Schnorr is coming...
In fact, the bitcoin upgrade arguably took its most significant step yet toward implementation last week when influential developer Pieter Wuille unveiled a draft outlining its technical makeup. With the release, the idea, one that's been in the works by bitcoin developers for years, is one step closer to improving the scaling and privacy of the world's most valuable cryptocurrency.
Effectively, this sets up Schnorr as the next big change to bitcoin, meaning it will be the largest code change since Segregated Witness (SegWit), a pivotal bug fix that prompted a drawn-out battle in the bitcoin community last year before ultimately being adopted.
At a technical level, adding support for Schnorr, a digital signature scheme, would give bitcoin users a new way to generate the cryptographic keys they need to used to store and send bitcoin. By doing so, it also paves the way for a number of exciting benefits, including tackling privacy and scalability, arguably two of bitcoin's most worrisome problems.
"It is a building block for a variety of improvements," Wuille told CoinDesk, adding there are even some further-out improvements that haven't gotten a lot of attention quite yet. And while Wuille hopes the change will ultimately be adopted, he added it's "ultimately up to the users" if they want to adopt it - as was the case with SegWit.
Co-authored by several top bitcoin developers, including the likes of Bitcoin Core contributor Johnson Lau and Gregory Maxwell, the technical, math-ridden proposal outlines the exact signature scheme that could be coded in bitcoin.
And while it's far from that final goal, it's a necessary piece.
Blockstream engineer and co-author Jonas Nick told CoinDesk:
A way forward
For one, the BIP draft helps to avoid future confusion by proposing a standard that ensures that all developers and merchants eventually implement the Schnorr signature code in the same way.
Though the full description can be read in the highly-technical BIP, the main idea is it describes the math necessary to produce Schnorr signatures, offering an alternative to Elliptic Curve Digital Signature Algorithm (ECDSA), the sole algorithm used to produce keys and verify transactions in bitcoin today.
Schnorr will have one thing in common with the signature scheme it seeks to crowd out, though. If plan is accepted, it will use the same mathematical "curve" that ECDSA uses to produce the keys, called "secp256k1."
It's a lot of tricky math, so it's no surprise the release sparked technical discussion on the bitcoin developer mailing list.
But nothing major has come up so far and developers are optimistic, especially since one of Schnorr's key benefits is that, unlike ECDSA, Schnorr's security can actually be proved mathematically.
While Schnorr offers a number of improvements on its own, developers are also excited that it will also pave the way for a range of changes that can be built on top of it, such new privacy techniques.
Right now, it's obvious when users send so-called "multi-sig transactions," which are a more advanced type of transaction where more than one person is required to sign off on a transaction, because of bitcoin's public ledger. But Schnorr pave the way for a technique that will make these transactions look the same as every other transaction.
Nick noted Schnorr will also lead these advanced transactions will be cheaper as well, an important improvement since transactions can grow very expensive in times of congestion.
And it seems like new tech built on top of Schnorr are being proposed on a regular basis.
"Due to the wealth of new discoveries lately I believe these technologies should be developed in a step-by-step basis, and my focus for a first step is just Schnorr and Taproot," Wuille said, referring to the bitcoin improvement "Taproot" proposed earlier this year by another influential bitcoin developer Greg Maxwell to further improve bitcoin's privacy.
That said, there's still a ways to go - Schnorr's a massive project with many moving pieces.
While this BIP proposes a standard for developers to chime in on, Nick noted there's also a code implementation that's been in the works for ages, putting much of what's in the BIP draft into practice.
Plus, once developers fight it out until they decide there are no longer any outstanding problems, developers need to come up with a way to actually add it to bitcoin, among other things.
"The specifics for how to deploy it in bitcoin are still being actively discussed," Nick said.
Having been through a few so-called "consensus" changes in his years as a bitcoin developer, Wuille gave a particularly long list of things to do.
"Like any consensus change, it will be a long process involving fully fleshing out a draft for integration, publishing it, gathering comments from the technical community and ecosystem, writing implementations of both consensus rules and integration in wallet software, proposing a deployment plan, and if all goes well, get it activated," he said.
In the email where he introduced the BIP, he added that if the BIP is "accepted" by the broader bitcoin community "we'll work on more production-ready reference implementations and tests."
Not to mention, there's another potential stumbling block on everyone's minds.
Schnorr is a particularly big upgrade. Although changes are being made to bitcoin's most-used client every day, with code contributions coming from a diverse group of contributors stationed around the world, Schnorr is a rarer type of change, since it affects the most important rules in bitcoin.
SegWit was the last code change "consensus" change made to bitcoin, sparking a debate so big, those who disagreed with the change split off and created their own cryptocurrency with SegWit removed.
The most enthusiastic SegWit supporters even made hats to express their support for the code change. Blockchain consultant Francis Pouliot joked that similar advocacy hats should be made in advance of Schnorr, in case a similar vicious debate breaks out.
He's not the only developer mulling this possibility.
"It looks for now there are less detractors than there was for SegWit," developer Riccardo Casatta said, though adding he's not taking any chances: