The Bitcoin Taproot upgrade is imminent: what are its sources, content and impact?

In the near future (around November 14, 2021), Bitcoin will usher in an important soft fork to upgrade Taproot. More than 90% of the miners have agreed to this upgrade, so it is unlikely that there will be a SegWit upgrade. Community fork debate. It seems that this upgrade has not attracted much attention, but there are also many articles calling it the most important upgrade.

What exactly is the Taproot upgrade, and is it really exciting?

Taproot itself means taproot plant, which is probably like the picture below. Gregory Maxwell, the creator of Taproot, explained that he hopes that in the process of bitcoin transaction payment, he can focus on the big main root like a main root plant, while hiding unnecessary small branches.

The road to the impossible triangle

No matter what kind of blockchain is upgraded, it will ultimately solve the impossible triangle problem in the blockchain. The impossible triangle theory in the blockchain world was proposed by Vitalik in an article titled “On sharding blockchains”. It means that it is very difficult to achieve the three conditions of decentralization, security, and performance (efficiency and scalability) at the same time in a blockchain network. The reality is that when we improve certain two conditions, we have to use Sacrificing the third condition is the price.


In fact, the Taproot upgrade did not break away from this big framework. Taproot upgrade mainly corresponds to two aspects. The first purpose is to further improve its anonymity, that is, to further improve security. On the other hand, it is expected to improve the performance of the transaction by changing the data structure of the block itself and reduce the unnecessary data burden in the transaction.

Decompose Taproot

Taproot upgrade is a collective term for three complementary BIPs, including Schnorr signature (BIP 340), Taproot (BIP 341) and TapScript (BIP 342).

Schnorr signature

The Schnorr signature was proposed by the German cryptographer Claus Schnorr, but due to patent reasons, the Schnorr signature was not available for free use until 2008, which made the Bitcoin born in 2008 miss it (here refers to the original paper published in 2008) , Using ECDSA signature.

At present, Schnorr signature almost surpasses ECDSA signature in terms of performance and security. More importantly, Schnorr and ECDSA use the same elliptic curve algorithm, so it is easier to implement upgrade issues. Among them, the most eye-catching part of Schnorr is the aggregate signature that acts on the transaction output level.

Under the condition of multi-signature, we often have to put multiple signatures into the transaction data, especially when there are many signatures, which will bring a lot of transaction fees and memory burden. But with aggregate signatures, we can combine multiple signatures into one signature, as shown in the figure below.


Similarly, under the Schnorr signature, public keys can also be aggregated, which greatly improves the performance of the Bitcoin network during transactions.

When verifying, traditional ECDSA can only support one-by-one verification, but Schnoor benefits from its aggregation idea and can perform batch verification on nodes.


We know that anonymity has always been an important security issue that Bitcoin pursues. At the address level, although the pseudo-anonymity of Bitcoin addresses isolates the physical world identity and the world address on the chain to a certain extent, different transactions and address types But it is very obvious. The transaction types of the following addresses are clear at a glance, which leads to the possibility of attackers performing address analysis on transactions.

The Bitcoin Taproot upgrade is imminent: what are its sources, content and impact?

The goal of Taproot is to improve the anonymity of Bitcoin addresses so that all addresses look the same. You cannot analyze the type of transactions from the addresses. Using Taproot can merge independent P2PKH and P2SH, making it indistinguishable from each other, but the transaction fees they bear are the same, and this is exactly the use of Schnorr’s ideas.

At the same time, Taproot uses Schnorr to create Merkel abstract syntax trees (MAST, a data structure that combines abstract syntax trees and Merkel trees). In the previous situation, suppose we have a transaction. The conditions for this transaction are that user A can use the transaction 30 days before the transaction is initiated, and user B can use the transaction 30 days after the transaction is initiated. In the end, no matter who uses the transaction, the information of users A and B will be exposed, which is obviously unnecessary.

In MAST, only the user who used the transaction will be exposed, while the information of another user will be hidden, which greatly protects the user’s privacy.


BIP 342 is about the specific content of Taproot script implementation. It adds some opcodes for execution and deployment of Taproot, Schnorr, soft fork and other code-level functions, such as “OP_CHECKSIGADD”. Inefficient opcodes such as “OP_CHECKMULTISIG” and “OP_CHECKMULTISIGVERIFY” are disabled. Revised “OP_CHECKSIG” and “OP_CHECKSIGVERIFY” to provide Schnorr functions. The content of the Bitcoin script has been improved as a whole to adapt to the Taproot upgrade.


In summary, Taproot upgrade does have some highlights, but more Taproots are more like improvements and supplements to SegWit legacy issues, as described in the summary in bip-0341: “This document proposes a new SegWit version 1 output type …” This is just a new solution at the output level of SegWit.

Another problem is that Taproot upgrade is a soft fork, including Schnorr’s real activation will not start until next year, so the upgrade process of Taproot itself will not happen overnight. If P2TR (address under Taproot) fails to become mainstream, then P2TR obviously did not achieve its purpose of anonymity at other addresses.

In addition, there is another voice questioning the actual effect of Taproot, which believes that Taproot will fragment the address space, making it easier for attackers to analyze.

For ordinary users, the most intuitive benefit of Taproot is that it reduces transaction costs and improves the anonymity and efficiency of transactions. In any case, how the Taproot upgrade will affect Bitcoin, and whether it can achieve the expected goal, has only to be verified by time.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Leave a Reply