Author: Russell O'Connor 2018-01-27 17:07:25
Published on: 2018-01-27T17:07:25+00:00
In a discussion about merkelized scripts on the bitcoin-dev mailing list, Gregory Maxwell raised concerns about paying directly to a public key instead of a public key hash for resistance to quantum attacks against ECC. In response, Anthony Towns suggested that Taproot would likely be deployed in conjunction with cross-input signature aggregation, which only works with Schnorr signatures and not ECDSA. This may motivate ordinary pub-key users to switch to Taproot. Additionally, a new field may need to be added to the P2P transaction structure to hold the aggregated signature required for cross-input signature aggregation, which could be discounted to ensure that even a single input taproot using the aggregated signature system is no more expensive than a single input segwit P2WPKH.
Updated on: 2023-06-13T00:06:12.611330+00:00