What Is Bitcoin Taproot? [An Introductory Guide]

Though 2018 was a bear market for the cryptocurrency space Bitcoin made great strides amidst this lul.

Bitcoin’s development progressed undistracted by its price action and many great proposals to improve Bitcoin’s scalability, privacy, and flexibility were put forward.

Amongst these, privacy remains a major concern for Bitcoin because it is a transparent ledger that treats everyone equally and publishes all activities happening over it.

One improvement that particularly invited a lot of debate in the Bitcoin’s cryptography mailing list and it is called Bitcoin Taproot- which aims to improve the privacy of Bitcoin transactions.

But before jumping on to Taproot, let me begin with a concept called Bitcoin MAST, who’s limitations Bitcoin Taproot intends to solve.


If you remember, I have mentioned about Taproot in my previous article on Bitcoin MAST.

But anyway for today’s fresh start let me give you a gist of it.

Bitcoin transactions work essentially by first locking bitcoins in a script (or conditions) and then unlocking it and then locking it again somewhere under some new scripts (or conditions). And script here means a couple of lines of code written in Script Language- which is the official smart contract language in Bitcoin.

And MAST is the new way of stacking these scripts (or conditions) in a Merkle tree so that they can be verified using a Merklized Bitcoin address.

In the MAST article, I have pointed out that if anyone is using Merklized Bitcoin address on the public blockchain of Bitcoin, then it is easy to identify that someone is using multisig or at least complex conditions for transferring those bitcoins.

But why to even leak this kind of information that someone is using multisig or underlying conditions to move particular coins as this can be a potential privacy loophole.

Also, while using MAST enabled addresses you need not include the whole script (or conditions) in the UTXO for spending it because even a part of the entire script (or an individual condition) can be verified against the hash of the whole script, i.e., Merkle root.

Now as MAST  requires you to include only that condition in the transaction that you are using instead of the whole set, has data benefits. This way your transaction becomes much smaller while simultaneously giving you the capability to engage with complex unlocking conditions.

This is unlike the P2SH addresses where you need to reveal the whole script (or conditions) in the output for spending it.

But because of this MAST transactions look different from the standard normal transactions and to combat this problem Bitcoin developers have come up with a solution called Taproot, which makes multisig or conditional transactions of MAST indistinguishable for the standard transactions.

Note: Know more about  Pay To Script Hash (P2SH) & Merklized Abstract Syntax Trees (MAST) by reading these guides.

What Is Taproot?

Taproot is a form of MAST but with a little tweak that allows one to make a complicated conditional transaction (i.e., multisig) look like a normal transaction.

  • Did you know two private keys added together can sign for their respective public keys added together?

This trick is called aggregate signatures or threshold signatures or threshold public keys.

Taproot intends to use this trick with MAST and multisig transactions, enabling participants to aggregate their signatures and spend from a multisig just like a normal transaction.

The maths behind it is complicated, so I will skip that for this section, but if you want to explore it now, you can do it here.

Coming back to the trick of signature aggregation and this is called Schnorr Signatures.

Schnorr Signatures, in short, helps you sign one time instead of signing multiple times for different addresses using an aggregate signature.

Taproot was originally proposed in January 2018 by Gregory Maxwell to expand the smart contract abilities of Bitcoin with scalability and privacy in mind.

And now if you see technologies like P2SH, MAST, Schnorr and Taproot you realize that Taproot is combining all of these in one plat with maximum optimization and least engineering trade-offs.

Taproot Limitations

Having said that it doesn’t mean Taproot doesn’t have its limitations.

Taproot works well when you have the sort of base case in multisig for example even in 2-of-3 multisig if all 3 signs, the bitcoins will be released.

Similarly, when 2-of-3 signs the bitcoins will be released and the transaction can be made indistinguishable from the normal ones.

But what if 2-of-3 are not agreeing/signing and you have other alternative scenarios coming into play !!

  • Can we ensure privacy and indistinguishability in such case with Taproot?

Well, we can but it will become data-heavy as well as complicated thus capping its ability of inclusion for more complicated conditions where alternatives other than the base case are likely to come into play.

For such scenarios, Gregory Maxwell has come up with another technique called Graftroot which will provide the ability to have an arbitrary number of alternative conditions without being data-heavy.

But in any case, right now the only tech that is being desperately worked upon by the developers is Schnorr signatures.

This is because without Schnorr, MAST can’t go live in an efficient way and when MAST can’t go in then there is no question about Taproot or Graftroot.

But MAST and Taproot are relatively easy to implement as proclaimed by Bitcoin developers but the hard part is Schnorr signatures which the developers are thinking to implement from years.

After Segwit update the road to Schnorr is also clear, and much of the development has already happened. So one can expect Schnorr to be live this year.

But it is also likely that this stack of technologies such as Schnorr, MAST, Taproot may go all in together because they have their privacy benefits followed by Graftroot !!

That’s all from our side in this highly technical article on Taproot and we have tried our best to simplify thing here, so give us a shoutout or share it with your friends.

Next, we will be talking about Bitcoin Garftroot, so see you until next time !!

Sudhir Khatwani



Leave a Reply

Your email address will not be published. Required fields are marked *