With Bitcoin’s long-awaited Taproot upgrade on the horizon, the engineers at Blockstream are working on a new scheme to improve multi-signature transactions.
These transactions, which require signatures from more than one private key to authorize spends, will stand to benefit from Taproot. This upgrade implements Schnorr signatures into Bitcoin’s codebase, a cryptographic signature scheme that will make creating and executing smart contracts easier on the network.
In a post-election day blog post, Blockstream engineers Jonas Nick and Tim Ruffing lay out a new multi-signature design that would reduce the technical complexity of multi-signature transactions in a way that still preserves privacy.
Nick and Ruffing, alongside French National Security Agency member Yannick Seurin, published a cryptographic e-journal on this MuSig2 design that is currently undergoing peer review.
'Non-interactive signing'
MuSig2 combines the strengths of the two leading multi-signature designs without sacrificing trade-offs.
Bitcoin’s oldest multi-sig trick, the 'CHECKMULTISIG' OP-code, for instance, requires less communication from the signers of a multi-sig transaction but is less private than the MuSig1 multi-signature scheme, which improves user privacy at the expense of adding extra steps to the signing process.
Specifically, MuSig1 requires the parties in a multi-signature transaction to communicate in multiple rounds to approve a transaction.
MuSig2 would retain all the privacy guarantees of MuSig1 while only requiring two rounds of communication between signers to approve a transaction (e.g., Alice generates a 2-of-3 multi-signature transaction she sends to Bob for approval; Bob signs the transaction, sends it back to Alice and the transaction is approved).
“It offers the same functionality and security as MuSig1 but makes it possible to eliminate almost all interaction between signers. With MuSig2, signers need only two rounds of communication to create a signature, and crucially, one of these rounds can be preprocessed before signers know the message that they want to be signed,” the blog post explains.
Besides improving general multi-signature wallets, MuSig2 could stand to benefit Lightning Network privacy and improve so-called threshold signatures that are often used by exchanges and custodians for fund storage.
If Taproot is adopted in the coming months, then Blockstream will replace the MuSig1 standard with MuSig2 in a code library for Schnorr signature schemes. The post also hints that Blockstream’s Liquid sidechain may run the Taproot code early to test the multi-signature scheme before it is ready for deployment on Bitcoin’s mainnet.