What do Schnorr Signatures Mean for Bitcoin?

[TL; DR]

- Schnorr signature is the signature scheme developed with the Taproot upgrade to remedy some of the flaws of the ECDSA protocol.
- Schnorr functions similarly to the ECDSA but has a lot of advantages over it.
- The Schnorr signature aggregates multiple signatures when a transaction has more than one main address.
- They take up less space and provide layer-one scaling by increasing the number of transactions each block can take.
- Schnorr signature also provides security on Bitcoin against spam attacks.
- Calculations in Schnorr signatures and random numbers may delay transactions, and the computer will consume more computing bandwidth resources.

Keywords: Schnorr Signature, Bitcoin network, BTC, Digital signature, ECDSA, Private key.




An Overview

---

Bitcoin enforces ownership rights with a digital signature algorithm that permits the derivation of public keys from the private keys of various users.
A private key is a unique means of identity on the Blockchain network and is what allows users to generate an address for receiving and transferring coins.

The type of digital signature algorithm which Bitcoin used previously was the Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA was implemented by Bitcoin because it is open source, trusted, and well-examined for adoption.

Although the ECDSA facilitated the security of the network and transactions, it had some setbacks, which included the lack of patent protection. Hence, developers decided that Bitcoin adopt a different signature algorithm, the Schnorr signature, which presents more advantages.


What is Schnorr Signature?

---

Schnorr signature is a type of signature algorithm which uses the Elliptic Curve Cryptography (ECC), similar to ECDSA. Schnorr signature adopts a new technology, known as Taproot upgrade, to improve the capacity and scalability of the entire blockchain network.

Schnorr signatures offer numerous advantages over ECDSA in terms of scalability and storage and aim to enhance the privacy of Bitcoin and other cryptocurrencies.
The Schnorr signature algorithm was first designed by a German cryptographer, Claus Schnorr, in the 1980s.


How do Schnorr signatures work?

---

Key Aggregation
Schnorr signature has a “linear” feature, which enables the public keys of several users to be aggregated into one public key through linear calculation, and the relative aggregated signature can be generated.

In other words, Schnorr technology aggregates multi-signatures into one, helping to promote the privacy of transactions, save cost by multi-signature in the unlocking _script_, save important on-chain space, and realize expansion.

Taproot technology
The significance of Schnorr signature to Bitcoin also relies on its cornerstone role for technologies such as Taproot. Taproot is derived from MAST (Merkelized Abstract Syntax Tree), which can express complex _script_s in the form of Merkel trees. One of the essential characteristics of the Merkel tree is that it can quickly verify the existence of a node value without revealing the true data of irrelevant branches. It is widely used to store transactions and states data in the blockchain.


What Schnorr Signature means for Bitcoin

---

Scalability
Schnorr signature permits key aggregation, allowing Bitcoin nodes to validate signatures in batches. This batch validation significantly reduces the time and computational power required for proving a transaction that bears multiple inputs.

Multi-Sig Scheme
Multi-signature (multi-sig) transactions, as the name suggests, require several signatures to transfer specific amounts of Bitcoin.
The Schnorr signature algorithm allows public keys to be aggregated into one public key, enabling the group to create one digital signature representing multiple independent signatures.

Reduced cost
Schnorr makes large multi-sig schemes much more attractive to users and the Bitcoin network. It reduces the costs of moving funds for users and the scaling issues associated with heavier use of multisig transactions.

For instance, in A 2 of 3 multisig setups employing Schnorr signatures can lessen the number of public keys the Bitcoin network needs to know by 67% and reduce the number of signatures required by 50%. That would significantly reduce the amount of data the Bitcoin network would need to track and record.

Network security
Schnorr signature scheme allows for improving network security against spammer attacks. With this implementation, an attacker would have to send much more transactions to occupy the same space within a block. This makes the attack more expensive and less feasible for the attacker.

Privacy
Key aggregation improves scalability by cutting the amount of data required to move funds in a multi-sig wallet and also improves privacy for these types of transactions.

To the Bitcoin network, multisig setups powered by the Schnorr signature algorithm appear as one public key with one digital signature. In contrast, the public key and digital signatures are combinations of multiple keys and multiple signatures.

This promotes the privacy of each participant in the multi-sig setup. The network will not know the public keys needed to create the aggregated public key and will have no idea which parties signed the transaction.

Implementing this signature scheme can improve network privacy by allowing Schnorr signature transactions to look identical to conventional single-signature transactions. So they are indistinguishable from each other.




Downsides of Schnorr signatures on the Bitcoin network

---

Due to the characteristic of Schnorr aggregating private key signatures, it requires multiple rounds of interaction between the users, which is more challenging than the previous ECDSA. Moreover, it has relatively high demands for random numbers. Calculating these signatures and random numbers is a tedious process; this will cause a slight delay in the step of sending transactions, and the computer will consume more computing bandwidth resources.


Why Did Bitcoin Not Use Schnorr Earlier?

---

The Schnorr signature existed before ECDSA but wasn't integrated into Bitcoin from the start.

One explanation for this is that Claus Schnorr patented Schnorr Signatures during their invention in 1990. This, in some way, restricted the use and further innovation of Schnorr Signatures. Since ECDSA was open source, it was thoroughly tested, trustworthy, and hence, widely adopted. Despite the fact that the Schnorr patent expired in 2008—the same year that Bitcoin was created—it was concluded that Schnorr signatures lacked the acceptance and testing necessary to protect a system as important as Bitcoin.


Bottom Line

---

Schnorr signature is among the relevant technologies which improve the overall Bitcoin network. Compared with ECDSA, Schnorr's signature is more secure and scalable and also brings the expansion of the space on the Bitcoin chain.

In years to come, it is expected that Schnorr signatures will bring more new technical development to Bitcoin protocol and the blockchain world.



Author: Gate.io Observer: M. Olatunji
Disclaimer:
* This article represents only the views of the observers and does not constitute any investment suggestions.
*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.