With Schnorr Signature key aggregation, multi-sig outputs look exactly the same as single sig outputs on-chain.
This makes it impossible for chain analysis firms to distinguish between multi-sig and single-sig spends.
Essentially, key aggregation is a way for multiple parties to combine their public keys/signatures into a single public key/signature.
The privacy implications here are mind-blowing.
3/
Key aggregation is like making that big magic key.
People have special codes (keys) that they use to show they agree on something, like moving bitcoins.
Key aggregation lets them mix their codes together and make one big code that works the same way.
2/
Now, imagine there's a new way to open the toy box.
Instead of carrying all the magic keys separately, you can mix them together to make one big magic key.
This big key can open the toy box just like all the little keys could, but now it's easier to carry and use.
Here’s a quick explanation of key aggregation:
1/
Imagine you have a special toy box that can only be opened with a magic key.
You and your friends each have your own magic key, and when you want to open the toy box together, you need to use everyone's magic keys.
Schnorr signatures offer many advantages over ECDSA, including space and fee savings.
But the most significant advantage offered by Schnorr signatures is key aggregation.
Until November 12th, 2021 (block 709,632), ECDSA was the only signing algorithm that Bitcoin used.
However, on that day, Taproot was activated, which allowed for the use of Schnorr signatures.
In this thread, we’ll just focus on Schnorr Signatures (BIP 340), as they are the main contributor to the privacy benefits.
So how does Taproot solve part of this problem?
Taproot introduced three individual BIPs:
-Schnorr Signatures (BIP 340)
-Taproot (BIP 341)
-Tapscript (BIP 342)
It’s well known that Bitcoin has a privacy problem.
Tracking UTXOs from KYC exchanges is trivial, and specialized firms like Chainalysis have cropped up for this very purpose.
As Bitcoiners, we should care A LOT about privacy.
It’s a fundamental human right, after all.
Taproot unlocked the future of Bitcoin Privacy
But most Bitcoiners have no idea why it’s so important.
A KEY AGGREGATION THREAD:
#Bitcoin's scripting language was a genius foresight.
Satoshi was thinking light-years ahead when he added this programmability.
Bitcoin Script: A Beginner’s Guide:
https://void.cat/d/BW5AgaGB1fH8udfqq1iTzc.webp
1/
What is script?
Script is a simple programming language that is not Turing complete.
It lacks certain logical functionality, including loops, to prevent people from spamming the network and harming nodes.
Script logic is used to check the validity of signatures in bitcoin transactions.
If a script is valid- nodes will relay the tx to other nodes.
Script executes in a stack data structure, similar to an array.
The most common script type is Pay to Public Key Hash (P2PKH), a simple script that pays to the hash of a public key, otherwise known as an address.
https://void.cat/d/WwDipeyq5p49bja8TiQV6j.webp
However, since the advent of SegWit, we’ve seen a marked increase in the amount of Pay to Witness Script Hash (P2WSH) outputs.
https://void.cat/d/137dnNCo9cF1VBdRHshAJx.webp
There are many different types of Script, including:
Pay to Pubkey (P2PK)
Pay to Pubkey Hash (P2PKH)
Pay to Script Hash (P2SH)
Pay to Witness Pubkey Hash (P2WPKH)
Pay to Witness Script Hash (P2WSH)
Pay to Multisig (P2MS)
Pay to Taproot (P2TR)
NULLdata (OP_RETURN)
The simplest script is Pay to Pubkey.
It has one operator, “Checksig”.
All it does is compare the signature of the tx to the public key, to verify that the signature could only have been produced by the person with the private key that was used to derive the public key.
https://void.cat/d/JGZN56MyAHfj1L11ZmoMYs.webp
In fact, the first-ever coinbase transaction from the genesis block in 2009 was a Pay to Pubkey output.
https://void.cat/d/SfWbL8CqBKdirtEF8sSSch.webp
There are tons of different functions that script can execute.
They are defined by the Opcodes used to construct the script.
Here are some of the most common Opcodes:
https://void.cat/d/DyEwVUJhtf8cXu2Mdxn1BR.webp
The SHA256 and RIPEMD160 functions are pretty straightforward.
They just compute the hash of a given input.
CHECKSIG consumes a public key and checks the validity of a signature, like in the Pay to Pubkey example.
CHECKMULTISIG consumes multiple public keys and multiple signatures, and checks to make sure that there are enough valid signatures to unlock the BTC.
You can also execute addition, subtraction, duplication, and a myriad of other functions.
TLDR;
Bitcoin Script is a simple programming language that isn't Turing complete.
It’s used to lock and unlock bitcoin, not to build applications.
Nodes run script when they receive a tx to verify its validity.
Opcodes execute different functions within a script.
We hope you learned something new from this thread!
Special thanks to Greg Walker for his amazing tutorials and graphics.
Follow us for more Bitcoin and Lightning content.
Lightning took Nostr to the next level.
But BOLT 12 will take it even further.
BOLT 12 + NOSTR = THE EVERYTHING APP
Nostr Thread:
https://void.cat/d/Trsk2DRaQxSzao5H2m5ViT.webp
If you didn’t already know, BOLT stands for Basis of Lightning Technology.
BOLTs are like BIPs for the Lightning Network.
BOLT 12 is already supported experimentally on Blockstream’s Core Lightning and is also being actively implemented by the teams at Acinq, LDK, & Lightning Labs.
BOLT 12 is distinct from BOLT 11 (the current invoicing spec on LN) in a bunch of different ways.
The main component of BOLT 12 is a new type of invoice called an “offer”.
An offer can be thought of as a ‘meta’ invoice- an invoice on top of an invoice.
Offers are useful because they are persistent and static.
This means that you can use them for donation pages, billboards, and zapping fellow plebs on Nostr!
BOLT 11 invoices, on the other hand, can only be used once, and must be generated in real-time.
BOLT 12 offers also allow you to create recurring subscriptions denominated in sats OR dollars.
This could be used to fund paid relays or creators (Patreon style), and for other subscription services.
BOLT 12 is Lightning native, which means that it’s different from LNURL/Static LN addresses because you aren’t required to run a web server to generate invoices.
Your Lightning node handles all the work.
This allows for fully self-custodial zapping⚡️
TLDR;
BOLT 12 would be a dramatic improvement for Lightning and Nostr.
BOLT 12 allows for:
-Subscriptions denominated in USD (but settled in sats)
-Static Zapping
-Self-Custodial Zapping
Thanks for reading.
We’re going to start posting all our threads on here.
Follow for more!
Also, if you run a large Lightning node and you haven’t tried Torq yet, you’re seriously missing out!
Check it out on Umbrel & Btcpayserver or download it straight from GitHub:
