After reading this article, everyone can understand the Bitcoin Taproot upgrade!The first thing we need to clarify is that the term “Bitcoin for Taproot upgrade” is different from the term Taproot. The Bitcoin Taproot upgrade mainly includes three independent proposals (BIP): Schnorr (BIP 340), Taproot (BIP 341) and Tapscript (BIP 342).
And if you only talk about Taproot, it refers to the second proposal in this upgrade. In the original Taproot proposal, Gregory Maxwell defined Taproot as Privacy preserving switchable scripting.Based on this, we can know that Taproot is actually a script structure.
Let’s learn it one by one.
BIP340:Schnorr
Schnorr signature is a digital signature algorithm, we don’t need to know too many algorithm details. What we need to know here is that Schnorr is different from the traditional CEDSA signature algorithm. The equation in the Schnorr signature algorithm is linear. This feature determines that multiple private key fragments in the multi-signature mode can be directly aggregated into an aggregate signature under the chain. , And then transfer the aggregated complete signature to the chain. Unlike the traditional multi-signature, which requires multiple signatures to be transmitted to the chain through multiple nodes, only a gas fee is required to use the Schnorr signature algorithm. This is also the biggest advantage of using this algorithm: a significant reduction in transfer fees.
BIP341:Taproot
In order to explain what the structure of the Taproot script is, we need to know the structure of the MAST script. Because Taproot is a special kind of MAST, it can contain complex transaction conditions and details of fund usage, just like MAST, and then treat all these contents as a new fund usage condition. In other words, Taproot hides the MAST structure.
In order to better understand MAST, we have to start with P2PKH and P2SH.
P2PKH: “Pay To Public Key Hash”, is to pay to the hash of the public key. This is the most commonly used transaction method. That is, when you want to spend bitcoins stored in an address, you need to provide
1. Signature, 2. Public key
The verifier of this transfer will use the public key you provided to verify the hash and signature to confirm that the transaction is legal. This method can well protect your public key (your public key will not be exposed before you spend money).
P2SH: “Pay To Script Hash” pays to the script address.
First, let’s make it clear why we need this. Let’s take a look at P2PKH, “The verifier of this transfer will use the public key you provide to verify the hash and signature to confirm that the transaction is legal.” In other words, when the hash of the public key is successfully verified, this The money can be used passively.
But there are more scenarios in real life. Usually, the realization of a transaction may have many preconditions, and the transaction can only occur when one of the conditions is met. These conditions are commonly time-locked (can only be used after a specific block height or time) or multi-signature (coins can only be used after some private keys in a set of private keys provide a signature).
Now “the verifier of this transfer will use the public key you provide to verify the hash and signature to confirm that the transaction is legal.” The single trigger condition is not enough. Can I customize this condition? This condition is actually a script.
After a transaction is completed, the P2SH script structure will display the content of the entire script, including the information signed by the public key and the private key, and all the conditions that may make the transaction occur, including the unsatisfied conditions. Obviously P2SH has two main disadvantages. First, it has a large amount of data, especially when there are many conditions. Second, this is not conducive to privacy. Everyone can know which account or accounts and how the funds were used.
Because of the shortcomings of P2SH, the developer proposed a new script structure MAST, which is a tree structure, specifically a Merkel tree, that is, a hash tree. Each node on the tree stores Hash value. The structure is shown in the figure below.
The use of the MAST structure in Bitcoin transactions means that the different use conditions of a fund are separately hashed, and a hash value is generated and stored in the leaf node of the tree; then these hash values are recursively upwards layer by layer, and finally generated a hash value which is placed in the top node of the tree, the Merkel root.
In this way, when verifying a transaction, there is no need to expose all the script information like P2SH, only the data on the Merkel root and the Merkel path to a certain use condition need to be provided, and the other information is still hashed as Ciphertext. The MAST script structure is more efficient than complex P2SH smart contracts in data processing, and at the same time increases privacy.
As mentioned at the beginning, Taproot is equivalent to wrapping all the conditions and details of fund usage included in a MAST structure into a new condition. Therefore, Taproot first has all the benefits of MAST. Under normal circumstances, no one will know one regular transaction hides such a complicated smart contract.
As for BIP342, maybe we don’t need to pay too much attention to it. This proposal is more like a guideline for technicians, telling chain-end developers how to complete their code to implement Taproot. For general readers, we can ignore this proposal.
In summary, through this Bitcoin Taproot upgrade, we have obtained the Schnorr signature algorithm and the Taproot script structure. If the two are combined, that is, using Schnorr in the multi-signature algorithm and Taproot in the script structure, then we can have the advantages of both, including cost reduction and extremely high privacy.
We know that ChainX, as the Layer2 of Bitcoin, can greatly save Bitcoin transaction costs by transferring Bitcoin to ChainX in a two-way anchoring manner, and at the same time has higher efficiency. When performing the Bitcoin withdrawal operation, that is, when transferring the Bitcoin XBTC on ChainX back to BTC, ChainX adopts the trust node custody model. The realization of this process requires multiple trust nodes to sign and complete the voting verification. Here, we use the threshold signature technology brought by this Taproot upgrade of Bitcoin to replace the traditional multi-signature scheme, further reducing Bitcoin transaction costs, and at the same time bringing a powerful privacy protection experience to ChainX users.
About ChainX
ChainX will become the largest Bitcoin Layer 2 Network in the world. The first Substrate blockchain to go live will provide Polkadot with the most valuable digital assets on the market. Committed to realizing trustless and decentralized bridges for Bitcoin and other assets, it forms an inter-blockchain asset gateway, pathing the way for a truly interoperable network of blockchains.
Website | Github | Wallet | Twitter | Medium | Telegram | White paper
