Bitcoin is upgrading.
Taproot, the Bitcoin protocol upgrade that makes smart contracts more private and compact, has locked in. As of just now, more than 90 percent of all blocks that will be mined in the current difficulty period have signaled support for the upgrade, which means that Bitcoin Core versions 0.21.1 and newer will start enforcing the new rules in November of this year, as will the alternative Taproot activation client.
Taproot is the first Bitcoin protocol upgrade to go live since Segregated Witness activated in 2017. First proposed by former Blockstream CTO Gregory Maxwell and developed by Bitcoin Core contributors including Pieter Wuille, Anthony Towns, Johnson Lau, Jonas Nick, Andrew Poelstra, Tim Ruffing, Rusty Russell and Maxwell himself, Taproot will make Bitcoin’s smart contract features more compact, potentially more private, and in some cases a bit more flexible. As a soft fork, the upgrade is backwards compatible as long as a majority of miners enforce the new rules.
Taproot really consists of two big upgrades rolled into one. The first is the introduction of Schnorr signatures. Many cryptographers consider the Schnorr signature scheme to be the best in the field, as its mathematical properties offer a strong level of correctness, it doesn’t suffer from malleability and it is relatively fast to verify. The most notable benefit in the context of Bitcoin, however, is that Schnorr’s “linear math” enables a new class of smart contracts, where tweaks to a signature can be used to embed various spending conditions.
This tweaking of signatures is used for the second part of the upgrade, which is the part that’s really called Taproot itself. Leveraging cryptographic tricks like Merkle trees, Taproot lets users cryptographically combine several spending conditions in a single output (simplified, in a single “address”). The funds in this address can be spent in multiple ways, for example by different people depending on which other conditions are met.
To a large extent this is already possible on Bitcoin, but Taproot lets these different people cooperate to make the transaction that spends the funds indistinguishable from regular (single user) transactions. This is more efficient because not all potential spending conditions need to be revealed when the funds are spent (translating into lower fees), and it is more private because such transactions better blend in with other transactions. (As a notable example, Lightning channel closing transactions can be made to look like regular payments.)
Activating upgrades on the Bitcoin network has in the past sometimes proven difficult. The Segregated Witness activation process, in particular, turned into a bit of a battleground, where (some) miners refused to activate the upgrade, until (some) users presented them with a somewhat controversial ultimatum in the form of a user activated soft fork (UASF), defined in BIP148.
For some time, this controversy…