New Bitcoin ETF stalls, DAO loses bid for US Constitution
Understanding the Taproot upgrade and Bitcoin’s shifting value proposition
With regulators already eyeing privacy-enhancing tools, is Taproot really that bullish for BTC?
Bitcoin’s first upgrade in more than four years is now live on the network. The long-awaited Taproot soft fork activated at block height 709,632, which was mined on Nov. 14, 2021. The upgrade has been heralded as a serious boon for the network’s privacy, efficiency and functionality.
Taproot’s implications are far-reaching. However, beyond the most passionate Bitcoiners, the soft fork activated with few fireworks and little fanfare. Days after the upgrade, BTC continues to trade in the high-$50,000 zone — reasonably close to its previous all-time high, set in spring 2021.
In this OKEx Insights in-depth article, we’re putting Taproot under the spotlight. We begin by giving a quick “TLDR” of the upgrade for those readers looking for a brief overview of Taproot and its implications. Next, we go into more technical details about the upgrade, its history and its likely impact. Concluding, we analyze the price action surrounding Taproot and speculate as to why the market seems indecisive over its advantages and disadvantages.
Table of contents:
- Taproot — TL;DR
- Taproot explained
- Taproot’s benefits to Bitcoin
- BTC price’s ambivalence toward Taproot
- Privacy — the double-edged sword
- Is Taproot bullish for Bitcoin?
Taproot — TL;DR
The cryptography and other technical details that go into an upgrade like Taproot are complex, and some of the concepts discussed in this article — particularly under the “Taproot explained” header — may go over the lay reader’s head. We offer this “too long; didn’t read” section to those interested in Bitcoin’s development but who lack the technical background to fully grasp everything featured in this in-depth article.
Put simply, Taproot is an upgrade to the Bitcoin protocol that aims to increase privacy on the network. It achieves this by introducing a change that makes all transactions, regardless of their complexity, look the same. Pre-Taproot, companies like Chainalysis, which attempt to track BTC transactions and link wallets to identities, could glean insights into a network user’s spending habits and make connections between multiple users based on their activity.
By making transactions appear the same, regardless of whether the BTC being spent has one, two or even a hundred possible recipients, Taproot significantly improves privacy on the network. However, data relating to those sending and receiving funds is still public. As such, the upgrade does not give Bitcoin Monero-level privacy. To say that Taproot improves privacy is perfectly accurate. However, to claim, as some have, that Taproot instantly renders companies like Chainalysis irrelevant is not true.
The Taproot upgrade also reduces the amount of data the blockchain needs to hold by simplifying transactions. Each block is limited in the amount of data it can hold. When there are more transactions waiting to be added to the blockchain than space available, users can incentivize the network’s miners to record their transaction quickly by increasing the fees they include. As Taproot optimizes how data is recorded, it should mean that more transactions can fit into each block before this fee auction dynamic kicks in. In other words, it results in lower overall transaction fees.
The final improvement Taproot introduces is the ability to create more complex transactions. Although transactions requiring multiple signatures to spend funds were possible pre-Taproot, Bitcoin’s new scripting language makes creating complex transactions simpler. This effectively improves the blockchain’s utility. However, the new scripting language does not enable the kind of programmability possible on blockchains like Ethereum. As such, decentralized finance in the form we know it on other Layer-1 blockchains is still not possible on Bitcoin, even though Taproot inarguably improves the network’s functionality.
Although referred to as a singular upgrade, Taproot actually comprises three Bitcoin Improvement Proposals rolled into one. A BIP is the formal method by which the Bitcoin community suggests protocol changes. Anyone can create a proposed change and submit it for discussion via a communication channel such as the Bitcoin email list.
Should the proposal pass this initial discussion phase, in which it is tweaked and glaring issues are ironed out, it is assigned a BIP number and added to the Bitcoin Core GitHub repository. Following its publication, a second, more rigorous round of discussion takes place between Bitcoin community members while developers work on any required code. If the proposal passes again, it is merged to the Bitcoin Core library and progresses to the activation stage.
Since Taproot involves changes to the network’s consensus rules, it required explicit activation. The process began in March 2021 via what was called a “speedy trial” and was met with resounding support from node operators, with almost all mining pools signaling their approval by June or earlier. Following the network accepting the upgrade, node operators were given six months to upgrade their software ahead of Taproot’s implementation. That period culminated on Nov. 14, the day the upgrade went live on the network.
The three proposals comprising Taproot are BIPs 340, 341 and 342 — each co-authored by Bitcoin Core developers Pieter Wuille, Jonas Nick and Anthony Towns.
