Schnorr Upgrade Set for Inclusion in Next Bitcoin Cash Hard Fork

Alyssa Hertig
Apr 29, 2019 at 16:13 UTC
Updated May 3, 2019 at 18:51 UTC
news

Bitcoin cash’s next hard fork is almost here, a development that could enact a much-anticipated code change.

Slated for May 15, the blockchain update is particularly interesting because it includes Schnorr signatures, a scaling and privacy code change originally proposed by Blockstream co-founder Pieter Wuille for the bitcoin network.

Bitcoin cash developers have long been critical of bitcoin’s technical roadmap, as the project’s history shows. That’s why the relatively small group split off from bitcoin in the first place after years of fierce social media battles and accusations of censorship across bitcoin’s dedicated subreddits. But as critical as bitcoin cash enthusiasts might be of Segregated Witness (SegWit), lightning, and other technologies, they agree that Schnorr is the right move.

The code adding Schnorr to bitcoin cash was originally released three months before the activation date in May. Since it is a hard fork — a change which is not backwards-compatible — all participants in the ecosystem must upgrade their software to stay on the same cryptocurrency network.

In conversation with CoinDesk, bitcoin cash app CoinText CTO Vin Armani framed it as a competition:

“[There’s] really not much to write home about in this upgrade except for the fact that [bitcoin] devs have been wanting to add Schnorr signatures for a long time and [bitcoin cash] beat them to it.”

On the other hand, Blockstream developer Jonas Nick thinks this is a good sign for bitcoin. Bitcoin’s last big change, SegWit, led to the aforementioned couple of years war. But Schnorr is far from generating the same strife.

“This is a good indication that there would be no controversy over adding Schnorr signatures in a bitcoin [soft fork],” Nick told CoinDesk.

Why Schnorr matters

So, what’s the value of Schnorr?

In order to cryptographically prove that you own some bitcoin and send funds to someone else, you must “sign” with a private key. The signature scheme used today in bitcoin is Elliptic Curve Digital Signature Algorithm (ECDSA).

But Schnorr is an improvement over what bitcoin employs today. In short, it is able to bundle signatures together, making it possible to less data than ECDSA, thereby improving a cryptocurrency’s scalability.

“In layman’s terms, that means that the software is able to verify several signatures at once, for instance eight, in a way that is faster than verifying one signature eight times,” leading bitcoin cash developer Amaury Sechet told CoinDesk.

At the same time it improves privacy, an exciting addition for users who don’t want the whole world to know what they’re buying with bitcoin.

Bitcoin couldn’t use Schnorr signatures from the beginning because they were patented and not allowed to be openly used until a few years ago when the patent expired. As such, bitcoin developers, led by Wuille, have been eyeing adding the new signature scheme to bitcoin for quite some time, working behind-the-scenes to put it into practice.

And while bitcoin and bitcoin cash developers have had their disagreements, bitcoin cash decided the idea was a good one. As far back as February 2017,  Sechet wrote in a blog post outlining how they work: “Schnorr signatures are very interesting beasts.”

A bit later, in July 2017, Sechet was caught copying Schnorr test code from Bitcoin Core’s github. Open source code is intended to be shared so others can work with it, but Sechet took the code and put his name in Wuille’s place, only making a few changes. This violates the MIT open source license stamped at the top of the code, which allows “very limited restriction on reuse,” labeling just one condition, which Sechet did not follow:

“The above copyright notice and this permission notice shall be included in all copies or substantial portions of the software.”

Notably, though, Sechet sees the situation differently. While he did copy most of the code, he fixed a vulnerability: that the original code did not include “public key prefixing,” making Schnorr more secure.

“At the time, I thought this was a mistake made by the bitcoin developer and proposed to implement Schnorr on bitcoin cash that is similar to what edDSA does rather than what Bitcoin Core developers chose to do and faced heavy criticism for it,” Sechet said.

All that said, a few years later, bitcoin cash is now about to enact Schnorr via a hard fork.

This type of change is controversial for a bundle of nuanced reasons. To oversimplify, bitcoin developers prefer so-called “soft forks,” which are backwards-compatible, allowing users who don’t upgrade to the old rules to still send transactions to those running the new rules. They are wary of hard fork changes because they see them as a centralization concern, since they are not backwards-compatible and it’s hard to determine if everyone using the blockchain wants to go along with the change.

Meanwhile, bitcoin cash developers see hard forks as an easier way to make dramatic changes to their blockchain.

“The hard fork process generally allows a blockchain to deploy features with much less code and exploitable edge conditions. I think you would find that industry-wide most blockchains use hard forks for that reason,” Bitcoin Unlimited developer Andrew Stone told CoinDesk.

Fancier future

While the hard fork is a big step, bitcoin cash developers still plan to take some additional steps to make the best use of the new signature scheme.

Cryptocurrency marketplace OpenBazaar lead developer Chris Pacia, who also develops for bitcoin cash noted that they’ll use this scheme to eventually introduce “aggregate signatures across inputs.”

“In other words only one signature per transaction no matter how many inputs which would reduce the transaction size quite a bit and reduce validation time,” he said.

To do this they plan to implement something along the lines of MuSig, long-in-the-making technology that bitcoin tech startup Blockstream recently released a test version of. But this technology “has has never been deployed in anything protecting people’s money” Pacia said, “so I think the plan is to wait until MuSig has seen more usage and people are happy that it’s secure.”

Not to mention, even though bitcoin cash has been quick to add Schnorr signatures as an option to the protocol, it might take a while for the change to reach normal users. Bitcoin cash app and wallet developers still need to add support for it so that their users can take advantage of it, which could take more time.

Armani argued that “there should be no impact at all” on his app CoinText because they have “no immediate plans to implement Schnorr signatures.”

“It might be something we do down the line, but it’s not on our roadmap for this year,” he added.

Code image via Shutterstock