Schnorr Signatures Explained
Nov 4, 2019
As a follow up to our Why Privacy in Bitcoin Matters piece, here is a brief explanation of Bitcoin transactions and Schnorr signatures. Note that we will cover some of the basics below, but this is a slightly technical explanation and some knowledge of Bitcoin transactions is recommended.
Schnorr signatures are a proposed method for improving both scalability and privacy of the Bitcoin network, particularly with multi-signature transactions, through the aggregation of signatures.
To the Basics...
First, it’s important to understand how Bitcoin transactions and signatures work. A signature is what proves that a user is the owner of a set of private keys and is authorized to spend those bitcoins.
Bitcoin transactions work on a system of inputs and outputs. Bitcoin transactions take outputs from a previous transaction (an unspent transaction output, UTXO) and turn them into inputs to construct a new transaction, with each input requiring its own individual signature - hence, multi-signature.
In other words, “The UTXO consumed by a transaction are called transaction inputs, and the UTXO created by a transaction are called transaction outputs. This way, chunks of bitcoin value move forward from owner to owner in a chain of transactions consuming and creating UTXO,” as explained in Andreas Antonopoulos’ Mastering Bitcoin.
Technically speaking, Bitcoins are not individual coins or units, they are just a summed balance of the transaction paths in your wallet. So, while your wallet reads a total balance of 1 bitcoin, this may be made up of two inputs, say input 1 of 0.5 BTC and input 2 of 0.5 BTC.
Sending 1 bitcoin would then require two signatures in this case. Still, the value is indeed 1 bitcoin, and thanks to modern-day wallet UXs, users can send and receive as such.
Schnorr Signatures in Practice
Let’s take an example assuming that Bob wants to send Alice 0.5 BTC.
Bob’s wallet shows a total balance of 0.51 BTC and he’s about to send his entire balance. The transaction will be constructed with the following inputs:
1. Input 1: 0.25 BTC
2. Input 2: 0.15 BTC
3. Input 3: 0.10 BTC
4. Input 4: 0.01 BTC, which will be used to pay a fee on the network.
Currently, without Schnorr signatures, Bob will send Alice three inputs, having her receive three outputs, totaling 0.5 BTC as intended. The inputs used in Bob’s transaction constructed the proper 0.5 BTC amount for Alice.
Thus, Alice would receive:
1. Output 1: 0.25 BTC
2. Output 2: 0.15 BTC
3. Output 3: 0.10 BTC
Note that Bob had to sign three different inputs for this transaction. In this event, Schnorr signatures would aim to aggregate all of those required digital signatures into one digital signature that represents all of the inputs. This makes the transaction size much smaller. Instead of recording three signatures to the Bitcoin ledger, there is now one.
Schnorr signatures are also useful in multi-signature transactions where multiple parties are involved.
With the Schnorr signature setup, multiple signers can jointly create a public key and then sign together as one, which again improves scalability and privacy compared to having each public key and private key have their own individual signatures.
Put simply, multi-signature transactions will be shown on-chain just like a transaction with one signature. They will be virtually indistinguishable to single transactions, which makes tracking transactions more convoluted. Additionally, the aggregated signatures make for smaller transaction sizes, which saves space and improves scalability.
Schnorr signatures are one example of a thoughtful, scalable, and enhanced privacy implementation that Bitcoin developers are looking into. There is a reason many other projects have issues with scalability, privacy, and fungibility. It is a delicate balancing act.
Join in the conversations today:
Telegram : https://t.me/breadchat
Twitter : https://twitter.com/brdhq
Facebook : https://www.facebook.com/brdhq
YouTube : https://www.youtube.com/c/Breadbitcoinwallet
Instagram : https://www.instagram.com/brd_wallet/
General updates mailing list : https://breadapp.com/keep-me-updated/