Sunday, June 27, 2021
I recently met a local business consultant named Mark on the way to Miami for the Bitcoin conference. He asked me a question: "What do you think of Taproot?"
Ah, a small question with a big answer! I'm really excited about it, but perhaps for more reasons than most might realize.
While this article will be quite technical, hopefully it will be approachable enough to be of value to those who wish to gain a greater understanding of the technological underpinnings behind Bitcoin in order to have better ways to put the concepts into context, providing a foundation upon which one can become conversational on the topic. Immersing oneself in the technical language of a particular subject matter often helps one to feel more comfortable with it.
I also like to sprinkle in a good bit of philosophy in all my articles to highlight their big-picture significance. Technology developed without sound principles often lacks merit and can even be unethical. Bitcoin— the world-changing technology that is— deserves better than a dry analysis of its technical details, because it is so much more than that. Incorruptible, uncensorable, trustless money could transform civilization as we know it.
I try to do everything I can to help explain and communicate the concepts behind Bitcoin. I want it to be successful at becoming the best form of money available, above all others. It's my opinion that those who are not yet Bitcoin maximalists just don't yet know enough about Bitcoin.
Oh! One more thing. While I've been a professional technologist for quite some time, as surprising as it might sound, I honestly haven't taken Bitcoin as seriously as I should have until just this year. I've had to do a lot of catching up and my knowledge in some areas might be incomplete or incorrect. If you have better insight than I do, please don't hesitate to share. And if something is unclear, be sure to ask questions!
Back to the subject at hand. One thing Taproot does is it adds a P2TR addresses, which are a constant size (32 bytes plus a version byte), which makes it so script addresses such as multisig contracts look the same on-chain as regular spending addresses. The reason this is significant beyond just multisig wallets is that the part of a Lightning channel that's put on-chain is actually a 2-of-2 multisig contract. HTLCs don't get put on-chain, but they are communicated between nodes via the Lightning network, and are basically a hashed random number that's been signed by the same key used in the multisig contract for that channel. It can't be guessed, but—like all Bitcoin Script contracts— it can be proven if it's been signed by the spender, and these are then used as a sort of substitute for Layer 1 payments using the Lightning network.
Technically, all Bitcoin transactions alter chain state using contracts written in Script (or TapScript, MiniScript, Sapio, etc., which make scripts easier to write, especially safely, while also allowing for greater complexity), but we used to have different kinds of addresses for whether a hash of a public key was used vs a hash of a script. Now, all Taproot addresses are the public keys themselves (not hashes), encoded using bech32 (as opposed to other encodings, such as base64, base58, hexadecimal/base-16, octal/base-8, or binary/base-2, all with their own individual applications and purposes), which are the addresses we use that begin with bc1. Anything signed by the public key can be validated against its signature. And in the case of Taproot, both the signature and public key are published along with every transaction and are bundled along with many other transactions into blocks that are mined indelibly into the immutable blockchain.
The use of the public key rather than a hash-of-a-hash-of-a public key, such as in the older Pay-to-Public-Key-Hash (P2PKH) address format could have consequences should quantum computers ever have the capability to derive the private key to a public key before a transaction is included in a valid block, and this possibility was raised during Taproot's development. However, unless the transaction is marked as being capable of being replaced by a higher fee (this is optional), once submitted to the network, it shouldn't be possible to replace it. And once it's been mined, it's immutable, barring reorg attacks (unilateral blockchain rewrites that override trustless consensus), which quantum computers as we know them shouldn't be any better at than classical ones.
Schnorr signatures, another new feature of Taproot, are interesting in that they allow multiple private keys create aggregated public keys. This could increase the complexity of the problem sufficiently that a quantum computer might not be able to derive all keys necessary for a third party to spend scripts signed by a specific public key. Whether or when this may become an issue is unknown, but if it were, such existential threats would have dire consequences for many commonly-used forms of cryptography beyond just cryptocurrency. And those living in the analog world find ways to deal with such a crisis that might make it seem like Y2K many years ago, or the "Unix 2038" problem a couple decades from now— It's important to remember these are merely digital problems, not natural disasters or global pandemics.
In the end, imagined crises without precedent are not a good excuse to ignore Bitcoin's benefits as a sound money that will reduce wealth inequality around the world, will limit any country's capability to wage perpetual wars, and will accelerate the transition to renewable energy. These are, to put it lightly, bold claims, but rest assured that I will address them in future articles.
Now, one thing that bears mentioning for newcomers is, Bitcoin scripts differ from Ethereum smart contracts in a few ways. One is that Ethereum contracts have a global state that can be shared amongst multiple "users" (those with wallets signing transactions that interact with a run methods that alter state within a smart contract). This then influences what is possible with the language, such as looping over data structures, and they can call other methods, even methods within other smart contracts deployed to Ethereum.
Bitcoin scripts, on the other hand, are primarily dependent upon their inputs and outputs, and lock and unlock depending upon certain conditions around whether things like a particular public key validates against a message signature, thus validating the transaction for anyone who can prove they can sign transactions with their private key upon revealing both the private key and the script that is used to spend, or at least, provide transaction outputs.
Both, however, are deterministic (in that they run the same each time given the same inputs and outputs, with no random behavior or "side-effects"), stack-based languages that have branching conditions allowing for complex logic to be evaluated, usually within the context of money and accounts. Bitcoin does differ in that not all script paths need to be revealed when spent; only the parts relevant to and needed to validate the spend. This behavior in particular is optimized by TapScript.
TapScript, like all computer code, is basically instructions (op codes) that are arranged in logic trees (code branches). Huffman coding is a sort of compression algorithm based on top of that, which de-duplicates code branches, and by using the Merkle property, in addition to public keys for these signed script hashes, these de-duplicated branches are secured by the hash at the root of the tree. Then, when the contract is to be spent, only the code branches that correspond to certain Merkle hashes of code branches are revealed.
This opens up the opportunity to use more sophisticated and complex on-chain contracts, which is the foundation for layers built upon it. Lightning enables forms of trustless consensus around even more sophisticated contracts, enabling fully decentralized client-side validated tokens, NFTs, identity and naming solutions, swap and lending contracts, and others, all built upon Bitcoin-based technologies. I'll write about a few of those in upcoming articles.
The process behind the development and activation of Taproot is a little messy, and the entire process isn't even expected to be complete until next year, but it's also a beautiful and inspiring exercise in decentralized governance that belies the culture of libertarian ideals in addition to a conservative and deliberate approach to development that provides so much value to Bitcoin. If fundamental properties of Bitcoin were changed as often as other currencies are (fiat or otherwise), such as supply and issuance, this would undermine the fundamental value of cryptocurrency: Stability and predictability throughout time in ways no other thing subject to the various whims and desires of humanity can ever hope to achieve. Bitcoin transcends this and is valuable because it has changed so little, which allows us to lower our collective time preference as a civilization that sorely needs the means to conduct business with money that cannot be unilaterally manipulated by anyone or anything without slow, calculated, deliberate consensus.
In conclusion, Taproot supercharges things Lightning needs to be successful— much like how SegWit did before it, making Lightning safe to use in the first place. Hopefully this will help readers understand Bitcoin better, and hopefully reduce friction to mass adoption little by little, one article at a time.
Remember: Friends encourage friends to learn about Bitcoin! Consider reaching out to others and explain patiently and encouragingly. Mass adoption of Bitcoin must occur with a sense of kindness and through its merit as a sound and powerful money.