Roadmap to Bitcoin Developments

A review of MAST, Schnorr signatures, Bulletproofs, Confidential Transactions, Sidechains and Mimblewimble

Since August of last year, the Bitcoin development community has implemented SegWit and released the Lightning Network beta to the mainnet. These developments were big steps towards improving Bitcoin by increasing transaction throughput and lowering fees, among other advantages. In addition to those, there are many more proposed improvements to the Bitcoin protocol under development. This article will take a look at what’s in the development pipeline and review what could be coming to Bitcoin in the years ahead, including MAST, Schnorr signatures, Bulletproofs, Confidential Transactions, sidechains and Mimblewimble.


MAST, short for Merkelized Abstract Syntax Trees, proposes to improve Bitcoin by changing how smart contracts are written to the blockchain. In effect, it allows smart contracts to be split into their individual parts. This has several benefits in terms of privacy, transaction size and allowing for larger smart contracts. There are excellent articles about MAST here, here and here.

Smart contracts allow for users to put restrictions on when and how their bitcoins can be spent. For example, a transaction can require multiple signatures or have a time requirement. Currently, when a transaction with these kinds of conditions is created, the entirety of that smart contract is written to the Bitcoin blockchain when the coins are spent. With MAST, only those parts of the smart contract which are fulfilled are put on the blockchain, with the rest remaining hidden until the conditions are met.

MAST increases privacy by keeping hidden unused parts of smart contracts, thus tying less information to public keys. It also can reduce transaction size, since only the fulfilled parts of a smart contract are written to the blockchain. Finally, it has the benefit of allowing larger smart contracts. Bitcoin has byte size limits on scripts, which limits their overall size. But if a smart contract can be broken into pieces and written to the blockchain in multiple transactions, then it can be larger.


MAST is being proposed in two development streams. BIP 114 was updated in September of 2017 by developer Johnson Lau. The other implementation involves BIPs 98, 116 and 117. A comparison of the differences between the two versions can be seen here. There were recent updates to 117 in January 2018. There is no final release date, though Andreas Antonopoulos said in a recent video that a testnet release could happen in “early 2018.”

Schnorr signatures

Schnorr signatures, named after their inventor, Claus-Peter Schnorr, are a proposal to replace Bitcoin’s current digital signature algorithm (ECDSA) for a more efficient one. The first way they will improve the bitcoin protocol is that they will allow for the aggregation of multiple transaction signatures into a single signature. This is useful in situations where, for example, one party wants to send a transaction funded by three different accounts to a single receiver. Instead of having to send three signatures in the transaction, they would be able to send just one.

This would make transaction sizes smaller in these types of transactions, and could reduce transaction’s use of storage and bandwidth of the Bitcoin network by around 25%. It could make spam attacks less effective, since these types of transactions would be smaller.

Second, Schnorr signatures would increase of the privacy of multisig transactions by aggregating signatures in these transactions, thereby masking the original signatures. This would also reduce the size of multisig transactions, since there would only be one signature attached to each transaction.

Finally, implementations of Schnorr signatures could allow for future developments to Bitcoin, such smart contracts, otherwise known as “Scriptless Scripts.”


In an article for Coindesk, Bitcoin Core contributor Nicolas Dorier estimated it would take several years for Schnorr signatures to be implemented.

In a January 2018 talk at Stanford, Bitcoin core developer Pieter Wuille said that several Bitcoin Improvement Protocols (BIPs) are being worked on, and that it would be “a lengthy process” before they wre implemented. Schnorr signatures can be implemented with a soft fork due to upgrades made in SegWit, but it bears keeping in mind that they have been under development since 2012.


Bulletproofs promise to improve the privacy of Bitcoin by concealing quantities of transactions, while still leaving the sender’s and reciever’s wallet addresses public. Developed by Jonathan Bootle of University College of London, and Benedikt Bünz of Stanford, bulletproofs are zero-knowledge proofs, meaning they don’t require any trust between the parties.

Bulletproofs have already attracted attention from other cryptocurrencies such as Monero and Litecoin, who are considering implementing the protocol on their own blockchains. They are also lightweight and don’t massively increase the amount computational power required to process transactions, so they could work well on public blockchains like Bitcoin. And so far, developers have found them to be secure.


There is no date set for when bulletproofs could reach Bitcoin’s mainnet. Around the end of 2017, Pieter Wuille of Blockstream said on Reddit that bulletproofs were “far too premature to propose for inclusion into Bitcoin.” Some speculate it could be as far out as three years.