Bitcoin Improvement Proposal 340
BIP 340 details the implementation of a new form of digital signatures to the network. Before Taproot activated, Bitcoin used the Elliptic Curve Digital Signature Algorithm to calculate a public key from a private key by multiplying the latter with a point taken from an elliptic curve. Replacing signatures generated using ECDSA post-Taproot are those created using the Schnorr signature scheme.
Although they have functioned well enough throughout Bitcoin’s history, notable developers have criticized the ECDSA signatures. As early as 2012, Bitcoin developer Mike Hearn wrote about the “bottleneck” the algorithm caused, arguing that a more efficient signature mechanism would be less computationally intensive and result in greater scalability. In 2014, cryptographer Adam Back began discussing Schnorr signatures as an alternative.
Invented in the 1980s, most cryptographers have long agreed that the simplicity of Schnorr represents an improvement over alternatives. However, until 2008, Schnorr signatures were under a patent held by the algorithm’s creator, Claus-Peter Schnorr. As such, the algorithm was not standardized like the much more widely used DSA — an earlier variant of ECDSA. In fact, at a 2016 Scaling Bitcoin conference, Wuille pointed to the more formal standardization of ECDSA as the likely reason it was chosen for Bitcoin.
The GitHub repository for BIP 340 also details ECDSA’s shortcomings. Firstly, the scheme is less provably secure than Schnorr signatures, as argued in a 2016 report titled “On the Provable Security of (EC)DSA Signatures.” Secondly, transaction IDs could be manipulated under the ECDSA scheme, which created a short window in which an attacker could fool computer systems into sending multiple transactions. Known as the “transaction malleability” problem, the controversial now-defunct exchange Mt. Gox reportedly fell victim to this attack in 2014, just before it went offline. The 2017 SegWit upgrade aimed to fix this by moving signature data outside of the block itself. Schnorr signatures, which have been proven to offer greater non-malleability with fewer security assumptions, should eliminate any remaining risk.
Schnorr signatures address these two drawbacks, but their main appeal lies in their linearity. The scheme makes it much less computationally demanding to combine signatures provided by multiple cooperating parties. Combining signatures under Schnorr generates a single signature that is valid for the entire balance held. As the BIP repository explains:
“This is the building block for various higher-level constructions that improve efficiency and privacy, such as multisignatures and others.”
Bitcoin Improvement Proposal 341
Itself known as the Taproot proposal, BIP 341 builds on ideas from previous BIPs — namely BIPs 340, 114 and 117. Whereas BIP 340 details Schnorr signatures in relation to Bitcoin, BIP 341 focuses on its integration with the network using the Merkalized Abstract Syntax Trees from BIP 114 and BIP 117. MAST was first proposed by Johnson Lau in 2016 and later elaborated on by Gregory Maxwell in 2018.
MAST improves the blockchain’s capacity to store complex transactions by organizing the data more efficiently than Bitcoin’s original scripting implementation. It does this using Merkle Trees — a form of data structure in which transaction data is hashed together to produce a result requiring just a single verification. Before the introduction of MAST, complex transactions requiring multiple scripts would require the sender to pay more as they required more block space. Additionally, transaction complexity was limited as most nodes reject transactions over 10,000 bytes to prevent DDoS attacks.
BIP 341 introduces a new version for transaction outputs called Pay-to-Taproot. A user transacting with P2TR can pay either a single Schnorr public key or one of the scripts contained within a Merkle Tree. Subsequently, the funds can be spent by the holder of the private key corresponding to the Schnorr public key used or by a user who satisfies the conditions detailed in one of the scripts contained within the Merkle Tree.
The important point here is that there is only one public key for both scenarios because the Schnorr scheme can efficiently aggregate multiple keys. Again, the main benefit here is privacy. Both an output associated with a simple Pay-to-Public-Key transaction and one associated with a more complex transaction involving scripts connected in a Merkle Tree look identical on the blockchain. Moreover, before P2TR, additional details were leaked to the blockchain, including the fact that a script has been used at all, the details of other potential signers, the tree’s height and even, by extension, clues to the wallet software used.
Bitcoin Improvement Proposal 342
BIP 342 provides an update to Bitcoin’s scripting language. The BIP and the new language are both known as Tapscript. Essentially, the upgrade modifies Bitcoin’s opcodes to enable the network to verify Schnorr signatures.
