basic changes in the Bitcoin protocol:

1. Schnorr signatures;
2. Tapscript;
3. The Taproot change, which gives its name to the update package.

Who decides these updates?

The Bitcoin network is decentralized, so any changes are discussed based on BIPs – Bitcoin Improvement Proposals, which are proposals for network enhancements.

The BIPs corresponding to the Taproot update are BIPs 340, 341, and 342.

After being discussed, these protocol changes are “voted” on, and if at least 90% of the miners agree with the change, it gets locked in, awaiting the activation date.

In the case of Taproot, this was in November 2021.

How does this “voting” work on the Bitcoin network?

The “votes” were determined through an update called BIP9 and the in-block signaling known as Speedy trial. These are soft fork deployment methods where miners and mining pools help coordinate the deployment of a protocol update. They do this by signaling “ok” for the update in their newly mined blocks.

This signaling is not immediate. Time in the blockchain is measured by the number of blocks that have passed. And the signaling periods, to see if miners agree with the change, occur over periods of 2016 blocks, which takes roughly two weeks.

These periods correspond to the same amount of time it takes for the difficulty adjustment to happen. This is an event where the network adjusts the mining difficulty according to the hashrate, the computational power present on the network. This means that within a period of 2016 blocks, 90% or 1815 of the 2016 blocks must signal the “ok” for the update, if they agree with it.

If this period ends and the network does not reach the 90% consensus to approve the update, it does not mean that it was denied, but rather that the vote will continue in the next period of 2016 blocks, in the next 2 weeks.

The Speedy Trial for Taproot was supposed to end in August 2021, but the Bitcoin network reached over 90% of blocks signaling for Taproot in May of the same year.

This “vote” was visible on the website called taproot.watch – which now only contains a hilarious video celebrating the activation – and each block with the positive signal for taproot was represented on the site with a green cube 🟩.

When at least 90% of miners signaled ok for taproot the mined blocks on the site looked like this:

taproot vote
The first Taproot block on the Bitcoin blockchain was signaled by @slush_pool and marked the beginning of the miners’ positive signaling:

With the update approved, transactions became cheaper and more private.

How does this change the operation of Bitcoin?

Let’s understand how taproot changes the operation of Bitcoin.

1st Block space optimization

With taproot, multisig operations, and lightning channel openings now take up less space on the blockchain.

The more space an operation takes up in a block, the more computational power that operation will require and the more expensive the operation will be.

Furthermore, with fewer data being inserted into the blocks, there is more privacy and less information leakage from users.

2nd More privacy in transactions

After the taproot update, you will no longer be able to differentiate a normal Bitcoin transaction from an opening of a lightning channel or a multisig transaction, for example. Everything will look like a normal transaction to the eyes of those observing the blockchain. It becomes impossible to differentiate simple transactions from the more complex ones.

It’s as if before Taproot we could see all the negotiation between two companies.

Just as an example, if Coca-cola had negotiated something with Pepsico before Taproot, it would have been possible to see all the details of the negotiation, as well as the contract, the company data, the recipient’s addresses, and the payment.

With taproot, those not involved in the negotiation only see the payment, i.e., that money came out of Coca-cola and went to Pepsico. Thus, you only see part of the operation. And this brings more privacy, as many times, these data that were previously revealed exposed sensitive data that were often not necessary for the network to process the payment.

Taproot also introduces a new way of spending Bitcoin from the Merkle Root. Which is a way of chaining transaction data to the blocks. That is, before the taproot update, anyone who wanted to spend Bitcoin in a multisig transaction would have to reveal all the locked scripts in the operation, for example, hash A, B, C, and D, separately in this operation from the image below.

But with the update and the integration of the Merkle Root in transactions, you no longer need to reveal all the scripts, just the one that was used, in this case, the HASH that summarizes all the other operations: the Merkle root.

That is, a simple transaction can hide that a MAST structure existed between two addresses on the blockchain.

3rd Implementation of Schnorr signature

Another change is that a new type of cryptographic digital signature will also be implemented, the Schnorr signature.

Digital signatures are mechanisms to mathematically prove to the blockchain that you really are the owner of that private key and can indeed move your funds.

Today the Bitcoin network uses the ECDSA elliptical curve signature algorithm, and with this update would also start to use the mechanism called Schnorr signature.

Satoshi created Bitcoin using ECDSA probably because the elliptic curve signature is secure but also because until 2018 the Schnorr signature was patented. Now that the patent has fallen, it has been possible to use Schnorr signatures on the Bitcoin network, as this type of signature has a higher degree of security.

What are the advantages of switching to Schnorr signature?

Let’s understand what the advantages and disadvantages are of implementing this type of signature.

I will use this image as an example of a transaction with ECDSA and Schnorr signature:

Advantages:

• You can aggregate several private keys and public keys in such a way that one signature can represent several private keys from several different addresses, for example. These five people can have a single private key that represents the group. This signature proves that whoever signed the transaction, for example, was in control of all the private keys of the five people.
• You cannot differentiate whether it was a single public and private key transaction or whether it was a multisig signature from a set of keys. This aggregation of keys is what brings more privacy and scalability to the network when combined with Merkle tree structures.
• Schnorr signatures eliminate signature malleability. Before, only with elliptical curve signatures was it possible to alter data before the transaction was confirmed, which gave a short but possible time window for someone to try to make a double spend, which is one of the causes of cryptocurrency system failures. Double spending occurs when a user manages to spend the same digital coins more than once by modifying transaction data before it is inserted into the blockchain. In Bitcoin, this possibility, although it could be done in a very specific and short time window, was still possible. Already with Schnorr signatures, this brief window of editing possibility closes. It will no longer be possible to alter signatures after a transaction has been signed.

Remember that this is not a weakness of the Bitcoin blockchain. This double spending could only be done before the information was confirmed by the blockchain when transactions are in the waiting queue to be picked up by miners and recorded in an information block.

• The Schnorr signature makes network processing cheaper because they take up less space in the block. Schnorr signatures are 65 bytes long, compared to ECDSA signatures, which can be up to 72 bytes. A few bytes may seem like a small difference, but this small space savings significantly reduces fees for those who adopt Taproot.

Disadvantages:

The disadvantages of this activation do not affect the Bitcoin network itself but rather centralized ecosystems that try to monopolize the Bitcoin network and track everything. This is because governments, regulators, and government-submissive institutions don’t like privacy, they need data centralization to have control over the population. Taproot can indeed awaken the wrath of power centralizers.

And how about the wallets?

From the taproot update, a new type of Bitcoin address was created: Segwit v1 (version 1), and it is possible to identify the addresses for taproot by the characters at the beginning of the address. Taproot addresses start with bc1p.

If you want to use taproot addresses, you need to check in your wallet if this update is available. It’s a relatively simple update, very similar to the one that happened in 2017 with the segwit update, but not all wallets have this update done.