Bitcoin [BTC]’s Taproot implementation: A deep-dive into the security and privacy upgrade to the king coin

Bitcoin’s major challenges, even though it became a standard amongsy every other cryptocurrency, is lack of scalability and privacy. There have been multiple solutions and ideas like the Lightning Network, which is a second-layer solution to solve Bitcoin’s ever-increasing demand and transactions.

There were a lot of talks about another solution a couple years back, which would apparently solve the privacy problem associated with Bitcoin and also provide more options and flexibility in terms of smart contracts on Bitcoin’s blockchain.

This method/implementation is called “Taproot” and was first proposed by Blockstream CTO Gregory Maxwell. Moreover, this implementation for Bitcoin is being worked upon by prominent names in the Bitcoin Core contributors like Pieter Wuille, Anthony Towns, Johnson Lau, Jonas Nick, Andrew Poelstra, Tim Ruffing, and Rusty Russell.

To understand Taproot, it is necessary to know what P2SH is and how MAST was developed due to shortcomings of P2SH and how they are all aggregated using Schnorr Signatures to give us Taproot.

When a Bitcoin is sent from one address to another, these Bitcoins are locked to that particular address, and the locking up of Bitcoins are done using scripts, which is done automatically after the user hits send. These scripts are only unlocked when certain conditions are met.

P2SH is a method that allows transactions to be sent to a script hash (address starting with 3) instead of a public key hash (addresses starting with 1). To spend bitcoins sent via P2SH, the recipient must provide a script matching the script hash and data, which makes the script evaluate it as true. P2SH was implemented to Bitcoin on Bitcoin Improvement Protocol [BIP] 16.

Since P2SH requires a lot of data to be transferred to and fro, and if there are a lot of conditions to be met, it becomes crowded and has a lot of overhead. Moreover, it is open for everyone to see the path in which the funds could have been spent and also reveal the type of wallets etc.

To overcome these drawbacks, MAST [Merkelized Abstract Syntax Tree] was proposed to be implemented on Bitcoin. Merkle Tree was invented by Ralph Merkle and is used to categorize the data and hence, make it easier to verify the integrity of any of the Merkle trees. In Merkle, all the available data is hashed into a compact hash known as the Merkle Root, and the integrity of the tree that originates from this can be verified immediately.

Combining P2SH with Merkle trees gives MAST, where the Bitcoins that are needed to be spent are signed into different scripts with different mutually exclusive conditions and whichever of these conditions are met in a confirmed transaction first, will determine the course of how these Bitcoins are spent.

These scripts, just like in P2SH, are now hashed into Merkle trees and the lock for these trees are in the Merkle root. The main benefit of MAST is that the data in the trees can be verified almost immediately since the data is organized and can be traced back to the root. It also makes MAST data efficient.

In a broader context, Schnorr signature is a method to aggregate all the messages, public keys, and signatures of multiple transactions into a single one instead of signing each transaction with its own signature, message and then sending it.

Moreover, if there are a multiple Schnorr signature-signed transactions in a block, one could theoretically “add” the individual signatures into a single signature, which could then be verified as a whole and not individually, thus saving a lot of time.

Applying this to multisig transactions would create a single output with a common public key and a common signature. Taproot makes use of Schnorr signature to combine all these transactions into a seemingly single transaction, but combining this with MAST will help determine how the Bitcoins are spent.

Taproot is a fundamental cryptographic innovation that combines Schnorr signature with MAST, and the upgrade to Bitcoin might happen in a single go in a soft-fork. A part of SegWit allows improvements and upgrades on the signature or the introduction of new signature mechanisms via an opt-in soft fork.