As you may know,
Bitcoin
enforces ownership rights with something called the Elliptic Curve
Digital Signature Algorithm (or ECDSA). The algorithm allows you to take
one number (i.e., a
private key) and derive a public key from it.
The
magic of this is that, while it’s easy for you to get the public key
from the private key, the reverse is impossible. Your private key is
your passport to the Bitcoin network. It’s what allows you to generate
an
address for receiving
coins, and what later allows you to spend them.
In
this article, we’ll take a look at the Schnorr signature algorithm, an
alternative to ECDSA that could bring some exciting changes in Bitcoin.
Digital signatures
work just like their pen-and-paper predecessors, but they’re a lot more
secure. Anyone can forge a pen-and-paper signature with a bit of time
and effort. You can’t do the same with a robust digital signature
scheme, even if you had hundreds of thousands of years at your disposal.
There
are several use cases for digital signatures. A popular one involves
proving to the world that you wrote a particular message. As mentioned,
you can create a public key from a private key (a massive number that
you should keep secret). You do this by performing some fancy
mathematics over the secp256k1 curve. From there, you can also generate a
public address from your public key.
Note
that it’s completely safe to show your public key to anyone. You can
add it to your website or Twitter bio so that others can verify your
identity. Likewise, you can share your public addresses with others so
that they can send you cryptocurrencies.
Your
private key allows you to create a digital signature. By writing a
message and performing an operation on it using your private key, you
create a signed message. Anyone can take that and compare it with your
public key to check that it was indeed signed by you.
How does this tie into Bitcoin? Well, anytime you make a
Bitcoin transaction, you’re digitally signing a message that says
I am sending these coins that have been previously sent to me. Then, when it’s sent to other
nodes on the network, they can check that the ECDSA signature matches the message. If it doesn’t, they’ll just reject it.
Schnorr
signatures are a different kind of scheme. It operates similarly to the
Elliptic Curve Digital Signature Algorithm which we use currently, but
boasts a number of advantages over it. Schnorr signatures actually
predate ECDSA, leading many to wonder why they weren’t integrated into
Bitcoin from the start.
One
possible explanation is that Claus P. Schnorr – the scheme’s creator –
patented them. The patents expired in early 2008, months before the
Bitcoin white paper’s release, but the scheme still had no
standardization across the board. As such,
Satoshi Nakamoto opted for the more widely-accepted (and
open-source) ECDSA.
Schnorr
signatures are quite simple compared to other schemes. As a result,
they’re more provably secure than their alternatives. It might not mean
much to you at first glance, but they have another powerful property: linearity.
To put it in lay terms, this makes the scheme particularly attractive for certain activities – most notably,
multisignature transactions. You may know that Bitcoin already supports multisig, but it doesn’t do so in the prettiest of ways.
When
you create a multisignature address, whoever sends you funds doesn’t
need to know what conditions you’ve set for spending the inputs. They
might not even know that they’re sending funds to a multisig setup – the
only peculiarity about the address is that it begins with a “3.”
However,
you reveal its nature when you want to move the funds. Say you’ve used a
3-of-3 setup along with Alice and Bob. To spend, say, 5 BTC, the three
of you must provide the public keys and valid signatures. When you move
the funds out of the address, the entire network can learn what’s
happened by looking at the
blockchain.
From
a privacy standpoint, this isn’t great. To add to this, if we create a
bigger multisig (e.g., 8-of-10), then we’re taking up quite a bit of
space on the blockchain. That can be expensive, as it will result in a
lengthy transaction – remember that the more bytes in your transaction,
the more you need to pay.
Schnorr signatures have been touted as a solution to these privacy and
scalability issues. You see, they allow for things like
signature aggregation,
which combine the signatures of multiple signers into a single
signature. The resulting “master signature” would still be the same
length as a regular, one-person signature, leading to significant space
savings.
In addition, the
combined signatures make it a lot more difficult for an observer to
determine who signed (or didn’t sign) a transaction. In m-of-m
schemes (where all participants must sign to spend funds), you wouldn’t
even be able to distinguish between single-party transactions and
multisig ones.
Crucially,
Schnorr signatures are a building block for further advancements. Once
implemented, they can be leveraged to improve technologies in crypto
such as
atomic swaps and the
Lightning Network.
We’re
not sure. As with most upgrades to the Bitcoin protocol, it could take
time for the broader community of Bitcoin users to agree on the Schnorr
signature inclusion. Bitcoin Core contributors Pieter Wuille, Jonas
Nick, and Tim Ruffing have submitted a draft
Bitcoin Improvement Proposal (BIP), but there’s still a bit of work to be done.
Blockstream has already released an implementation –
MuSig. Allowing for signature and key aggregation, it may well serve as the foundation for Bitcoin’s own Schnorr signature scheme.
Schnorr signatures could be merged into the code as a
soft fork,
meaning that a change would not split the network. Instead, it would be
an “opt-in” upgrade. Nonetheless, it would be optimistic to assume that
we’ll see them integrated in the near future – it could still take a
couple of years before consensus is reached.
Schnorr
signatures are one of the most highly-anticipated milestones on the
current Bitcoin roadmap. With just a single upgrade, they can provide
significant privacy and
scalability benefits. Perhaps more interestingly, they also set the scene for further developments in Bitcoin
smart contracts and more advanced constructs like
Taproot.
Credit : BINANCE ACADEMY
0 Comments