What do Schnorr Signatures mean for Bitcoin?

Despite being around for over a decade, Bitcoin, the premier network, struggles to keep up with its more innovative counterparts. Each upgrade on the network requires significant consensus and coordination from validators and miners, slowing down Bitcoin’s ability to adapt to the changing blockchain industry.

After 2017 and the introduction of Segregated Witness (SegWit), Bitcoin waited 4 whole years for a new upgrade. Taproot Upgrade was then introduced in 2021 after a 90% consensus. The Taproot Upgrade comprises three Bitcoin Improvement Proposals (BIPs) that work to improve flexibility, scalability, and security on the network. The first of those BIPs replaces the digital signature scheme Elliptic Curve Digital Signature Algorithm (ECDSA) with a faster, more secure mechanism, Schnorr Signatures.

This article explores this advantageous alternative, and how it impacts the Bitcoin network.

What are Schnorr Signatures?

Schnorr signatures are a digital signature scheme that stands out due to its simplicity. Schnorr Signatures slightly resemble the previously implemented scheme, ECDSA, however, the former boasts several advantages, including multi-signature transactions.

Schnorr Signatures was created by a German cryptographer as early as 1980 but failed to be applied in the mainstream crypto space due to a patent that expired in 2008.

What is a Digital Signature?

All cryptographic currencies revolve around something called digital signatures. This is because, on the blockchain, ownership isn’t represented by traditional notions like legal documents and physical signatures. The digital nature of cryptocurrencies requires that ownership be proven through digital data. The cryptographic method of proving this ownership is known as a digital signature.

Digital signatures are created through complex mathematical computations known as Private-Public Key Cryptography. All Bitcoin transactions include two types of keys, public and private keys. Private keys are essentially a bunch of random numbers that are incredibly hard to guess. They are generated randomly by a computer and can only be accessed by the owner of an account or executor of a transaction. You can think of them as passwords that are held privately by a user and kept secret.

Public keys are mathematically linked with private keys. But unlike the latter, they are public and attached to each transaction a user makes from the same wallet address. The crux of the private-public key pair is that the owner of a private key can generate the corresponding public key, but the same cannot be done in reverse.

Digital signatures are thus created by proving possession of a private key without disclosing the key itself. This process involves complex mathematical processes such as hashing and script structure. Before any transaction on the Bitcoin network can be completed, a digital signature must be created and verified.

The method of creating and verifying these signatures is known as a scheme. Bitcoin previously utilized the ECDSA scheme, which relied on elliptic curves and finite fields. With the introduction of Taproot, however, the validators and miners of the network voted to change the digital signature scheme to Schnorr Signatures, an alternative mechanism that offers more advantages.

What is the ECDSA?

ECDSA is the former digital signature scheme utilized by Bitcoin and the method was chosen mostly because of its availability. At the time of Bitcoin’s inception, there was a patent on Schnoor signatures that made the scheme exclusive to its creators. Further, the ECDSA scheme which relied on elliptic curves and finite fields for its introduction was the better-tested version.

How do Schnorr Signatures Work?

Like ECDSA, Schnorr Signatures relies on the private-public key pair cryptography technique. However, in this scheme, the mathematical computations for providing a digital signature differ slightly.

Schnorr Signatures is, in some ways, an improved version of the ECDSA scheme. Schnorr computations still involve elliptic curve cryptography (ECC); however, the problems are a bit more simplified, allowing each transaction to take up less space (storage) in a block. ECDSA signatures do not have a standard storage size, but they reside between 72 and 71 bytes. On the other hand, Schnorr Signatures are more compact, with a maximum signature size of 64 bytes.

The calculations for a digital signature in Schnorr are also called linear. This refers to the simplicity of the computation that allows for tweaking to create alternative cryptographic results. One such result is the MuSig protocol, which combines multiple signatures on a complex transaction to create just one signature, regardless of how many public keys are involved.