Although only BIP 341 is technically called Taproot, the three BIPs were introduced in a single upgrade that has taken the same name. Additional related improvements are also planned for Bitcoin. These include Graftroot, which enables additional flexibility for spending multi-sig outputs, and G’root, which further enhances privacy. However, they were not added to the November soft fork. BIP 341 describes the rationale for this decision:
“Combining all these ideas in a single proposal would be an extensive change, be hard to review, and likely miss new discoveries that otherwise could have been made along the way. Not all are equally mature as well. […] Separating them all into independent upgrades would reduce the efficiency and privacy gains to be had, and wallet and service providers may not be inclined to go through many incremental updates. Therefore, we’re faced with a tradeoff between functionality and scope creep.”
Taproot’s benefits to Bitcoin
As explained, the Taproot upgrade offers several improvements. OKEx Insights contacted a Bitcoin Core developer, who wished to remain anonymous, to explain its advantages. In addition to Schnorr’s improved composability, they stated:
“Taproot makes it possible that ‘script-spends’ look exactly like ‘key-spends’ on-chain. This allows arbitrary smart contracts to (1) leave a smaller footprint on-chain, thus consuming less fees, (2) increase the privacy of the participants of the smart contract since the execution of their contract looks like a ‘key-spend.'”
Space saving = fee saving
Much of Bitcoin’s development has historically focused on scalability. Yet, the network operates in a sort of Catch-22. On the one hand, decentralization is a crucial defense against external attacks. As such, the blockchain’s data storage requirements must remain low to enable as many participants as possible to operate a validating node.
On the other hand, keeping the blocks small introduces usability issues when demand for block space — i.e., the number of users transacting simultaneously — grows and users attempt to outbid each other’s fees to ensure timely transaction settlement. As we have seen on more than one occasion during BTC’s history, the fees required to incentivize miners can grow to levels that make transacting on-chain unfeasible for some users.
The Lightning Network is one effort to address this. By moving transactions off-chain into trustless payment channels, the scaling solution reduces the number of on-chain transactions. Theoretically, this results in lower transaction fees for other BTC users making payments on the mainchain.
Another scaling method — and one that the Taproot upgrade leverages — is to optimize data so that more transactions can fit into each block. SegWit took this approach in 2017. The soft fork upgrade reduces the block space required by removing the digital signature itself from the block and adding it to a structure at the end of a transaction. As the signature is the largest part of a transaction, SegWit results in more space on-chain for additional transactions and reduces the pressure to outbid other users when paying fees.
Taproot’s new addresses are actually a version of SegWit. The address format introduced in the earlier upgrade is known as SegWit Version 0, and those associated with Taproot are SegWit Version 1. SegWit v0 outputs use different script rules for each of its two forms of address. In Taproot, transactions follow the same rules, regardless of complexity, and script-like behavior can be encoded directly to public keys with tweaks to the data. By not requiring hashes to be revealed as before, the block space needed is reduced.
Mark “Murch” Erhardt, an engineer at Chaincode Labs, explained the savings in a detailed Twitter thread about the Taproot upgrade. As outlined in his table below, Taproot outputs are actually slightly larger than even non-SegWit single-signature or multi-sig transactions. However, when it comes to constructing an input, Taproot is much more efficient.
The benefits that most observers are excited about are Taproot’s improved privacy and its impact on the network’s overall functionality. Firstly, by making all transactions appear the same on-chain regardless of the number of possible scripts used, it becomes impossible to determine which transactions are complex and which are simply paying to a single key. While it does not obfuscate keys from the blockchain entirely, it reduces the efficacy of the tools used by blockchain forensics firms like Chainalysis to identify Bitcoin users.
Is Bitcoin DeFi on the horizon?
The other much-celebrated improvement Taproot brings is the simplification of more complex transactions thanks to Schnorr’s linearity. As such, the term “smart contract” has been associated with the Taproot upgrade, which has led some to speculate that Ethereum-like applications will soon be coming to the network.
However, as author and developer Jimmy Song explained on the Bitcoin Magazine podcast, that isn’t quite the case. After stating that Bitcoin still lacked Ethereum’s Turing-complete programming language, he added:
“I wouldn’t say that competing with what Ethereum’s doing is anything that we really want to be doing on Bitcoin. I think that is kind of up for debate though — certainly, people are trying to do that. But it does allow for developers to make smart contracts in an easier way. It’s a lot easier to reason about and probably will be reflected in the user interfaces people are going to see.”
Song also provided some of the kinds of complex transactions that are now possible post-Taproot. Using the example of a secure wallet backup without reliance on some third-party company, he detailed a situation in which a multi-sig contract built natively using common wallet software could help avoid the loss of funds in an emergency.
