The Schnorr signature is a digital signature produced by the Schnorr signature algorithm. Its security is based on the intractability of certain discrete logarithm problems. The Schnorr signature is considered the simplest digital signature scheme to be provably secure in a random oracle model. It is efficient and generates short signatures. It was covered by U.S. Patent 4,995,082 which expired in February 2008.
Schnorr’s bitcoin upgrade took its most significant step yet toward implementation last week when influential developer Pieter Wuille unveiled a draft outlining its technical makeup. With the release, the idea, one that’s been in the works by bitcoin developers for years, is one step closer to improving the scaling and privacy of the world’s most valuable cryptocurrency.
Effectively, this sets up Schnorr as the next big change to bitcoin, meaning it will be the largest code change since Segregated Witness (SegWit), a pivotal bug fix that prompted a drawn-out battle in the bitcoin community last year before ultimately being adopted.
At a technical level, adding support for Schnorr, a digital signature scheme, would give bitcoin users a new way to generate the cryptographic keys they need to used to store and send bitcoin. By doing so, it also paves the way for a number of exciting benefits, including tackling privacy and scalability, arguably two of bitcoin’s most worrisome problems.
“It is a building block for a variety of improvements,” Wuille told the online news outlet CoinDesk, adding there are even some further-out improvements that haven’t gotten a lot of attention quite yet. And while Wuille hopes the change will ultimately be adopted, he added it’s “ultimately up to the users” if they want to adopt it – as was the case with SegWit.
Reasons for Schnorr:
1. Security proof: The security of Schnorr signatures is easily provable in the random oracle model assuming the elliptic curve discrete logarithm problem (ECDLP) is hard. Such a proof does not exist for ECDSA.
— Jeremy (@SeasideCrypto) July 6, 2018
Co-authored by several top bitcoin developers, including the likes of Bitcoin Core contributor Johnson Lau and Gregory Maxwell, the technical, math-ridden proposal outlines the exact signature scheme that could be coded in bitcoin.
And while it’s far from that final goal, it’s a necessary piece. Blockstream engineer and co-author Jonas Nick added: “Standardizing Schnorr for bitcoin is a big step towards using it in bitcoin.”
For one, the BIP draft helps to avoid future confusion by proposing a standard that ensures that all developers and merchants eventually implement the Schnorr signature code in the same way.
Though the full description can be read in the highly-technical BIP, the main idea is it describes the math necessary to produce Schnorr signatures, offering an alternative to Elliptic Curve Digital Signature Algorithm (ECDSA), the sole algorithm used to produce keys and verify transactions in bitcoin today.
It’s a lot of tricky math, so it’s no surprise the release sparked technical discussion on the bitcoin developer mailing list. No one came up with significant problem and developers are optimistic, especially since one of Schnorr’s key benefits is that, unlike ECDSA, Schnorr’s security can actually be proved mathematically.
Schnorr will have one thing in common with the signature scheme it seeks to crowd out, though. If this plan is accepted, it will use the same mathematical “curve” that ECDSA uses to produce the keys “secp256k1.”
While Schnorr offers a number of improvements on its own, developers are also excited that it will also pave the way for a range of changes that can be built on top of it, such new privacy techniques.
Right now, it’s obvious when users send so-called “multi-sig transactions,” which are a more advanced type of transaction where more than one person is required to sign off on a transaction, because of bitcoin’s public ledger. But Schnorr pave the way for a technique that will make these transactions look the same as every other transaction.
Nick noted Schnorr will also lead these advanced transactions will be cheaper as well, an important improvement since transactions can grow very expensive in times of congestion.
And it seems like new tech built on top of Schnorr is coming up on a regular basis.
“Due to the wealth of new discoveries lately I believe these technologies should be developed in a step-by-step basis, and my focus for a first step is just Schnorr and Taproot,” Wuille said, referring to the bitcoin improvement “Taproot” proposed earlier this year by another influential bitcoin developer Greg Maxwell to further improve bitcoin’s privacy.
But like with every new technology there’s still a ways to go – Schnorr is a massive project with many moving pieces.
While this BIP proposes a standard for developers to chime in on, Nick noted there’s also a code implementation that’s been in the works for ages, putting much of what’s in the BIP draft into practice.
Plus, once developers fight it out until they decide there are no longer any outstanding problems, developers need to come up with a way to actually add it to bitcoin, among other things.
“The specifics for how to deploy it in bitcoin are still being actively discussed,” Nick said.
Having been through a few so-called “consensus” changes in his years as a bitcoin developer, Wuille gave a particularly long list of things to do.
“Like any consensus change, it will be a long process involving fully fleshing out a draft for integration, publishing it, gathering comments from the technical community and ecosystem, writing implementations of both consensus rules and integration in wallet software, proposing a deployment plan, and if all goes well, get it activated,” he said.
In the email where he introduced the BIP, he added that if the BIP is “accepted” by the broader bitcoin community “we’ll work on more production-ready reference implementations and tests.”
Not to mention, there’s another potential stumbling block on everyone’s minds.
Schnorr is the biggest upgrade to Bitcoin yet. Although changes are being made to bitcoin’s most-used client every day, with code contributions coming from a diverse group of contributors stationed around the world, Schnorr is a rarer type of change, since it affects the most important rules in bitcoin.
SegWit was the last code “consensus” change made to bitcoin, sparking a debate so big, those who disagreed with the change split off and created their own cryptocurrency with SegWit removed.
Hopefully Schorr won’t cause the same uproar.