Bitcoin's Taproot Privacy Tech Is Ready – But There's a Catch

Bitcoin could get better privacy with Taproot, but there's one big obstacle - it can't be deployed until another technology goes through.

AccessTimeIconAug 15, 2018 at 4:02 a.m. UTC
Updated Sep 13, 2021 at 8:17 a.m. UTC

Bitcoin's privacy is pretty abysmal – after all, what else can you say when anyone in the world can look up any transaction using a web explorer?

But while that's the case today, developers have long been trying to find a fix, or at least improve it over time. One of bitcoin's most famous developers, Greg Maxwell, even aroused quite a bit of interest when he proposed something called Taproot back in January.

Far from providing full bitcoin privacy, Taproot's code offers a way to make all transactions on the blockchain look the same to outsiders. Still, chatter about the proposal has arguably faded as other projects caught the community's eye and bitcoin's price tumbled.

Among those who haven't forgotten about the proposal, though, are bitcoin's developers, as plenty of toiling has been going on behind the scenes. Mathematician Andrew Poelstra pulled together a mathematical security proof in April, while Xapo engineer and Bitcoin Core contributor Anthony Towns put forward an idea for potentially decreasing how much data the technique uses in July.

The continued work showcases why many believe Taproot to be a discovery that provides an "enormous privacy win" for bitcoin, as Blockstream co-founder Pieter Wuille put it in a recent talk. Even better, it's actually not a crazy difficult change to make to bitcoin.

"Taproot is simple enough it could probably go in straight away," Towns told CoinDesk.

The problem, and it's a big one, is it's dependent on tech that doesn't exist yet.

Towns explained:

"Without Schnorr, Taproot doesn't get you all the way to where you want to go."

The missing piece

The reason is that Taproot would keep it a secret that any advanced payment is occurring on bitcoin.

More commonly known as smart contracts, there are a variety of complex transactions used in bitcoin, like the kind that enables the off-blockchain protocol lightning for more scalable bitcoin payments and other complex types that are still in development.

But because bitcoin's ledger is public, it's obvious when someone uses one of these transactions.

Taproot puts an end to that by making these transactions look the same as every other "boring payment," as Maxwell put it in the technology's announcement post.

Yet, it can't do this without Schnorr, an upgrade to bitcoin's signature scheme that's been on developer's coding agenda for years. The signature scheme is supposed to be better than bitcoin's current signature scheme "in basically every way." And it enables Taproot because it allows signature data to be mashed together into one.

"Schnorr is necessary for that because without it, we cannot encode multiple keys into a single key," Wuille continued in his presentation.

Schnorr's just finally getting off the ground. In fact, it looks like it's going to be bitcoin's next crucial change, with Wuille recently publishing a (very) technical proposal detailing how it might one day be added to bitcoin.

But since Schnorr's been taking years, developers have long been dreaming about what they can build on top once the technology is actually live.

As Towns put it, Schnorr is a "more exciting" change, but Taproot is "the cherry on the top."

Developers have long been thinking about other enhancements, including those enabled by Schnorr, though it's worth noting that Taproot isn't the only important change being considered. Towns thinks the privacy enhancement might be rolled in with other upgrades.

"As far as I'm concerned, Taproot, Schnorr, Graftroot is a bundle that all goes together," he said, referring to yet another technology Maxwell pioneered.

And it doesn't stop there. Towns guesses that still even other long-anticipated changes will go in at the same time, including MAST, a proposal to boost bitcoin smart contracts, and SIGHASH_NOINPUT, a change that could usher in a more reliable lightning network - the tech bitcoiners hope will help bring bitcoin to the masses.

Even though these technologies have different names and have been proposed at different times, Towns is starting to think of them as one thing.

Deciding what's next

There are so many proposed changes, in fact, developers have been grappling with which should be made first.

Wuille explained in his talk why it's not such an easy decision. There's a small pressure for deploying all these features together at once. Each time they deploy a new "consensus change," it requires a new addressing format.

Since the addresses are different than the old one, this makes it very obvious who's using the new feature - especially since not everyone is going to suddenly adopt the feature the day it launches. It's going to take time, just like past changes have taken time.

That's a small hit to privacy. And doing this more than once would be even worse.

On the other hand, deploying all these changes together would be a mess.

Speaking of other changes, there's also so-called "signature aggregation," the most-hyped application of Schnorr, which could help to scale bitcoin even further. But since it's so complex and needs further review, this is one change that developers think should be added to bitcoin later on.

But Schnorr might not ultimately prove to be a roadblock for Taproot.

In fact, Wuille's been focusing on a proposal to deploy Schnorr and Taproot together, partly because he thinks the privacy addition from Taproot is so exciting, calling it an "enormous win" for smart contracts in bitcoin.

On the Schnorr front, Towns mentioned that developers are still working out some kinks, such as a hardware attack vector that Maxwell discovered. Developers are cagey to give code timelines, since upgrades often take longer than expected. And Schnorr is no different.

Earlier on, Poelstra was hopeful it could be deployed by the end of the year, giving bitcoin users a chance to decide whether to adopt it or not. But it all depends on how quickly developers can settle on a path for the change, code it up, and get it reviewed.

As Towns put it:

"You can't come up with a proposal until you know what to stick in it. The only real delay is finalizing what's going into it. "

Tree root image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.