Similarly, a Bitcoin Magazine article by the pseudonymous Block Digest host Shinobi discusses possible inheritance schemes enabled by the upgrade:
“Imagine things like inheritance schemes where after a year or so your children can spend your coins, or in the event that you refuse to sign, your wife and a lawyer have a potential path to recover coins. Nothing about these spending conditions is revealed to the public unless they are actually used. This two-fold process provides plausible deniability for other parties involved in different spending branches you construct as to their involvement in that UTXO, as well as protects them from a thief or attacker.”
The Taproot upgrade has sparked debate about the scope of Bitcoin’s smart contracts. As Shinobi detailed in a Twitter thread, Bitcoin has always allowed a form of a smart contract. Only it does not, by intention, enable the “fully expressive” contracts used to create the DeFi applications with Ethereum’s Turing-complete programming language, Solidity. For Shinobi, Song and many other Bitcoiners, this is a “feature not a bug” in that it reduces potential security vulnerabilities.
BTC price’s ambivalence toward Taproot
Despite clearly improving Bitcoin’s privacy, utility and cost-effectiveness, the BTC price did not seem to respond much to Taproot’s activation on the network. Bitcoin has, in fact, dropped from around $68,000 on Nov. 10 and it continues to trade in the high $50,000s. Meanwhile, BTC’s market capitalization decline reflects that of other major crypto assets, suggesting that the recent sell-off was not related to BTC’s upgrade. From a high of $1.288 trillion, it hit a local low of $1.052 trillion — an 18.3% pullback. For example, over the same period, ETH dropped by around 17.6%, a negligible difference from BTC.
A few plausible reasons exist as to why a major network upgrade would not result in immediate bullish or bearish price action versus other major cryptos. Firstly, Taproot is not a new idea and has been all but implemented for most of 2021. There was no real doubt that the upgrade would activate this November. In fact, looking at BTC price performance since Taproot was locked in in June, one could make a naive case that it has had a profound impact on the market.
At the time, Bitcoin was close to its local bottom of just below $29,000 following a major correction. Over subsequent months, it climbed back above $60,000 and currently trades around $57,000. However, the actual lock-in occurred 10 days before the market bottom, creating doubt as to whether BTC’s rise since the spring has anything to do with the upgrade. Additionally, there has been no shortage of arguably bullish news regarding Bitcoin in 2021. For example, El Salvador became the first sovereign nation to adopt BTC as legal tender in late June and the Securities and Exchange Commission greenlighted the U.S.’s first BTC-related exchange-traded fund in October.
Further muddying the waters is the fact that Taproot alone does not change how Bitcoin is used. That requires developers, particularly those building wallet software, to implement the upgrade, as Song explained:
“A lot of wallet providers have yet to integrate Taproot, so it’s going to take a bit of time. The benefits will be years out from now, not like completely immediately.”
Some notable providers have already upgraded and are planning to support Taproot almost immediately. Among them are Cash App, BitGo, Ledger Live and Muun wallet. However, judging from the SegWit upgrade’s slow adoption, it may indeed be years before we see Taproot’s full impact on the network.
Privacy — the double-edged sword
Taproot’s privacy improvements may also explain the lack of price movement surrounding its actual activation date. The documentation accompanying the upgrade makes no secret of its purpose. The “Motivation” section of BIP 341 reads:
“This proposal aims to improve privacy. […] Specifically, it seeks to minimize how much information about the spendability conditions of a transaction output is revealed on-chain at creation or spending time and to add a number of upgrade mechanisms.”
Privacy is a fundamental right for the most ideologically motivated Bitcoin users, and anything that makes it more difficult to track BTC wallet addresses is considered advantageous to the network. In a 2019 YouTube video, Andreas Antonopoulos, a seasoned cryptocurrency educator, reasoned that Taproot may provoke regulatory concern but that, in the face of this, it is more important to stand up for Bitcoin’s privacy than ever:
“I expect that there will be a fair degree of pushback against strong privacy in Bitcoin. I think it’s a big battle that we need to fight, and I think that we need to win. […] If we don’t have stronger privacy in Bitcoin, that gives many different attackers a way to attack Bitcoin users by violating their privacy and punishing them for using Bitcoin.”
Indeed, the biggest objections to cryptocurrency generally in recent years have been aimed squarely at privacy-enhancing tools. In 2020, pan-European law enforcement agency Europol identified two BTC wallet services as a cause for concern: Both Wasabi and Samourai wallets use a technique known as coin mixing, which seeks to mitigate efforts to track and identify BTC users.
The Taproot upgrade makes all Bitcoin transactions look the same at the network level, including those associated with the controversial privacy feature. Currently, it is possible to identify transactions using coin mixers on-chain, and some exchanges have even blacklisted users suspected of using privacy-enhancing tools. With Taproot, these transactions blend into every other transaction on the network, potentially making efforts to police the use of coin mixers redundant. As such, it is not unfeasible to expect some form of regulatory backlash as BTC becomes harder to track.
