Bitcoin’s core developer team isn’t yet done scaling the cryptocurrency’s protocol.
Despite the fact that a years-in-the-making change called Segregated Witness (SegWit) activated on the network just over six weeks ago (with businesses and users now slowly updating and average block sizes inching upward), the upgrade has already started a chain reaction of work on other optimizations geared toward accommodating more users.
So, while businesses and miners are pushing for more aggressive scaling via the controversial Segwit2x proposal, the open-source team behind bitcoin’s most widely used software is focused on another effort entirely. Called “Schnorr signatures,” the idea is to strip out the Elliptic Curve Digital Signature Algorithm (ECDSA) that today supports “signature aggregation” on the bitcoin blockchain.
While that may sound complex, the change aims to consolidate activity that already takes place on the network with each transaction. Under the ECDSA scheme, each piece of a bitcoin transaction is signed individually, while with Schnorr signatures, all of this data can be signed once.
And doing so could improve bitcoin in a few key ways, according to developers working on the effort.
Blockstream engineer Jonas Nick told CoinDesk that this method of mashing signature data together should be considered “low-hanging fruit for helping bitcoin scale.”
First, by decreasing the number of signatures, it increases the amount of transaction data that can fit into each block. Second, by merging signatures, the technology could enhance privacy by making it harder to determine where transactions are coming from.
Third, it’s believed the change could curb “spam attacks,” where one entity sends a bunch of small bitcoin transactions that take up extra space in the blockchain, potentially making nodes more difficult to run.
Success through failure
Though the new signature technology has been an idea since at least 2013, developers have recently made some breakthroughs, bringing Schnorr signatures closer to actual implementation on bitcoin.
SegWit was the first necessary step in that the code change, which moves signature data to another part of the block, making Schnorr (or something like it) possible to implement with a backward-compatible software upgrade (soft fork), where it wasn’t previously.
Then, most recently, developers stumbled upon under-the-radar cryptography research that could help them build the algorithm faster.
According to a transcript of Bitcoin Core’s annual meeting over the summer, developers submitted a paper outlining their signature aggregation scheme to Financial Cryptography and Data Security 2017. While the conference committee rejected the paper – asserting that the security proof for the signature aggregation scheme provided in the paper was too flimsy – they also suggested another paper, which provided a stronger security proof.
With this work already done, developers can spend less time ironing out the security signature scheme, and more time figuring out how to implement it on bitcoin.
Next steps towards reality
Blockstream’s Nick points to an in-progress bundle of code changes called “aggsig module” as the main place where Schnorr signatures are being worked on.
Code contributions – from Andrew Poelstra, Greg Maxwell, Pieter Wuille, Peter Dettman and others – date back as far as 2012, showing this module as the most advanced in terms of being worked on over the longest number of years.
While many developers there have turned their attention to optimizing the performance of the Schnorr code implementation to make sure the verification of signatures is as fast as possible, Nick said, there are still some missing pieces to the aggsig module before it can be fused into bitcoin itself.
For example, bitcoin’s OP_CHECKSIG function checks to see if someone really owns the bitcoin they’re trying to send. Currently the function does not take the new Schnorr signatures into account, meaning it can’t do the aggregating signatures, said Nick.
“There’s no public proposal yet specifying how [that] would exactly work,” he explained, adding that developers need to write up some sort of a roadmap for the new function, before it can be implemented.
Still, he was optimistic that the change will not take long to implement, calling it “relatively straightforward.”
News Source : Coin Desk