Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.

Bitcoin's core developer team isn't yet done scaling the cryptocurrency's protocol.

Despite the fact that a years-in-the-making change called Segregated Witness (SegWit) activated on the network just over six weeks ago (with businesses and users now slowly updating and average block sizes inching upward), the upgrade has already started a chain reaction of work on other optimizations geared toward accommodating more users.

So, while businesses and miners are pushing for more aggressive scaling via the controversial Segwit2x proposal, the open-source team behind bitcoin's most widely used software is focused on other efforts entirely. Called "Schnorr signatures," the technology offers another signature scheme option alongside Elliptic Curve Digital Signature Algorithm (ECDSA). One benefit is that it supports "signature aggregation" on the bitcoin blockchain.

While that may sound complex, the change aims to consolidate activity that already takes place on the network with each transaction. Under the ECDSA scheme, each piece of a bitcoin transaction is signed individually, while with Schnorr signatures, all of this data can be signed once.

And doing so could improve bitcoin in a few key ways, according to developers working on the effort.

Blockstream engineer Jonas Nick told CoinDesk that this method of mashing signature data together should be considered "low-hanging fruit for helping bitcoin scale."

First, by decreasing the number of signatures, it increases the amount of transaction data that can fit into each block. Second, by merging signatures, the technology could enhance privacy by making it harder to determine where transactions are coming from.

Third, it's believed the change could curb "spam attacks," where one entity sends a bunch of small bitcoin transactions that take up extra space in the blockchain, potentially making nodes more difficult to run.

Success through failure

Though the new signature technology has been an idea since at least 2013, developers have recently made some breakthroughs, bringing Schnorr signatures closer to actual implementation on bitcoin.

SegWit was the first necessary step in that the code change, which moves signature data to another part of the block, making Schnorr (or something like it) possible to implement with a backward-compatible software upgrade (soft fork), where it wasn't previously.

Then, most recently, developers stumbled upon under-the-radar cryptography research that could help them build the algorithm faster.

According to a transcript of Bitcoin Core's annual meeting over the summer, developers submitted a paper outlining their signature aggregation scheme to Financial Cryptography and Data Security 2017. While the conference committee rejected the paper – asserting that the security proof for the signature aggregation scheme provided in the paper was too flimsy – they also suggested another paper, which provided a stronger security proof.

Bitcoin Core contributor Bryan Bishop told CoinDesk:

"This is important and useful because it means that the cryptography has been studied in the past to a further extent than we previously thought."

With this work already done, developers can spend less time ironing out the security signature scheme, and more time figuring out how to implement it on bitcoin.

Next steps towards reality

Blockstream's Nick points to an in-progress bundle of code changes called "aggsig module" as the main place where Schnorr signatures are being worked on.

Code contributions – from Andrew Poelstra, Greg Maxwell, Pieter Wuille, Peter Dettman and others – date back as far as 2012, showing this module as the most advanced in terms of being worked on over the longest number of years.

While many developers there have turned their attention to optimizing the performance of the Schnorr code implementation to make sure the verification of signatures is as fast as possible, Nick said, there are still some missing pieces to the aggsig module before it can be fused into bitcoin itself.

For example, bitcoin's OP_CHECKSIG function checks to see if someone really owns the bitcoin they're trying to send. Currently the function does not take the new Schnorr signatures into account, meaning it can't do the aggregating signatures, said Nick.

"There's no public proposal yet specifying how [that] would exactly work," he explained, adding that developers need to write up some sort of a roadmap for the new function, before it can be implemented.

Still, he was optimistic that the change will not take long to implement, calling it "relatively straightforward."

Nick concluded:

"The right people just need to find time to focus on it."

Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which helped organize the Segwit2x scaling proposal, and has an ownership stake in Blockstream.

Correction: An earlier version of the article misstated where Schnorr signatures can be used. That has been corrected.

Colored pencils image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.