Segregated Witness (SegWit), was likely the most contentious cryptocurrency upgrade in 2017. Ironically, SegWit in itself is actually not that impactful. It offers a modest increase in throughput capacity by increasing the block weight. That is about it in terms of its direct impact.
Proponents were determined to integrate SegWit because of the other upgrades it makes possible. Of these, you’re most likely aware of the Lightning Network and atomic swaps. However, there are several other improvements which, if integrated, will significantly improve the privacy of any SegWit enabled coin.
The Bitcoin Core team is developing these upgrades. Right now, they’re indicating that they’ll come together as a soft fork. These upgrades will be a combination of Merkelized Abstract Syntax Trees (MAST), Schnorr Signatures, Adaptor Signatures, Scriptless Scripts, Taproot, and Graftroot. We’re going to unpack all these proposals and see what privacy implications they have for SegWit enabled coins.
Why SegWit Needs Privacy
Currently, no SegWit enabled coin, such as Bitcoin, Litecoin, or Digibyte, has any proper privacy or fungibility. Andreas Antonopoulos rightly states that “currency without privacy is a bug.” Not only is privacy necessary for its direct applications in keeping users anonymous, but it’s also critical to making money properly fungible. If someone can trace your coins across the blockchain, they can easily blacklist you. Thus, you lose the ability to actually spend your money.
The biggest problem, though, with any privacy improvement is ensuring that it doesn’t cause a major increase in data demand. Indeed, privacy-focused coins such as Monero and Zcash have experienced these issues. And, they’ve taken a long time to solve. All of the following upgrades have had this challenge in mind.
Merkelized Abstract Syntax Trees (MAST) is a way to make smart contracts, specifically multi-signature (multisig) transactions, much more usable. Until now, developers have blocked smart contracts on Bitcoin because of the amount of space they took up. Improving their efficiency will mean developers can start using them properly. MAST allows this through a new way of handling scripts, enabling more efficient execution of smart contract conditions.
MAST also increases the privacy of these smart contracts because only a limited amount of information is revealed, namely the fulfilled smart contracts. Because it’s more selective in which information it has to disclose, it also lends to a privacy improvement
This obfuscation will also help make Lightning Network payments appear the same as blockchain transactions. Although, as we will see, further upgrades will properly cement these capabilities. MAST depends on SegWit, and the Bitcoin Core team should be integrating it into a Bitcoin Improvement Protocol (BIP) soon.
Schnorr signatures are simply an alternative to the current ECDSA signature scheme used by SegWit coins. The crucial aspect of this upgrade enables multiple users to produce a signature that can be proven to be equal to the sum of the corresponding public keys. So, unlike with the current model, not every user in a multisig arrangement has to expose their own public key. This mechanism frees up space and increases throughput. However, importantly for us, it also lays the groundwork for other privacy upgrades like Taproot.
Right now, it’s easy to distinguish multisig from regular transactions. Multisig arrangements are one of the most exciting smart contract usages of the current SegWit coins. Unless developers can ensure their privacy, there is little chance of them gaining traction. Just like MAST, Schnorr Signatures could be right around the corner.
Adaptor Signatures are a secondary application of Schnorr, providing greater obfuscation. According to Pieter Wuille, someone at the forefront of developing Schnorr Signatures for Bitcoin, Adaptor signatures enable atomic swaps to look just like any other normal blockchain transaction.
To provide an example: An atomic swap allows you to pay in Litecoin while the merchant receives Bitcoin. Any SegWit enabled coin can participate in an atomic swap. Adaptor Signatures make this whole process look identical to a regular transaction.
Scriptless Scripts have been in development since 2017 and are being driven by Andrew Poelstra. They allow smart contracts to be hidden, revealing only public keys and digital signatures. They make all smart contracts more private. And, with them, atomic swaps could almost become fully anonymous.
Currently, all nodes have to fully validate the scripting language used in Bitcoin smart contracts. This undermines any privacy on layer two solutions like the Lightning Network. Scriptless Scripts remedy this by removing the need to disclose all the details of a payment channel. This upgrade relies on Schnorr, and it’s possible that it will be integrated into the same BIP.
Taproot & Graftroot
Gregory Maxwell recently developed and proposed Taproot. It’s a major privacy upgrade on top of MAST. Without Taproot, multisig transactions under MAST still look distinct from regular transactions, and hence, can easily be targeted. Taproot, in short, clouds this difference, making them both look indistinguishable on the blockchain. Just like Scriptless Scripts, Taproot depends on Schnorr and is likely to arrive at the same time.
Graftoot is another Gregory Maxwell proposal that builds on Taproot. It aims to improve on the efficiency and privacy of Taproot further by allowing for the delegation of a signature in a multisig transaction.
Along with Scriptless Scripts, Taproot and Graftoot prevent the ability to distinguish layer one from layer two transactions. It does this by making Lightning payment channels and blockchain transactions look the same.
These upgrades are going to make all transactions and smart contract executions on SegWit enabled coins look identical. Whether that is multisig, Lightning payments, or atomic swaps, the aim is to make them all look indistinguishable.
What none of them, unfortunately, do yet makes transaction amounts and individual addresses anonymous. Confidential Transactions and Bulletproofs are able to address that set of problems. Right now, the Litecoin team seems to be taking the lead on those.
These upgrades will truly stand out when we see the widespread usage of atomic swaps and the Lightning Network. It is clear that the Bitcoin Core team and Blockstream are thinking ahead with their privacy proposals. Each upgrade on its own is specific in its use case. However, as a package, they will have a profound privacy impact for any SegWit enabled coin that wishes to integrate them. Hopefully, we will see a majority of them integrated over the next 12 months.