What is Taproot? Bitcoin's Biggest Upgrade Since 2017

What exactly is Taproot and what does the upgrade mean for Bitcoin?

What is Taproot? Bitcoin's Biggest Upgrade Since 2017
Bitcoin users will activate the Taproot upgrade in November 2021 after miners successfully signalled for the protocol improvement, locking it in on June 12th.

An upgrade that improves the scalability and privacy of complicated use cases for bitcoin is on the horizon.

The upgrade is generally referred to as Taproot, which is a trio of changes proposed for the Bitcoin protocol (also known as BIP 340, BIP 341 and BIP 342).

Taproot's origins go back to January 2018, which was first proposed by Bitcoin Core developer Gregory Maxwell to improve the efficiency and privacy of multi-signature transactions.

Read the original Taproot post to the bitcoin-dev mailing list here.

The three changes comprise Schnorr Signatures, Taproot and Tapscript, which are bundled together in order to get maximum effect in terms of privacy in a single upgrade. These three changes correspond to the three BIPs mentioned above.

BIP is an acronym of 'Bitcoin Improvement Proposal', which is basically the standard for submitting and implementing an improvement to Bitcoin. The flow chart below from GitHub outlines the process of a BIP:


Source: GitHub.

Once a BIP is 'Final', developers pass the baton to miners with signalling. For Taproot, a new deployment method known as Speedy Trial was used. Miners and mining pools help to coordinate the deployment of a soft fork in their mined blocks.

To lock in the Taproot soft fork for activation with Speedy Trial, 90% of the blocks have to signal readiness during a period of 2,016 blocks, which occurred on June 12th. Full nodes that have upgraded to Bitcoin Core or any other compatible implementation are due to activate the Taproot soft fork in November 2021.

There are three key reasons why Taproot is an important upgrade for Bitcoin, which is the biggest change to the protocol since the Segregated Witness (or SegWit for short) in 2017:

  1. Taproot improves the scalability of Bitcoin, making the on-chain footprint of bitcoin transactions slightly smaller, with complicated bitcoin transactions (such as multi-signature transactions that require signatures from more than one party to spend the funds) enjoying the greatest space savings.
  2. Taproot massively improves the privacy of the system. Multi-signature transactions will look like standard, single-signature transactions. For complex scripts, only the path that has been executed will be revealed on-chain. All transactions will look the same, whether they are a multi-signature transaction, opening or closing a Lightning channel and so on.
  3. Finally, the upgrade provides some groundwork for future privacy improvements and new developments.

What are Schnorr Signatures?

BIP 340 relates to Schnorr signatures, which is just a different signature protocol that’s more compact and lightweight, reducing the size of signatures and public keys that are put onto the blockchain (this has the effect of making bitcoin transactions slightly cheaper).

While the first paper on Schnorr signatures was published by Claus-Peter Schnorr in the early 1990s, the technology had a patent on it that didn’t expire until 2008. This patent made it difficult to implement any libraries that work with this system at the time Satoshi Nakamoto invented Bitcoin.

In Bitcoin's current state, the Elliptic Curve Digital Signature Algorithm (or ECDSA) is used to ensure that only the rightful owners of coins can spend them. As you may know already, two keys are required to send or receive a bitcoin transaction. To spend some funds, you must sign a message proving that you have the required private key. To receive funds, you must give the sender your address, which is derived from your public key.

Along with the reduction of data on the Bitcoin blockchain, Schnorr signatures have a special property: they can be aggregated. Aggregation means you can combine several signatures into one.


Source: Bitcoin Optech.

For example, we can present a signature that is the sum of five signatures, and verify that it is part of one public key that represents the five public keys with Schnorr signatures. The advantage of this is that if there’s a single signature, you cannot tell whether there’s one person or five people behind that key.

Basically, key aggregation enabled by Schnorr will make every type of payment look like a simple payment. For instance, take the example of closing a Lightning channel, which is basically a 2-of-2 multi-signature spend. It's obvious to an observer since everyone can see it on the blockchain. With Schnorr signatures, it will look like a simple transaction and no one will know it was a Lightning channel closure.

What is Taproot?

The big scalability improvements for more complex scripts are part of BIP 341, known as Taproot. The benefit for Bitcoin is that smart contracts are made more efficient and private, which is done by only revealing the relevant parts of the contract when spending. In effect, what Taproot does it hide complex scripts as a single signature on a single public key, making it look like a simple payment.

Currently, with complicated bitcoin transactions, you must provide the entire script and all the conditions. The problem is that it’s a very long transaction. If you are signing lots and lots of inputs, it gets longer and longer.

How does Taproot hide these complex scripts?

