Taproot major upgrade related to the future of Bitcoin
The first thing we need to clarify is that the term “Bitcoin for Taproot upgrade” is different from the term Taproot. This Bitcoin Taproot upgrade mainly includes three independent proposals (BIP): Schnorr (BIP 340), Taproot (BIP 341) and Tapscript (BIP 342).
And if you only talk about Taproot, it refers to the second proposal in this upgrade. In the original Taproot proposal, Gregory Maxwell defined Taproot as Privacy preserving switchable scripting, which is a switchable script that protects privacy. Based on this, we can know that Taproot is actually a script structure.
Let’s look at them one by one.
Schnorr signature is a digital signature algorithm, we don’t need to know too many algorithm details. What we need to know here is that Schnorr is different from the traditional ECDSA signature algorithm. The equation in the Schnorr signature algorithm is linear. This feature determines that multiple private key fragments in the multi-signature mode can be directly aggregated into an aggregate signature under the chain. , And then transfer the aggregated complete signature to the chain. Unlike the traditional multi-signature, which requires multiple signatures to be transmitted to the chain through multiple nodes, only a gas fee is required to use the Schnorr signature algorithm. This is also the biggest advantage of using this algorithm: a significant reduction in transfer fees.
In order to explain what the structure of the Taproot script is, we need to know the structure of the MAST script. Because Taproot is a special kind of MAST, it can contain complex transaction conditions and details of fund usage, just like MAST, and then treat all these contents as a new fund usage condition. In other words, Taproot hides the MAST structure.
In order to better understand MAST, we have to start with P2PKH and P2SH.
P2PKH: “Pay To Public Key Hash”, is to pay to the hash of the public key. This is the most commonly used transaction method. That is, when you want to spend bitcoins stored in an address, you need to provide:1. Signature, 2. Public key
The verifier of this transfer will use the public key you provided to verify the hash and signature to confirm that the transaction is legal. This method can well protect your public key (your public key will not be exposed before you spend money).
P2SH: “Pay To Script Hash” pays to the script address.
First, let’s make it clear why we need this. Let’s take a look at P2PKH, “The verifier of this transfer will use the public key you provide to verify the hash and signature to confirm that the transaction is legal.” In other words, when the public key hash is successfully verified, this The money can be used passively.
But when it comes to more usage scenarios in real life. Usually, the realization of a transaction may have many preconditions, and the transaction can only occur when one of the conditions is met. These conditions are commonly time-locked (can only be used after a specific block height or time) or multi-signature (coins can only be used after some private keys in a set of private keys provide a signature).
Now “the verifier of this transfer will use the public key you provided to verify the hash and signature to confirm that the transaction is legal.” The single trigger condition is not enough. Can I customize this condition? This condition is actually a script.
After a transaction is completed, the P2SH script structure will display the content of the entire script, including the information signed by the public key and the private key, and all the conditions that may make the transaction occur, including the unsatisfied conditions. Obviously P2SH has two main disadvantages. First, it has a large amount of data, especially when there are many conditions. Second, this is not conducive to privacy. Everyone can know which account or accounts and how the funds were used.
Because of the shortcomings of P2SH, the developer proposed a new script structure MAST, which is a tree structure, specifically a Merkel tree, that is, a hash tree. Each node on the tree stores Hash value. The structure is shown in the figure below.
The use of the MAST structure in Bitcoin transactions means that the different use conditions of a fund are separately hashed, and a hash value is generated and stored in the leaf node of this tree; then these hash values are recursively upwards layer by layer, and finally generated A hash value is placed in the top node of the tree, the Merkel root.
In this way, when verifying a transaction, there is no need to expose all the script information like P2SH, only the data on the Merkel root and the Merkel path to a certain use condition need to be provided, and the other information is still hashed. Wen status. The MAST script structure is more efficient than complex P2SH smart contracts in data processing, and at the same time increases privacy.
As mentioned at the beginning, Taproot is equivalent to wrapping all the conditions and details of fund usage contained in a MAST structure into a new condition. Therefore, Taproot first has all the benefits of MAST. Under normal circumstances, no one will know one. This regular transaction hides such a complicated smart contract.
As for BIP342, maybe we don’t need to pay too much attention to it. This proposal is more like a guideline for technicians, telling chain-end developers how to complete their code to implement Taproot. For general readers, we can ignore this proposal.
In summary, through this Bitcoin Taproot upgrade, we have obtained the Schnorr signature algorithm and the Taproot script structure. If the two are combined, that is, using Schnorr in the multi-signature algorithm and Taproot in the script structure, then we can have the advantages of both, including cost reduction and extremely high privacy. This is also what ComingChat’s new version of Threshold Wallet is doing.