Author: John Newbery 2019-05-22 14:14:44
Published on: 2019-05-22T14:14:44+00:00
The Taproot proposal aims to make outputs and cooperative spends indistinguishable from each other, while also hiding the unexecuted branches in scripts. It allows for key aggregation/thresholds within one input via Schnorr signatures, improves signature hashing algorithm, replaces OP_CHECKMULTISIG(VERIFY) with OP_CHECKSIGADD, implements tagged hashing for domain separation, and offers extensibility through leaf versions, OP_SUCCESS opcodes, and upgradable pubkey types. The proposal offers four options for setting y signs for P and Q, with option 1 currently being used. The proposal suggests not supporting P2SH-nested TR, as most wallets/exchanges/services now support sending to native segwit addresses. The BIP drafts can be found on GitHub, with an initial reference implementation of consensus changes also available. While many ideas exist, not everything is incorporated, including several ideas that can be implemented separately without loss of effectiveness. Standardizing more complex constructions and defining extensions to PSBT for interacting with Taproot are desirable but out of scope for the current proposal.
Updated on: 2023-06-13T18:36:55.519833+00:00