New
July 18, 2024

How Does Taproot Upgrade Address Bitcoin's Privacy Protection Issues?

Privacy, scalability, and security are the main challenges currently faced by blockchain. Although Bitcoin is the most popular cryptocurrency in the world, it still needs to address these issues, which is why the Taproot upgrade was introduced. Specifically, the Taproot upgrade lays the foundation for new on-chain innovations like the Bitcoin Ordinals protocol and enhances the security experience for Bitcoin ecosystem projects and users.

The core of Taproot consists of BIP340, BIP341, and BIP342, which include Schnorr signatures, MAST, and Tapscript, respectively. This upgrade is the largest in the history of the Bitcoin network and will profoundly change some of the current development challenges Bitcoin faces.

1. Current Privacy Issues in Bitcoin

In the Bitcoin network, individual transaction records or merchant cash flows can be tracked by anyone. Furthermore, for common multi-signature transaction types used to collaboratively complete a transaction, the entire script and all its data are displayed when the transaction output meets the unlocking conditions. Network participants can easily audit using the initial hash of the script on the blockchain. These issues arise because Bitcoin's design did not consider this level of privacy protection, which is now a pressing issue for blockchain

2. Schnorr Signatures for Multi-Party Privacy

As Bitcoin's signature algorithm, ECDSA (Elliptic Curve Digital Signature Algorithm) plays a crucial role in the Bitcoin network. For example, when user A wants to send a transaction to transfer Bitcoin to user B, miners must confirm that only user A has the private key for the UTXO, thus having the right to dispose of the asset. Therefore, user A needs to generate a unique and unmodifiable digital signature using ECDSA to prove ownership of the private key while confirming the specific transaction amount.

Since Bitcoin's inception, this algorithm has effectively maintained the network's security. However, ECDSA lacks formal security proofs and relies on additional assumptions. Schnorr, like ECDSA, is based on the discrete logarithm problem but has a formal mathematical proof of its security and uses fewer assumptions. Therefore, from a security perspective, it is unsurprising that Schnorr signatures replace ECDSA.

Supporting Aggregate Signatures for Privacy Protection

Schnorr's greatest advantage is its ability to achieve aggregate signatures due to its linearity, allowing multiple users' public keys to be aggregated into a single public key and generating a corresponding aggregate signature. This means that when multiple parties are involved, Schnorr aggregate signatures can compress multiple signature data into a single aggregate signature. The verifier can validate the single aggregate signature using all related data and the list of public keys, and if the validation passes, it is equivalent to independently validating all related signatures.

For example, in a 2-of-3 multi-signature, Bitcoin's current multi-signature locking script requires three public key addresses, which are compressed into the script. However, the unlocking script requires two public keys and two signatures. After upgrading to Schnorr, only one "public key sum" and "signature sum" are needed. For a more general n-of-m multi-signature, the current Bitcoin multi-signature unlocking script requires n public keys and n signatures, while Schnorr signatures still only need one "public key sum" and "signature sum." The more signers there are, the higher the space utilization of Schnorr signatures.

Aggregating multiple participants' signatures into one makes multi-signature transactions appear like regular P2PKH transactions, protecting the privacy of multi-signature participants. In contrast, ECDSA does not support multi-signatures; Bitcoin currently handles this through P2SH scripts, which expose the existence of multi-signature transactions and disclose all signers. Therefore, using Schnorr signatures enhances transaction privacy, saves space in the unlocking script, and effectively increases on-chain capacity.

3. MAST for Transaction Script Privacy Protection

MAST (Merkle Abstract Syntax Tree) is derived from Abstract Syntax Trees and Merkle Trees. The technology behind MAST allows us to split a script into mutually exclusive subsets, and Merkle Trees enable us to verify individual script subsets without revealing the entire script.

MAST encodes the mutually exclusive branches of the script using Merkle Trees, allowing complex script conditions to enhance privacy by hiding unexecuted branch scripts. Specifically, when a user spends, only the relevant script and the path to the Merkle tree root need to be disclosed, providing proof for the executed script with a Merkle proof.

For example, consider Alice's asset handling script, which includes Alice's public key (requiring a private key signature), Bob's and Charlie's public keys, and some conditional logic like timeouts. In the current BTC network, all this data and scripts are recorded on-chain when spent, allowing everyone to track all information about the UTXO, which is bad news for Alice, Bob, and Charlie's privacy.

With MAST, the script can be represented as follows:

It is divided into two sub-scripts: one where Alice can spend the Bitcoin at any time, and another where if Alice hasn't spent the Bitcoin after three months, Bob and Charlie can decide what to do with it. In practice, only one branch is executed, and the disclosed single branch does not reveal the actions of Alice's other sub-scripts, thereby protecting Alice's privacy.

4. User Privacy Under the Taproot Upgrade

Taproot is a soft fork upgrade, meaning it is compatible with older clients after upgrading the Bitcoin client, which is beneficial for Bitcoin's development and community cohesion.

Taproot enhances the privacy of Bitcoin network participants by hiding the entire transaction script and making complex transactions indistinguishable from others. For regular users not using complex transaction scripts, the Taproot upgrade is almost imperceptible; however, developers must upgrade corresponding wallet and service functions. As more users utilize Taproot's features, its positive impact on efficiency and privacy will be amplified.

In summary, compared to the current Bitcoin network, where blockchain analysis can track individual addresses, Taproot introduces some privacy features to the Bitcoin network, protecting user privacy and benefiting Bitcoin itself. This promotes the development of the Bitcoin network and brings more possibilities for Bitcoin's future.

5. Representative Project: BEVM

Leveraging the numerous advantages of Taproot's privacy and security enhancements, many projects have seized this technological innovation opportunity to build their technical ecosystems.

One notable project is the Bitcoin Layer 2 project BEVM, which innovatively integrates two core technologies from the Taproot upgrade: MAST contracts and Schnorr signatures. MAST contracts achieve multi-signature management through codification, primarily improving network security and privacy. Schnorr signatures offer a more efficient and private Bitcoin signature algorithm. The BEVM team claims it can expand Bitcoin multi-signature addresses to 1,000, achieving decentralization of multi-signature addresses and enhancing transaction privacy to some extent.

Conclusion

Thus, the Taproot Consensus solution built on Taproot technology by BEVM successfully addresses the decentralization challenge of Bitcoin cross-chain transactions while ensuring the security of on-chain transaction assets. Additionally, BEVM combines the Signal privacy communication protocol to better ensure the privacy and security of node communications during Schnorr and MAST contract threshold signing.