The complex scripts are hidden using a Merkle tree and with the different conditions hidden within the tree (similar to the method used to compress bitcoin transactions into a block). Instead of providing all the script, just the hash of the tree is provided, which captures all the different conditions but shields parts of the script that you’re not exercising to spend. Therefore, the proof provided is very short.


Source: Bitcoin whitepaper.

The diagram above illustrates how Bitcoin transactions are hashed in a Merkle Tree. With Taproot, the difference is that instead of bitcoin transactions, its conditions for a complex bitcoin transaction that are put into a Merkle Tree and only the executed path is put on the blockchain.

In the case of an unanimous decision between different parties, complex transactions will have a single signature and a single public key, appearing to everyone on the network as a simple payment. All you can see is the root, and that’s why the proposal is called 'Taproot'.

Like SegWit, the upgrade with come with a new address type, known as Pay-to-Taproot (P2TR) to enable the new functionalities of Schnorr signatures and Taproot spends.

What is Tapscript?

Tapscript (also known as BIP 342) is mainly an improvement to Bitcoin’s existing script and updates several opcodes. An opcode is a command to a node in the Bitcoin network letting them know how to deal with a particular transaction request.

To verify the new featured added by Schnorr signatures and Taproot, new script capabilities are added which together are referred to as Tapscript. The flexibility introduced by Tapscript for Pay-to-Taproot spends leaves the door open for further upgrades in the future.

What Changes from a User Perspective After Taproot?

Unless you use Taproot-enabled services, you may not notice much of a difference using Bitcoin, since it's a backward compatible upgrade (meaning that it is not mandatory to upgrade to a Taproot-enabled wallet to use Bitcoin). Of course, once you use a Taproot address, there’ll be cheaper fees for your transactions and improved privacy with respect to complex transactions.

Similar to the SegWit upgrade, Taproot introduces a new address type for Bitcoin. The list below shows how you can distinguish between different address types:

  • 'Legacy' or Pay-to-Public-Key Hash (P2PKH) addresses start with a 1,
  • Pay-to-Script Hash (P2SH) addresses start with 3,
  • Native SegWit, or Bech 32, addresses start with bc1,
  • Pay-to-Taproot (P2TR) addresses will start with bc1p.

The more people that use Taproot-compatible addresses, the greater the privacy benefits for the entire network, since more transactions will look similar. The hopes are that it becomes the new standard and adoption increases.

Wallets are likely to implement Taproot soon after it’s live, especially those that have already integrated Segregated Witness version 0. Looking back at SegWit, it took a few years to become widespread, with the current uptake at 68% of all transactions spending one or more SegWit outputs:


Source: transactionfee.info.

How Might Taproot Impact the Bitcoin Market?

We can use the activation of SegWit (Bitcoin's most recent major upgrade) as a case study to see what could possibly happen with the price of bitcoin prior to Taproot’s activation.

SegWit was activated on August 24, 2017 and the chart below shows how the price performed before and after the soft fork upgrade. In the few weeks leading up to the activation of SegWit, the price of bitcoin was hovering just below the $3,000 level. After activation, news about the upgrade circulated, causing optimism amongst traders and investors about the price of bitcoin.


Source: TradingView.

The price of bitcoin rose from near $2,700 from when SegWit was locked in reaching highs close to $5,000 in the week after activation, posting an impressive gain of +66% during August 2017.

With Taproot set to go live on the Bitcoin protocol in November 2021, we could see a similar dynamic where the price is boosted by the news of the upgrade and boost the bullish sentiment for the largest cryptocurrency network. Since Taproot also opens the door to further privacy improvements in the future, the upgrade could also have a positive impact on bitcoin’s price evolution as it addresses the cryptocurrency’s biggest weakness: fungibility.

The argument ‘bitcoin is money’ is strengthened if the Taproot upgrade is followed by further improvements to fungibility. While privacy measures such as obfuscating the amounts sent or hiding the addresses involved in a transaction are not enabled by the Taproot upgrade, it lies the groundwork for cross-input signature aggregation.

Cross-input signature aggregation enables transactions to have just one signature regardless of the number of inputs, which makes privacy-preserving Bitcoin transactions (like CoinJoin) a lot cheaper. It also incentivises greater usage of these protocols and increases the anonymity set (the total number of people in the ‘crowd’ transacting bitcoin privately).

By enabling CoinJoins with just one signature, these private transactions become less costly and the on-chain footprint is reduced, appearing on the blockchain as a standard, single-signature transaction. But the complication is how multiple parties can sign with a single signature cooperatively, which is what wallet developers will work on later down the line to make cross-input signature aggregation easier to use and more widespread.

If you enjoyed our article or found it useful, please share it on social media. What do you think about Taproot? Do you think it can kick-start the crypto market and send bitcoin to new highs? Let us know on Discord or via Twitter!

-The Rollbit Team