Bitcoin Schnorr Signatures: A Beginner’s Introduction !!

Its been a busy and highly technical week where we have talked about various upcoming Bitcoin technologies such as P2SH, MAST, Taproot, & Graftroot.

These technical breakthroughs will make Bitcoin better and stronger.

But one tech about which I purposely didn’t talk before is Schnorr Signatures.

Bitcoin Schnorr signatures are significant so much so that without it the previously discussed tech pieces like MAST or Taproot will not have much impact.

Also, in some scenarios, it is no brainer to roll Schnorr first and then the other parts.

That’s why today we will deep dive into Bitcoin’s Schnorr signatures concept and see what makes it so important as well as relevant for Bitcoin.

Also, we will see if Schnorr was so relevant, why haven’t we implemented it before?

So let’s begin:

Bitcoin Schnorr Signatures

In cryptography, a Schnorr signature is a digital signature produced by the Schnorr signature algorithm that was described by Claus Schnorr.

It is a well-known signature scheme for its simplicity and linearity.

But so far it has been under the US patent and wasn’t standardized for Bitcoin. That’s why it hasn’t been incorporated in Bitcoin yet !!

Also, it wasn’t entirely possible to implement Schnorr before fixing the transaction malleability bug in Bitcoin which ultimately got fixed through Segwit update in July 2017.

To simply put, Schnorr signatures is a simple way of aggregating multiple signatures into one single signature for optimizing the verification and authentication processes.

That’s why the properties of Schnorr can be convenient for verifying Bitcoin transactions wherever we have multiple signatures involved such as during multsig transactions, batch transactions, or even during validation of Bitcoin blocks which are ultimately a group of transactions.

And for those of you who don’t know, in Bitcoin for every transaction, one needs to sign with his/her private keys to prove that he/she is indeed the owner of the coins present on a particular public key.

But when you have multiple outputs or batch transaction or multisig transactions, you need to have multiple signatures which are put into the limited 1 MB block of Bitcoin, taking up extra space which otherwise would have been used by other transactions.

Now, I know, you might think, aren’t signatures necessary?

Well, of course, they are, but too many signatures are not required.

Note: I am assuming that you understand Bitcoin UTXO model. If not then do read about it first !!

Let’s understand this with an example:

When you send a Bitcoin transaction, you sign the Bitcoin UTXO script, and this sign takes up space in Bitcoin’s blockchain.

This looks simple when you have enough bitcoins on a particular address to pay to another party, and this will be a single sign transaction looking like this:

But when you don’t have enough bitcoins on a particular address, your wallet will pool-in multiple UTXOs (outputs) to form a collected input of 1.5 BTC.

Let say Alice wants to pay 1.5 BTC to Bob and Alice has 0.5 BTC on three different addresses of her wallet as she is using an HD wallet.

So the transaction will look like this:

UTXO1- 0.5 BTC


UTXO2- 0.5 BTC



And Alice will be signing three times in this case as she is procuring the outputs from three different addresses. All this signature data goes in the block, increasing the size of the transaction and hence the fees Alice needs to pay.

But the realization that at the end of the day Alice is the same person who is willingly signing three times, why not to find a way that allows Alice to sign only once !!

And this has space benefits too as I told you before that this extra space taken by signatures could accommodate more transactions instead.

That’s where Schnorr Signatures comes in.

Let’s visualize Alice’s transaction through Schnorr signatures.

If Schnorr is enabled on the Bitcoin’s blockchain, then your Bitcoin wallet will aggregate the 3 signatures of Alice into 1 signature which will be valid for all the three Outputs that she is willing to spend.

So previous 3 signatures would have taken up (70 *3= 210 bytes) but now with Schnorr signature aggregation those 3 would have reduced to 1 signature of 64 bytes and would have looked like this:

So in the remaining space of  146 bytes (210 bytes-64 bytes), atleast one more transaction can fit in.

But there is more:

Schnorr Signatures & Multisig Transactions

Bitcoin as of now supports simple multisig transactions such as 2-of-3 or 3-of-5, but ultimately it will be required to support 2-of-100 or 20-of-500 like multisig transactions.

And Taproot or Graftroot enables that but without Schnorr, this would not be efficient.

In a complex multisig such as 100-of-500, the current signature scheme enabled by Bitcoin will require 100 signatures to be included in the block for a single transaction.

And approx one signature as per the current signature scheme takes up 70 bytes so for 100 signatures will be take up 7000 bytes (7 Kilobytes)

This is inefficient.

On the other hand, the Schnorr signature scheme will reduce these 100 signatures to only one schnorr threshold signature of 64 bytes and an additional space of 6936 bytes will be saved for more transactions.

There is more to Schnorr signatures as it offers these benefits:

  • More Scalability
  • More Privacy
  • Harder To Spam

Benefits Of Schnorr Signatures

#1. Scalability

As we discussed above that Schnorr can directly free-up a lot of space in the blocks, and hence more transactions can comfortably accommodate in the given 1 MB block. This will increase the throughput of Bitcoin’s blockchain given its 10 minutes block timing. Also, with time it will also decrease the rate at which the size of Bitcoin’s blockchain is growing thus helping in more efficient node synchronization.

#2. Privacy

At present when you execute a multisig transaction, it is easy to spot on the blockchain because it looks different than normal single party transactions. But with Schnorr and Schnorr enabled technologies such as Taproot it will be impossible for an observer to distinguish between a normal transaction and a multisig transaction.

#3. Spam Resistance

With Schnorr the spammers will require much more fake transactions to clog the Bitcoin’s network and hence spamming will be become difficult. But with the current signature scheme, we have already seen successful spam attacks on Bitcoin where spammers included such transactions in a block that had many signatures thus gobbling space which could have been taken up by transactions. And this resulted in congestion and a significant increase in Bitcoin transaction fees. Like example is shown below:


Bitcoin developers have been working on Schnorr signatures for almost 18 months now, and this is by far the most significant upgrade in Bitcoin after Segwit upgrade.

Schnorr signatures have bee standardized by Bitcoin developer Pieter Wuille, and Bitcoin Schnorr Signature BIP was submitted in July 2018.

And in terms of Bitcoin Schnorr signatures timelines it looks like it will go live in next 6-9 months together with MAST & Taproot changes !!

Lastly, it is predicted that it will increase 25-30% capacity of Bitcoin’s blockchain even if it is implemented for batched transactions or transactions involving multiple outputs, so you can imagine its impact when implemented for multisig and block validations !!

So that’s all from us in the introduction to Bitcoin Schnorr signatures and if you liked this article? Don’t forget to share it with your friends interested in Bitcoin tech !!

Further Suggested Readings…

Sudhir Khatwani



Leave a Reply

Your email address will not be published. Required fields are marked *