Advantages of Schnorr Signatures

The ECDSA digital signature scheme presided as the digital signature algorithm of Bitcoin for over a decade because it functioned fine. But true development requires fresh or better innovation. Despite being the older scheme, Schnorr offers more advantages to the Bitcoin network, its highlight being scalability, one of the biggest problems the Bitcoin network has faced since its inception.

Scalability

Scalability is one of the most prevalent issues in the blockchain industry. It refers to the capacity of a network to perform efficiently under the pressure of increased transactions as well as an increase in blockchain nodes. As the premier network, Bitcoin boasts millions of users, but that number previously weighed down the network, causing an increase in transaction fees and slow transaction processing times. Schnorr computations condense transactions into smaller (storage) sizes, thus reducing the amount of space a single transaction takes when added to a block. Subsequently, miners can add more transactions to a single lock and increase the overall speed of transaction processing on the network. In turn, the transaction fees on the Bitcoin network will be reduced as scaling issues are resolved.

Multi Signature (Signature Aggregation)

With ECDSA, a typical digital signature involves just one public key, so where the transaction involves multiple parties and multiple keys, it creates multiple signatures, equivalent to the number of keys involved. Schnorr Signatures boast of a feature known as linearity, which makes it possible to combine a transaction involving multiple public keys (parties) to produce a single digital signature. Such transactions involving multiple parties appear like any other transaction. From a privacy standpoint, this is an improvement. Formerly, multi-signature transactions took up more space and were easily distinguishable from ordinary single-key transactions. But with MuSig, all transactions on the network look alike and are indistinguishable from one another.

Multiple signature transactions pave the way for batch verification on the Bitcoin network. Ordinarily, each signature and each transaction are verified one after the other. The process is frequently time- and resource-intensive. Because multi-signature transactions are implemented by aggregating all the public keys involved, Bitcoin nodes can verify signatures in batches, reducing the time and computational power used to verify a single transaction.

Schnorr and Privacy

Schnorr signatures offer a significant boost to privacy within the Bitcoin network. One of their key advantages is the ability to efficiently verify multiple signatures in a batch and aggregate them into a single signature. By minimizing the size of transactions, Schnorr signatures help obscure the number of participants involved in a multi-signature transaction, thereby enhancing transaction privacy and confidentiality.

Schnorr signatures also increase Bitcoin’s resistance to malleability attacks. Schnorr signatures are non-malleable, meaning a third party cannot modify them without invalidating the signature. This property preserves the integrity of transactions, thus promoting privacy and security.

Why did Bitcoin wait so long to implement Schnorr?

Surprisingly, Schnorr signatures have existed since the 1980s, when they were created by Claus Peter Schnorr, a German mathematician, and cryptographer. After inventing a simpler digital signature scheme, he patented it, limiting the use of his idea. However, the patent expired in 2008 and was not renewed.

Nevertheless, when inventing Bitcoin in 2009, Satoshi Nakamoto opted for ECDSA, a more complex but open-source option. ECDSA at the time was standardized and more widely used than Schnorr Signatures, due to the latter’s recently expired patent. Furthermore, ECDSA was supported by OpenSSL, a crypto library on which Bitcoin’s codebase was built.

So Bitcoin continued to implement ECDSA as its digital signature scheme with no internal counterarguments until 2014 when it was proposed on the Bitcoin Talk forum. Bitcoin Core contributors Pieter Wuille, Jonas Nick, and Tim Ruffing eventually drafted a Bitcoin Improvement Proposal highlighting how Schnorr Signatures might fit into the Bitcoin network. Their proposal was later tagged BIP 340 and included in the Taproot Upgrade of 2021.

Conclusion

Schnorr is a multi-signature system that enables BTC transactions to be completed with fewer data than the traditional signature system (ECDSA). Schnorr not only improves the scalability and privacy of multi-signature use, as previously described, but it also enables other BIPs, potentially paving the way for future developments such as smart contracts in Bitcoin.