Author: Pieter Wuille 2019-05-06 17:57:57
Published on: 2019-05-06T17:57:57+00:00
Pieter, a Bitcoin developer, has shared two BIP drafts proposing a Taproot softfork. The proposal includes several ideas such as making all outputs and cooperative spends indistinguishable from each other, using Merkle branches to hide unexecuted branches in scripts, enabling wallet software to use key aggregation/thresholds within one input through Schnorr signatures, improving the signature hashing algorithm, replacing OP_CHECKMULTISIG(VERIFY) with OP_CHECKSIGADD, using tagged hashing for domain separation, and allowing extensibility through leaf versions, OP_SUCCESS opcodes, and upgradable pubkey types. The BIP drafts can be found on Github, along with an initial reference implementation of the consensus changes and preliminary construction/signing tests in the Python framework. The consensus changes are around 520 LoC, excluding the Schnorr signature module in libsecp256k1. However, not all ideas are incorporated, and some can be implemented separately without loss of effectiveness, such as integrating SIGHASH_NOINPUT, which is being worked on as an independent proposal. The document explains basic wallet operations but does not standardize more complex constructions or define extensions to PSBT (BIP174).
Updated on: 2023-05-20T20:20:23.022552+00:00