Resists powerful actors through decentralization
I hope it's obvious it was only the centrally controlled nature of those systems that doomed them. I think this is the first time we're trying a decentralized, non-trust-based system.
- Satoshi
~10 min
1MWU
1MWU
~10 min
1MWU
MWU = Mega Weight Unit
After an astounding victory, the small block narrative, that end users had to agree to protocol rule changes, was finally seen as compelling.
- Jonathan Bier, The Blocksize War
Alice
Bob
bc1q... address
Alice
Bob
bc1p... address
with Taproot
Authorization of Transactions:
In blockchain: ECDSA Schnorr signature of Alice's public key
Alice
Charlie
Idea: use Bitcoin as settlement layer, build protocols on top with different trust assumptions
Taproot
½ Sig Agg
Sig Agg
Batch Verify
Key Agg
Adaptor Sig
on-chain
off-chain primitives
Layer 2
(Multiparty-) Payment Channels
Sidechains
Federated E-Cash
usability for payments
(on-chain and layer 2)
surveillance resistance
security of wallets
resilience
Transaction
Multisig?
Normal Payment?
Sidechain?
Lightning?
example: coin that can be spent by
or(Alice,and(Bob, older(1000))
Taproot
½ Sig Agg
Sig Agg
Batch Verify
Key Agg
Adaptor Sig
on-chain
off-chain primitives
Layer 2
(Multiparty-) Payment Channels
Sidechains
Federated E-Cash
A
B
C
ABC
*t-of-n with taproot in best case
\( R_1', R_1''\)
\( R_2', R_2''\)
\(s_1\)
\(s_2\)
Need to keep state between rounds. How does that work in hardware wallets?
Taproot
½ Sig Agg
Sig Agg
Batch Verify
Key Agg
Adaptor Sig
on-chain
off-chain primitives
Layer 2
(Multiparty-) Payment Channels
Sidechains
Federated E-Cash
Lightning:
HTLC PTLC
HTLC PTLC
Hash(x)
x <- random
Hash(x)
Sender
Receiver
Hash(x)
x
x
Lightning:
HTLC PTLC
HTLC PTLC
Taproot
½ Sig Agg
Sig Agg
Batch Verify
Key Agg
Adaptor Sig
on-chain
off-chain primitives
Layer 2
(Multiparty-) Payment Channels
Sidechains
Federated E-Cash
therefore, more transactions per block
Taproot
½ Sig Agg
Sig Agg
Batch Verify
Key Agg
Adaptor Sig
on-chain
off-chain primitives
Layer 2
(Multiparty-) Payment Channels
Sidechains
Federated E-Cash
Protocol | Application | Benefits | Status |
---|---|---|---|
Batch verify | Faster verification | Full node ressources | Prototype implementation |
TR Merkle tree | Hidden script paths | Smaller txs, surveillance resistance | - |
MuSig2 | n-of-n multisig | Smaller txs, surveillence resistance | Specification in progress |
FROST | t-of-n multisig | " | Implementation in progress |
Recursive Key Agg | Multisig of multisig | L2 tricks | Research |
Adaptor Sig | Swaps, HTLCs | Useful for L2, surveillance resistance | Specification in progress |
Blind Sigs | Blind swap | Surveillance resistance | Applications where? |
Thresh.BlindSigs | Federated E-cash | L2, Surveillance resistance | Implementation in progress |
Half Agg | All txs | Smaller txs | Research, requires softfork |
Full Agg | All txs | Smaller txs | Research, requires softfork |