15. Schnorr signatures – what are they?
Schnorr signatures are digital signatures that increase the privacy and scalability of the Bitcoin network. Klaus – Peter Schnorra, a professor at Frankfurt University, proposed this solution in 1991. He thus modified the El-Gamal and Fiat-Shimar schemes.
Elliptic Curve digital Signature Algorithm
When Satoshi Nakamoto thought of creating Bitcoin, signatures were very little known. Well, when creating Bitcoin, Nakamoto had to choose one of the open-source signature methods anyway. The algorithm also had to meet all security rules. Only ECDSA (Elliptic Curve Digital Signature Algorithm) had such requirements. This algorithm was supported by the OpenSSL protocol. What is it? It is an encryption tool to improve the quality and communication online. The ECDSA itself had significantly lower computational requirements and short keys. And with the use of additional systems, in this case RSA, it provided a considerable level of security. Significantly, the 256-bit ECDSA key provided the same level of security as the 02072-bit RSA key. At the same time, RSA kept a small part of its size.
Developers who worked on improving the elliptic curve cecp256k1 further improved ECDSA. However, the algorithm has shortcomings and deficiencies that needed to be changed. And this is where a new solution, known as Schnorr signatures, comes in. Interestingly, ECDSA’s predecessor was DSA, a hybrid of the ElGamal and Schnorr systems.
In 2008, Claus Schnorr’s patent expired. The exact same year that Satoshi introduced Bitcoin to the world. However, they were not very well known. This is most likely why Satoshi decided to use ECDSA. What do signatures give us?
1. Security. Signatures use a discrete logarithm. They also have the advantage that they use fewer assumptions and have reliable logical proof. The security of signatures is proven by a random oracle.
2. Ease. The application technology using signatures is transparent and intuitive, which definitely makes the work of cryptographers easier.
4. Linearity. They are implemented using linear mathematics. What does this mean? Signatures can be subject to addition and subtraction. The result is a valid signature. The linearity of signatures allows for their aggregation; i.e., combining several public keys into one.
Multisignatures based on Schnorr signatures
Before the introduction of Schnorr signatures, public tests of a new scheme – multisignatures based on the technology of these signatures – were announced. The tests were intended to gather feedback in order to introduce error-free working code
in the future. Multisignature schemes assume that users of a given system have full control over when and how their keys are generated. In reality, however, as is evident in the Bitcoin network, many users do not have access to their private keys. Nor do they have control over how they are created. This is why changes have been proposed – Multisignature based on Schnorr signatures.
Schnorr signatures – implementation
The BIP – 340 standardization was used for their implementation, which allows integration with the Bitcoin protocol. The upgrade does not cause any drastic changes to the Bitcoin network environment itself. The use of this scheme is considered the best that exists. Its mathematical properties ensure very high calculation accuracy. Transactions are confirmed very quickly. The introduction of Schnorr signatures into the Bitcoin system is so imperceptible that only hyper-vigilant network users will notice changes in the SegWig address. The signatures will not replace ECDSA in Bitcoin. They will co-exist together.
Schnorr Signatures part of Bitcoin’s Taproot
Curiously, Schnorr Signatures is closely related to Bitcoin’s Taproot. Taproot, or BIP 341, is the other part of the ‘offering’. Related to Schnorr, Taproot and Tapscript. If Schnorr offers us a new type of signature, then Taproot extends their functionality. It introduces a new version, resulting from the transaction, and a new way of specifying spending conditions.
The Taproot update includes two elements in particular that result in greater privacy and efficiency:
- Schnorr signatures, a “new” signature algorithm that is in many ways more efficient than ECDSA, although both belong to the same family of elliptic curves,
- an implementation of MAST (Merkelized Abstract Syntax Tree), called Taproot. It is therefore necessary to distinguish between the global update and this particular element of it, which shares the same name.
Schnorr signatures are not only more efficient (understand: faster verifiable), but above all they have a very interesting linearity characteristic of multi-signature addresses and transactions, which will become indistinguishable from more traditional single-signature addresses and transactions. When combined with MAST, they will also allow only the actually used part of the script to be revealed, thus saving block space and keeping other script conditions secret.
Schnorr multisignatures – how they work
Digital signatures must provide proof that a transaction has been signed by the owner of a particular private key. In fact, it appears that the vast majority of Bitcoin users send their transactions with only one signature. This is identified by the sending address of the owner of that key. Multi signatures provide the same cryptographic proof for multiple wallet owners. Then each owner has the ability to generate their
own signature. Schnorr signatures is a special multisignature. It is small – only 64 bytes and very easy to verify.
For bitcoin to be adopted en masse, it needs to have the highest possible level of security. The growing interest around the topic of digital currencies, cryptocurrency exchanges makes bitcoin both evolve and expose itself to potential threats. The advent of Schnorr signatures in Bitcoin Core solves two major problems – privacy and the long-term stability of the network without blockchain rewards.
Find your favorite cryptocurrencies on Kanga Exchange