Schnorr Signature BIP Proposal Could Come Within Two Weeks

Colin Muller

Bitcoin developer, cryptographer, and head of research at Blockstream Andrew Poelstra has suggested that an official proposal to upgrade Bitcoin with Schnorr signatures could come “in the next couple of weeks,” and be submitted to the Bitcoin developer mailing list. Poelstra added that the possibility exists for Schnorr signatures to be implemented on Bitcoin during 2020. These statements came days ago during a What Bitcoin Did podcast, hosted by Peter McCormack.

I hope that in the next couple of weeks, we should finally write down a proposal and submit that to the Bitcoin mailing list. We've been going back and forth a whole lot, on this thing called 'sigcash no input', which unfortunately is kind of tangential to everything else.

Andrew Poelstra

ECDSA and Schnorr

Schnorr signatures are a big deal, and could significantly improve both privacy and space efficiency on the Bitcoin network, without even the need for a hardfork. Bitcoin currently uses what is essentially a workaround version of Schnorr signatures for its signature-signing needs, called Elliptic Curve Digital Signature Algorithm (ECDSA).

ECDSA was developed as a standardized, open-source alternative to the much simpler and admittedly better Schnorr signatures. The ECDSA workaround was necessary because the inventor of Schnorr signatures, Claus Schnorr, patented his innovation in the 80’s - a condition that cryptography standards bodies were not willing to accomodate, according to Poelstra.

The patent on Schnorr signatures expired in 2008, just as Bitcoin was undergoing its initial development by Satoshi. Although it then became freely available, it was not widely supported because it had just hit the market, as it were. For this reason, ECDSA was chosen as Bitcoin’s standard signature solution by Satoshi.

In the ensuing ten years during which Bitcoin has been alive, Schnorr signatures have seen support and development in the cryptography community, such that they have become mature enough to use on Bitcoin.

Schnorr signatures can “aggregate” any number of transactions and/or private key holders into a the space of a single signature. This may save nodes and miners having to verify each individual signature in a block. What’s more, it can allow aggregated and multi-signed transactions to look like any other transaction - meaning single, multi-signatured, and even Lightning Network transactions will all look identical.

This is because Bitcoin’s current multi-signature regime, the far more cumbersome Pay-to-ScriptHash (P2SH), requires a special format of address that is a giant flag to blockchain observers, broadcasting that a multi-signature transaction has gone through. Signature aggregation under Schnorr would make such transactions effectively invisible.

Ready to Go

During the podcast, Poelstra - who is also one of the principal developers of the Grin privacy coin - said that Blockstream “pretty much have [Schnorr] code already [written for] [Bitoin] Core." Indeed, a draft proposal of the Schnorr signature upgrade is already on the web.

He said that this code would be incorporated into the next Bitcoin Core release, unactivated, lying in wait as it were for the launch to be approved after “a discussion about [...] the actual activation parameters” takes place.