The idea behind Taproot is to allow for logic to be added to transactions via multisig Schnorr signatures working alongside P2SH and MAST. In essence, Taproot creates signature outputs which contain instructions about what happens when conditions are met.
Taproot creates smart contract-like functionality within the Bitcoin network, as users can add logic to transactions through scripts that are outputted as a simple payment transaction.
The great advantages of Taproot are briefly described here by the original proposer, Greg Maxwell:
“I believe this construction will allow the largest possible anonymity set for fixed-party smart contracts by making them look like the simplest possible payments. It accomplishes this without any overhead in the common case, invoking any sketchy or impractical techniques, requiring extra rounds of interaction between contract participants, and without requiring the durable storage of other data.”
P2SH – Pay-to-script hash
P2SH is essential for Taproot to work properly. All Bitcoins are essentially “locked up” in scripts – a few lines of code embedded in a transaction in the blockchain which define how the coins can be spent in the next transaction. Spending conditions usually involve providing a signature to prove ownership of the coins. Other well-known conditions include timelocks (coins can only be spent after a specific block height or date) or multisig (coins can only be spent if a certain number of private keys out of a set of private keys provide signatures).
P2SH allows only the owner of the coins to know how they can be spent. When the owner spends the coins, they reveal the whole script as well as the “solution” to the script at the same time. Anyone can then use the initial hash to check that the supplied script was indeed the original script locking up the coins and can immediately conclude that the requirements of the script were met.
Still, when the coins are spent, it’s currently necessary to reveal all the possible conditions that could have been met — including the conditions that weren’t met. This has two main downsides:
A) It’s data heavy, especially if there are many conditions
B) It’s bad for privacy
Essentially, everyone learns all the different ways in which funds could have been spent, which can, for example, reveal what kind of wallet was used and perhaps even further information the users do not wish to disclose.
Taproot is based on an interesting realisation: no matter how complex, almost any MAST-like construction can include a condition that allows all participants to agree on the outcome and simply sign off on a settlement transaction together. Simply put, a MAST is a data structure that combines Merkle Trees – the ability to prove some information of a given data set without showing the entirety of the set – with ASTs (or abstract syntax trees), that add logic to transactions by allowing the user to split a program into its individual parts.
Now, if the money is spent cooperatively, all participants combine their signatures into the “threshold signature” and tweak it with the script. The resulting “threshold signature x script” allows them to spend the funds. Yet, to the outside world, all this would still just look like a regular public key and a regular signature — so just a single regular transaction.
As you can imagine, Taproot makes use of Schnorr signatures by aggregating a number of signatures into a single signature.
If you’re looking for an in-depth technical explanation by Bitcoin core developer Jimmy Song of how Taproot works, check out the video below.
Taproot comes into play by adding the P2SH functionality, as it reveals only the part of the script you’re going to use under the assumption that you’re going to split your script into a collection of disjunctive statements. It allows for the signees to only reveal a log scale number of branches. This gives users considerably more privacy and increases scalability as no extra storing requirements are needed.
Taproot works to make Bitcoin transactions look exactly the same on the blockchain explorer and makes it impossible to tell the difference between transactions, which naturally gives Bitcoin very good privacy.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.