However, the anonymous Bitcoin Core developer we spoke to does not believe that the enhanced privacy enabled by Taproot is an issue. They explained that a coin’s transaction history is still entirely public on the blockchain and that privacy tools existed before the upgrade:
“While Taproot allows transactions to look like they’ve been created by a single entity, thus saving space and increasing privacy, it does not break the history of the coins used in the transaction. While Taproot also benefits coinswaps and coinjoins, the coin mixing technologies existed before Taproot, so I don’t think it will have any (additional) regulatory backlash.”
Meanwhile, Christie Harkin, CoinDesk’s managing editor for technology, believes that Taproot is off regulators’ radars, for now. In a video by the publication, she speculated that it would not become an issue until wallets begin integrating the upgrade and users start to benefit, at which point, it will be too well-adopted for regulators to effectively police:
“I think what’s going to happen is the same thing that we’ve seen in a lot of Bitcoin development over the years, [which] is it happens and then it gets big enough, and then nobody can do anything about it because it’s too late.”
However, for those institutional actors now using or considering BTC as an investment asset only, its newly enhanced privacy offers little benefit and only serves to provoke regulators. As such, it is reasonable to expect some major investors to approach the asset with renewed caution. Speaking on the What Bitcoin Did podcast in October 2020, Michael Saylor, the CEO of the first publicly traded U.S. company to invest in BTC, seemed dismissive of efforts to bring greater privacy to Bitcoin.
Referring to the vast capital at risk of devaluation through inflation held by various entities, he stated:
“There’s a 50-trillion-dollar requirement to store your money in a way that you don’t lose it all, and I think that there is a much smaller requirement to store money in a privacy wallet. […] If Bitcoin diverted all of its energy to make itself private and became known as a network of complete and utter privacy, it probably is counterproductive to its own interest. You don’t want the United States government to say Bitcoin is completely private because now it becomes the perfect tool for money laundering. Now it becomes the enemy. Now they’re going to shut it down.”
Is Taproot bullish for Bitcoin?
As more institutional and corporate money enters the market, Bitcoin’s raison d’être appears to be shifting. Powerful entities have an increasing interest in protecting the asset’s perceived value proposition. To those buying simply to hedge against a devaluing dollar, BTC’s most important function is its hard-capped supply of 21 million. If anything, the privacy improvements Taproot unleashes the risk of agitating lawmakers who could very easily turn hostile toward Bitcoin, effectively forcing institutions and corporations to sell their positions.
Meanwhile, the Taproot upgrade is a big win for those more ideologically aligned with Bitcoin’s potential to eventually dethrone banks and replace them with a stateless monetary system with no central point of failure. Not only will it reduce the efficacy of efforts to track transactions on-chain, but it makes the asset more useful thanks to reduced transaction costs and greater overall functionality. By enabling more complex transactions and lowering their cost, Bitcoin adoption should grow, further reducing dependence on monetary systems enforced by the state.
Ultimately, whether you think Taproot is a net benefit or negative to Bitcoin will depend on your own reasons for using it. From a strict price perspective, risking alienating institutional investors by provoking regulators is a dangerous strategy. If today’s most monied market participants turn their back on BTC, the price will not respond positively. Although increased utility will attract some users to buy into BTC, they are unlikely to rival the massive capital reserves that Michael Saylor and others believe are still cautious to enter the market.
For the billions of unbanked citizens worldwide lacking access to basic financial services, and those that believe privacy to be a right and that money should become entirely separate from nation-states’ often questionable monetary policy, it’s difficult to find fault with the Taproot upgrade. Unfortunately, however, Bitcoin is inextricably linked to its price. During periods of dramatic price rises, BTC attracts new users, who are often not part of the unbanked demographic that the network could help the most. As such, the desire to see “number go up” may eventually trump the network’s potential to democratize access to the global digital economy.
For now, Bitcoin’s developers seem largely ideologically motivated and seek to improve the digital currency’s overall utility over making it investor-friendly. Meanwhile, as demonstrated by node operators’ support of Taproot, the network at large approves of the direction in which the asset appears to be heading. However, how this changes pending the regulatory pressure that privacy-enhancing upgrades like Taproot may invite remains to be seen.
Keep up to date with all things crypto and subscribe to the OKEx Insights podcast, Send It, for market commentary and other insights.
OKEx Insights presents market analyses, in-depth features and curated news from crypto professionals.