The Taproot soft fork was one of the most significant updates to the Bitcoin protocol since SegWit (Segregated Witness) in 2017.
Activated on November 14, 2021, the Taproot update brought important improvements to the privacy of certain Bitcoin transaction models.
Before Taproot, complex transactions with multiple conditions, such as smart contracts (e.g., Lightning channels) or multisig wallets, were visible on the blockchain, allowing anyone to identify that a transaction followed a specific pattern.
Taproot introduced a new type of transaction signature called Schnorr Signatures, which offers advantages in signature aggregation over the ECDSA (Elliptic Curve Digital Signature Algorithm) scheme.
With ECDSA, each signature needs to be recorded individually on the blockchain, increasing the size and cost of the transaction.
With Schnorr Signatures, these multiple signatures can be combined into a single compact signature, reducing the transaction size.
This also makes multi-party transactions, known as multi-signature transactions, indistinguishable from simple transactions.
With Taproot, these transactions are grouped, and unless a secondary condition of the contract is used, the result looks almost identical to a simple transaction, significantly improving privacy.
The Schnorr signature aggregation also contributes to network efficiency, as the smaller transaction sizes take up less space in blocks, reducing costs for users.
Moreover, the way scripts are processed on the network has become more efficient, making smart contracts and complex transactions more feasible on Bitcoin.
Taproot also introduced the concept of MAST (Merkelized Abstract Syntax Tree), which allows only a specific part of a contract to be revealed when necessary.
Instead of disclosing all the details of a smart contract on the blockchain, only what is essential for the execution of a specific contract condition is exposed.
Did you know that three BIPs were activated in the Taproot soft fork?
-
BIP 340: Introduced Schnorr signatures;
-
BIP 341: Taproot, a new P2TR (Pay-to-Taproot) output. It’s a combination of P2PK (Pay-to-Public-Key) and P2SH (Pay-to-Script-Hash) functionalities;
-
BIP 342: Tapscript, an enhancement to Bitcoin’s scripting language that allows integration of the new P2TR outputs.
For Noderunners like myself, I strongly recommend using P2TR addresses to open Lightning channels.
For routers, this means saving on on-chain fees, and for those seeking more privacy, using P2TR addresses for channels means not announcing the channel opening on the blockchain.
Understand that to achieve better privacy, you shouldn’t open a public channel, as the opening transaction can be seen through explorers like Mempool, Amboss, 1ML, etc.
If you want privacy, open private channels, so the transaction doesn’t appear in explorers. An example of this can be seen here:
But not everything is perfect, and everything has its trade-offs:
P2TR addresses expose the public key directly on the blockchain, which could be considered a slight reduction in security compared to P2WPKH (Pay-to-Witness-Public-Key-Hash) addresses used in SegWit.
-
SegWit (P2WPKH): Only the public key hash is revealed until the transaction is spent. This means the public key itself remains hidden until the time of spending, which provides an extra layer of protection against potential reverse cryptography attacks that may emerge in the future.
-
Taproot (P2TR): The full public key is revealed as soon as the transaction is made. While Schnorr signatures used in Taproot are secure and efficient, exposing the public key from the start could be considered a theoretical risk in the long term, should new vulnerabilities in cryptography be discovered.
However, it’s worth noting that:
-
The current security of P2TR addresses is still considered excellent, and the risk of public key exposure is more theoretical than practical at this time.
-
The efficiency and privacy offered by Taproot, especially in complex transactions and Lightning channels, outweigh this slight disadvantage for most cases.