Author: David A. Harding 2020-02-10 00:15:54
Published on: 2020-02-10T00:15:54+00:00
In a recent bitcoin-dev discussion, it was confirmed that Taproot is more private than bare MAST and Schnorr when used separately. When schnorr and taproot are used together, four transaction types can be part of the same set: single-sig spends, n-of-n spends with musig or equivalent, k-of-n (for low values of n) using the most common k signers, and contract protocols that can sometimes result in all parties agreeing on an outcome. These cases represent an overwhelming percentage of the spends seen on the blockchain today and throughout Bitcoin's entire history to date, making optimizing them for anonymity set inclusion a huge benefit. It was also discussed whether Taproot is cheaper than bare MAST and Schnorr when used separately. While there is an overhead of about 23% to the size of the input, it is considered worth considering optimizations to allow the creation of the large anonymity set described above for all other cases. If users of advanced scripts cannot produce mutual closes, they may have to pay an extra 23% for their inputs. However, if script-path spenders are encouraged to look for mutually-agreed contract resolutions, this could both minimize blockchain use and increase the size of the anonymity set.When discussing what evidence exists to support the assumption that it will be more common to use Taproot with a key than script cases, it was noted that current users of single-sig, n-of-n, and k-of-n (for small n) with a default k-set, and mutual-agreed contract protocol outcomes vastly outweigh all other transaction inputs today and for all of Bitcoin's history to date.
Updated on: 2023-06-13T23:32:44.470715+00:00