Introduction
As you may know, Bitcoin enforces property rights with something called the Elliptic Curve Digital Signature Algorithm (ECDSA). This algorithm allows you to take a number (i.e. a private key) and obtain a public key derived from it.
The magic of this is that, although it is easy to obtain the public key from the private key, the reverse is impossible. The private key is your passport to the Bitcoin network. It is what allows you to generate an address for receiving coins and is also what later allows you to spend them.
In this article, we will take a look at the Schnorr signature algorithm, an alternative to ECDSA that could bring some interesting changes to the Bitcoin system.
A Brief Recap on Digital Signatures
Digital signatures work like old pen and paper signatures, but they are much more secure. Anyone can forge a pen and paper signature with a little time and effort. You can't do the same with a robust digital signature scheme, even if you have thousands of years at your disposal.
There are several use cases for digital signatures. A popular case involves proving to the world that you wrote a specific message. As mentioned, you can create a public key from a private key (a huge number that you should keep secret). This is possible with some fancy math on the secp256k1 curve. From there, you can also generate a public address from your public key.
Please note that it is completely safe to show your public key to anyone. You can, for example, add it to your website or Twitter bio so others can verify your identity. Likewise, you can share your public addresses with others so they can send you cryptocurrencies.
Your private key allows you to create a digital signature. When you write a message and perform an operation using your private key, you generate a message with your signature. Anyone can take it and compare it to your public key to verify that you were the one who actually signed it.
How does this relate to Bitcoin? Whenever you make a Bitcoin transaction, you are digitally signing a message that says I am sending these coins that were, previously, sent to me. Then, when sending to other nodes in the network, they can check if the ECDSA signature matches the message. If not, they will simply reject it.
What are Schnorr Signatures?
The Schnorr signature scheme works differently. It operates similarly to the Elliptic Curve Digital Signature Algorithm that we currently use, but has some advantages over it. Schnorr signatures emerged before ECDSA, leading many to wonder why they were not integrated into Bitcoin from the beginning.
A possible explanation is that Claus P. Schnorr – the creator of this scheme – patented them. The patents expired in early 2008, months before the release of the Bitcoin whitepaper, but the scheme was not yet standardized. Therefore, Satoshi Nakamoto opted for ECDSA, which was more widely accepted (and open source).
What are the advantages of Schnorr Subscriptions?
Schnorr signatures are quite simple compared to other schemes. As a result, they are likely safer than other alternatives. This may not seem like a big advantage to you, but they have another powerful property: linearity.
In simpler terms, this property makes this scheme particularly attractive for certain activities – notably, multisignature transactions (also called multisig or multisignature). Maybe you know that Bitcoin already supports multisig, but it doesn't do it in the best way.
When you create an address with multiple signatures, whoever sends you the funds does not need to know what conditions you set for spending the inputs. They may not even know they are sending funds to a multisig setup – the only peculiarity about the address is that it starts with a “3”.
However, when you want to move funds, you reveal information. Let's say you used a 3-of-3 configuration together with Alice and Bob. To spend, for example, 5 BTC, the three of you must provide public keys and valid signatures. When you move funds out of the address, the entire network can see what happened by watching the blockchain.
From a privacy perspective, this is not good. Furthermore, if we create a larger multisig (e.g. 8-of-10), we will be taking up more space on the blockchain. This process can be expensive as it requires a longer transaction – remember that the more bytes your transaction has, the higher the price to transmit it will be.
Schnorr signatures have been touted as a solution to these privacy and scalability issues. They allow for things like signature aggregation, which combines the signatures of multiple users into a single signature. The resulting “master signature” would still be the same length as a person’s regular signature, providing a significant space savings.
Furthermore, combined signatures make it very difficult for an observer to determine who signed (or not) a transaction. In m-of-m schemes (where all participants must sign to spend the funds), you wouldn't even be able to distinguish between single-signature transactions and multisig transactions.
Essentially, Schnorr signatures are an important component for new advances. Once implemented, they can be used to enhance crypto technologies such as atomic swaps and the Lightning Network.
➠ Thinking about investing in cryptocurrencies? Buy Bitcoin on Binance!
When will Schnorr Signatures for Bitcoin be implemented?
We can't be sure. As with most updates to the Bitcoin protocol, it may take some time for the majority of the Bitcoin user community to agree on the inclusion of Schnorr signatures. Some of the Bitcoin Core contributors like Pieter Wuille, Jonas Nick and Tim Ruffing have made a draft, Bitcoin Improvement Proposal (BIP), but there is still work to be done.
Blockstream has already released an implementation – MuSig. The implementation of signature and key aggregation can serve very well as the basis for the Schnorr signature scheme for Bitcoin.
Schnorr signatures can be merged into the code as a soft fork, meaning a change would not need to split the network. Instead, it would be an “optional” update. However, it would be very optimistic to assume that we will see this implementation in the near future – it could still be a few years before consensus is reached.
Final considerations
The implementation of Schnorr signatures is one of the most anticipated milestones in Bitcoin's current roadmap. With just one update, it would be possible to obtain important privacy and scalability benefits. Perhaps, what is even more interesting, is that this would also change the landscape for new smart contract developments and more advanced projects like Taproot.
