Author: Anthony Towns 2018-05-10 12:10:27
Published on: 2018-05-10T12:10:27+00:00
Bitcoin developers are exploring several upgrades to the cryptocurrency system. One of these proposals includes introducing a soft fork for Merkelized Abstract Syntax Trees (MAST) in SegWit v0, provided there is sufficient community support. MAST offers logarithmic scaling for scripts with many alternative paths and only reveals the number of alternative execution branches, not what they may have been.Another proposal involves introducing a new SIGHASH mode and deciding whether to stick with pubkeyhash for addresses or just have a pubkey. Schnorr p2pk(h) addresses and taproot+mast addresses could be introduced in SegWit v1. Taproot combines pay-to-pubkey and pay-to-script in a single address, improving privacy, and allowing the choice of whether to use pubkey or script at spend time. It requires Schnorr and can be implemented by bumping segwit version and introducing a "pay-to-taproot" address form.Graftroot is another upgrade that is only feasible if Schnorr is implemented first. It allows delegation of authorization to spend an output already on the blockchain and provides constant scaling for scripts with many alternative paths. However, it has some drawbacks such as requiring signing keys to be online when constructing scripts. Graftroot can be implemented by bumping segwit version and introducing a "pay-to-graftroot" address form.The last category, Interactive Signature Aggregation, requires Schnorr and allows signers to interactively collaborate when constructing a transaction to produce a single signature that covers multiple inputs and/or OP_CHECKSIG invocations resolved by Schnorr. If non-interactive signature aggregation proves possible, it would be added in SegWit v3. The proposed changes allow for cheaper coinjoins, reduce the storage needed for additional signatures and halve the size of non-aggregatable signatures in a transaction.Approaches to implement Schnorr CHECKSIG include bumping segwit version, replacing an existing OP_NOP with OP_CHECKSCHNORRVERIFY, or hardfork. However, each soft-fork introduces a checkpoint, meaning signatures that aren't validated by previous versions cannot be aggregated with those that are. The updates would require a new p2wpkh output format, and some approaches may warrant peer-to-peer changes and a new per-tx witness. In summary, the developers have categorized their ideas into five categories: Schnorr CHECKSIG, MAST, Taproot, Graftroot, and Interactive Signature Aggregation. They are considering several upgrades to the cryptocurrency system, which require new SegWit versions. Each upgrade has its unique set of benefits and drawbacks. The proposed changes allow for cheaper coinjoins, reduce the storage needed for additional signatures, and improve privacy.
Updated on: 2023-05-20T08:20:20.180828+00:00