Resists powerful actors through decentralization
I hope it's obvious it was only the centrally controlled nature of those systems that doomed them. I think this is the first time we're trying a decentralized, non-trust-based system.
- Satoshi
After an astounding victory, the small block narrative, that end users had to agree to protocol rule changes, was finally seen as compelling.
- Jonathan Bier, The Blocksize War
Alice
Bob
bc1q... address
Alice
Bob
bc1p... address
with Taproot
Authorization of Transactions:
In blockchain: ECDSA Schnorr signature of Alice's public key
Alice
Charlie
Taproot
½ Sig Agg
Sig Agg
Batch Verify
Key Agg
Adaptor Sig
on-chain
off-chain primitives
Layer 2
(Multiparty-) Payment Channels
Sidechains
Federated E-Cash
ROAST
usability for payments
(on-chain and layer 2)
surveillance resistance
security of wallets
resilience
Transaction
Multisig?
Normal Payment?
Sidechain?
Lightning?
example: coin that can be spent by
or(Alice,and(Bob, older(1000))
Taproot
½ Sig Agg
Sig Agg
Batch Verify
Key Agg
Adaptor Sig
on-chain
off-chain primitives
Layer 2
(Multiparty-) Payment Channels
Sidechains
Federated E-Cash
ROAST
A
B
C
ABC
*t-of-n with taproot in best case
\( R_1', R_1''\)
\( R_2', R_2''\)
\(s_1\)
\(s_2\)
Need to keep state between rounds. How does that work in hardware wallets?
"One other cool topic that came up [at the LN dev summit] is the concept of leveraging recursive musig2 (so musig2 within musig2) to make [LN] channels even _more_ multi-sigy."
KeyAgg( Alice, KeyAgg(2-of-3, Bob1, Bob2, Bob3) )
A
B1
B2
B3
B
AB
Taproot
½ Sig Agg
Sig Agg
Batch Verify
Key Agg
Adaptor Sig
on-chain
off-chain primitives
Layer 2
(Multiparty-) Payment Channels
Sidechains
Federated E-Cash
ROAST
11-of-15 Liquid federation
Schnorr Threshold Signature
Signing Process
Taproot
½ Sig Agg
Sig Agg
Batch Verify
Key Agg
Adaptor Sig
on-chain
off-chain primitives
Layer 2
(Multiparty-) Payment Channels
Sidechains
Federated E-Cash
ROAST
Lightning:
HTLC PTLC
HTLC PTLC
Taproot
½ Sig Agg
Sig Agg
Batch Verify
Key Agg
Adaptor Sig
on-chain
off-chain primitives
Layer 2
(Multiparty-) Payment Channels
Sidechains
Federated E-Cash
ROAST
therefore, more transactions per block
status: spec in progress, requires softfork
Taproot
½ Sig Agg
Sig Agg
Batch Verify
Key Agg
Adaptor Sig
on-chain
off-chain primitives
Layer 2
(Multiparty-) Payment Channels
Sidechains
Federated E-Cash
ROAST
Protocol | Application | Benefits | Status |
---|---|---|---|
Batch verify | Faster verification | Full node ressources | Prototype implementation |
TR Merkle tree | Hidden script paths | Smaller txs, surveillance resistance | - |
MuSig2 | n-of-n multisig | Smaller txs, surveillence resistance | Specification in progress |
FROST | t-of-n thresholdsig | " | Implementation in progress |
Nested MuSig/FROST | Recursive Thresold/Multisig | Split LN node, L2 tricks | Research |
Adaptor Sig | Swaps, HTLCs | Useful for L2, surveillance resistance | Specification in progress |
Blind Sigs | Blind swap | Surveillance resistance | Applications where? |
Thresh.BlindSigs | Federated E-cash | L2, Surveillance resistance | Implementation in progress |
Half Agg | All txs | Smaller txs | Research, requires softfork |
Full Agg | All txs | Smaller txs | Research, requires softfork |
ROAST | thresholdsig | Makes signing robust | Research done |