Template Shared
Introduction
As we know, Bitcoin enforces ownership with something called Elliptic Curve Digital Signatures Algorithm (or ECDSA). This algorithm allows you to take a number (private key) and get the public key from it. Right now, we will look at the Schnorr signature algorithm – an alternative to ECDSA that could bring some changes in Bitcoin.
The peculiarity is that while you can easily derive the public key from the private key, the reverse is not possible. Your private key is considered your passport to the Bitcoin network. It’s what allows you to create an address to receive funds as well as an address that will later allow you to use them.
Brief about electronic signatures
Digital signatures work like their pen and paper predecessors, but they’re a lot more secure. Anyone can forge a signature with pen and paper with a little effort and time. You can’t do the same thing with a robust digital signature scheme, even if you’ve got hundreds of thousands of years at your disposal.
Some use cases for electronic signatures. One common thing involves proving to people that you have written a particular message. With that said, you can generate a public key from a private key (a large number of which you should keep secret). You can do this by doing some fancy math on the secp256k1 curve. Thereby, you can generate a public address from your public key.
Note that it is very safe to show your public key to anyone. You can add it to your Twitter profile or website so others can verify your identity. Likewise, you can share your public address with others so they can send you cryptocurrency.
Your private key may allow you to create a digital signature. By writing a message and performing an operation on it with the private key, you create a signed message. Anyone can take it and compare it with your public key to check if it was actually signed by you.
How does this link to Bitcoin? Whenever you make a Bitcoin transaction, you are digitally signing a message saying I am sending these coins that were sent to me earlier. Then, when it is sent to other nodes on the network, they can check if the ECDSA signature matches the message. Otherwise, it will be rejected.
What are the Schnorr signatures?
Schnorr signatures are another type of diagram. It works similarly to the Elliptic Curve Digital Signature Algorithm we are using currently, but boasts some advantages over it. Schnorr signatures actually predate ECDSA, leading many to wonder why they weren’t incorporated into Bitcoin in the first place.
It can be explained that Claus P. Schnorr – the creator of the program – patented them. The patents expired in early 2008, months before the Bitcoin white paper was released, but the scheme has yet to be fully standardized. Therefore, Satoshi Nakamoto chose the more widely accepted ECDSA (open source).
Why is the Schnorr signatures advantageous?
Schnorr signatures are quite simple compared to other programs. Therefore, they are safer than alternatives. At first glance, it may not make much sense to you, but they have another powerful property: linearity.
To put it in layman terms, this makes this program particularly attractive for a number of operations – most notably, multisignature trading. You may know that Bitcoin already supports multisig, but it doesn’t do so in the best ways.
When you create a multi-signature address, whoever sends you money doesn’t need to know what conditions you have set to spend the input. They may not even know that they are sending money to a multisig setup – the only special thing about the address is that it starts with “3”.
However, you disclose its nature when you want to transfer money. Let’s say you used a 3-in-3 setup with Alice and Bob. To spend, say, 5 BTC, three of you must provide a valid public key and signature. When you move money out of the address, the entire network can find out what happened by looking at the blockchain.
From a privacy standpoint, this isn’t great. To add to this, if we create a larger multisig (e.g. 8/10), we are taking up quite a bit of space on the blockchain.That can be expensive because it will lead to a lengthy transaction – Notice that the more bytes in your transaction, the more you need to pay.
Schnorr signatures have been touted as a solution to these scalability and privacy problems. You see, they allow things like signature aggregation, which combines the signatures of multiple signers into a single signature. The resulting “key signature” will still be the same length as a regular, single-person signature, resulting in significant space savings.
Also, the combined signatures make it a lot harder for an observer to determine who signed (or didn’t sign) a transaction. In m-of-m schemes (where all participants must sign in order to spend money), you won’t even be able to distinguish between one-party transactions and multi-character transactions.
Crucially, the Schnorr signatures is a building block for further strides. Once deployed, they can be leveraged to improve technologies in cryptocurrencies such as atomic swaps and the Lightning Network.
Will Schnorr Signatures Be Deployed to Bitcoin?
We’re not sure. As with most upgrades to the Bitcoin protocol, it may take time for the broader community of Bitcoin users to agree on the inclusion of Schnorr signatures. Bitcoin Core contributors Pieter Wuille, Jonas Nick, and Tim Ruffing have submitted a draft Bitcoin Improvement Proposal (BIP), but there is still a bit of work to be done.
Blockstream has released an implementation – MuSig. Enabling signature and key aggregation, it can serve as the foundation for Bitcoin’s own Schnorr signature scheme.
Schnorr signatures can be incorporated into the code as a soft fork, which means one change won’t tear the network apart. Instead, it will be an “opt-in” upgrade. However, it would be optimistic to assume that we will see them integrated in the near future – it could still take several years before a consensus is reached.
Closing thought
The Schnorr signatures is one of the most anticipated milestones on the current Bitcoin roadmap. With a single upgrade, they can deliver significant privacy and scalability benefits. Perhaps more interestingly, they also set the stage for further developments in Bitcoin smart contrcts and more advanced structures like Taproot.
