Currently, Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA) to create digital cryptographic signatures. However , the Schnorr algorithm is more efficient and promotes privacy – an addition that has long been at the top of Bitcoin developers’ wish list. With the activation of Segregated Witness, it will become easier to add Schnorr to Bitcoin through script versioning .
Digital signature
Every transaction is provided with a digital signature before it is sent. With this signature, the owner of a bitcoin address proves that he or she has access to the private key associated with the bitcoin address, without releasing the private key. Each input in a transaction has its own digital signature, and each signature must be included in the transaction to prove that the transaction is lawfully issued.
Because transactions often have multiple and sometimes tens or hundreds of inputs, this means that a lot of space in a block is taken up by the digital signatures in transactions. In addition, there are also transactions with only a single input, but multiple digital signatures. These are the so -called multi-signature transactions; transactions that require two or more private keys to spend a single address’s bitcoins.
Schnorr
Schnorr is an alternative to ECDSA, which is currently embedded in the protocol. Compared to ECDSA, Schnorr is more efficient; the digital signatures can be verified faster. But the main benefits of Schnorr are in reducing the amount of data required for digital signatures and improving privacy.
Smaller transactions
With Schnorr, different digital signatures can be united into a single, new signature. As a result, even transactions with many different inputs only need one signature. This immediately leads to a clear advantage for the required data in a transaction, which means that more transactions fit in a block.
Exactly how much space is gained depends on the number and type of transactions in a block, but the difference will be particularly noticeable for multi-signature transactions. Schnorr also only requires a single signature for multi-signature transactions, regardless of whether it is a two-of-three or a fifty-of-fifty multi-signature transaction; the amount of data required for the digital signature is the same as for a standard transaction with a single input.
Distribution of multi-signature transactions (source: p2sh.info)
Given the historical growth in the number of multi-signature transactions, as shown in the chart above, there are significant data benefits to be gained by reducing the size of multi-signature transactions. Particularly because it is expected that the use of multi-signature transactions will increase due to the further adoption of payment channels in the Lightning Network.
Better privacy
The ability to combine several digital signatures into a single signature also brings privacy benefits. In transactions with many different inputs, it is often assumed that all inputs are from the same person, but this is not always the case. With the so-called CoinJoin, different transactions from multiple parties are combined into one transaction. This has the advantage that it is more difficult to find out which inputs have been sent to a certain address, which leads to better privacy.
A CoinJoin transaction is comparable to a group of people who all have a euro coin, throw all these coins together in a jar and then take out the same amount as originally belonged to them. It is then very difficult to trace the trace of the coins.
Transactions using combined digital signatures via Schnorr are cheaper than transactions using normal ECDSA signatures. This is not only beneficial for the privacy fanatics, but also for the rest of the users: doing a transaction in which multiple inputs are bundled is now the cheapest option and at the same time offers the most privacy. The transaction will be smaller and the fee to be paid for the size of the transaction will be divided among all participants. So with Schnorr there is a financial incentive to choose the option with the most privacy, which is good for the privacy of Bitcoin as a whole.
The implementation of Schnorr is not easy and there are still a number of obstacles to overcome. Not only is Schnorr less standardized than ECSDA, which is important for secure implementation of cryptographic algorithms, but little is documented about the exact specification. This makes it a challenge to implement, but an impressive achievement when finished.
Script versioning
In cryptography, digital signatures are called the witness . As the name suggests, Segregated Witness separates the digital signature data from the rest of the data in a transaction. This separation makes it possible to be more flexible in making adjustments to the algorithm used to create the digital signatures. Where this would normally have to be done via a hard fork, this can now be done via a soft fork. This is desirable, because a soft fork is generally seen as the safer way to make adjustments to the protocol.
Adding a version number to each change to the Bitcoin script allows users to choose to join specific versions, where this is not optional with a hard fork. Thanks to this method of script versioning , improvements can be made to the protocol without the risk of a hard fork. Schnorr is one of the proposed improvements, but Merkelized Abstract Syntax Trees (MAST) are also desirable.