Author: Sjors Provoost 2019-05-07 20:42:58
Published on: 2019-05-07T20:42:58+00:00
A proposed Taproot softfork includes several ideas, such as merkle branches to hide unexecuted branches in scripts, Schnorr signatures for key aggregation/thresholds, improvements to the signature hashing algorithm, and extensibility through leaf versions. The BIP drafts specify transaction input spending rules, changes to Script inside such spends, and the Schnorr signature proposal. A reference implementation of the consensus changes can be found on GitHub,excluding the Schnorr signature module in libsecp256k1, the consensus changes are around 520 LoC. The document explains basic wallet operations, but a wide variety of more complex constructions exist that are not standardized by it. Additionally, it is likely desirable to define extensions to PSBT (BIP174) for interacting with Taproot, which is not included here. One reason why someone would want to avoid an "everyone agrees" branch is duress or self-discipline, especially with respect to time-locks. It is suggested that the unknown discrete logarithm be made provably unknown so all signers are assured of this property. The figure with the merkle tree could have emphasized that the "TapLeaf" tag is there to prove to all signers that there are no secret conditions.
Updated on: 2023-06-13T18:39:03.732219+00:00