Monero is moving faster, announcing in December 2017 they were moving bulletproofs to the testnet, with a possible mainnet release in March or later in 2018.

Confidential Transactions

Confidential Transactions (CT) would keep the amounts of Bitcoin transactions visible only to participants in the transaction. CT was discussed by Adam Back, the co-founder and CEO of Blockstream, in a discussion forum in 2013, with work done by developer Greg Maxwell. In November of 2017, Maxwell announced that he had reduced CT transactions from 16 times the size of normal Bitcoin transactions to three times the size.


There is no date when CT may be added to Bitcoin, although Charlie Lee said he was considering adding it to Litecoin when it was ready. CT are enabled in Elements project, a Bitcoin development group.

Sidechain Projects

Sidechains are intended to allow other blockchains to connect to the Bitcoin network using a separate coin that is tied to bitcoin. This means that each sidechain is a separate blockchain that can have different rules from the Bitcoin mainnet while still remaining connected to it. There are several different sidechain proposals under development currently: Liquid Network, RSK and Drivechain.

Liquid Network

Liquid is a private sidechain, so there is some control over who can access it. The benefits of Liquid are that it allows instant transactions, privacy (Confidential Transactions are built in) and the ability for users to hold Liquid funds outside of an exchange.

It is based on the “Strong Federations” concept, which has three main parties to the system: users; block signers, who are similar to miners; and watchmen, who allow funds to be securely transferred to and from the chain by a process known as pegging. It is being developed by by Samson Mow of Blockstream and Joseph Weinberg of Paycase.


The project was inititally announced in 2015, and the mainnet beta was released in May of 2017. Reports are that it is being tested by BTCC, Bitfinex, Paycase, Unocoin and Zaif. There is no definite final release date, but it could have a 1.0 release in 2018.


RSK is a sidechain that plans to bring smart contract functionality and near instant payments to the bitcoin network. Like Liquid, it uses a federated system, with custodians tracking the movement of bitcoin between RSK’s network and Bitcoin’s mainnet. It does this by using a token called SBTC (smart bitcoin), which is pegged to BTC at a 1:1 ratio.

Interestingly, smart contracts on RSK are programmed on Solidity and the RSK virtual machine is fully compatible with Ethereum’s. RSK’s network is secured by proof-of-work, with the same algorithm as Bitcoin, which means Bitcoin miners can also merge mine on RSK with very little performance impact to Bitcoin mining. RSK claims to be able to scale to 100 transactions per second using probabilistic verification and fraud proofs, as well as sharding, something that Ethereum is also developing.

Formerly known as Rootstock, RSK is suppported by the RSK federation, which is made up of more than 30 blockchain firms such as Xapo, Antpool, Bitpay and Digital Currency Group. The CEO of RSK is Diego Gutierrez Zaldivar.


RSK was released onto the Bitcoin mainnet in January 2018, though according to their website, the release is being staged over time. As for a final a release date, Zaldivar told Coindesk in January that “Hopefully by May, we can announce the production version of the mainnet.”


Drivechain plans to allow for multiple blockchains to be linked up to Bitcoin’s mainnet. Like RSK, Drivechain sidechains built can be secured by Bitcoin miners using merged mining. Unlike RSK, Drivechain is flexible, and developers could create sidechains tailored to the specifications they want, such as larger block sizes or privacy features. Drivechain would require an upgrade at the protocol level, or softfork. Drivechain separates the changes needed into two parts: hashrate escrows and blind merged mining.

Drivechain was invented by Paul Sztorc (who also created Hivemind), with help from pseudonymous developer CryptAxe, Bitcoin Core contributor Chris Stewart and Jason Dreyzehner of BitPay. The website is here.


A Drivechain developer group began meeting in August of 2017. According to the Drivechain subreddit, the last developer meeting was held in February. The Drivechain website said a January 2018 release date was possible, but this hasn’t happened. Drivechain wants to get approval from 95% of the Bitcoin community before activating the soft fork. Drivechain claims it could be available 2–4 weeks after miners decide to support it.


Mimblewimble is a proposal for a bitcoin-like blockchain which claims to provide higher security than the current Bitcoin protocol, improved scalability, a different kind of cryptographic security and ASIC-resistant mining algorithm to encourage mining decentralization. It is being implemented by a project called Grin. Transactions would be completely fungible, meaning the amounts of Bitcoin transactions would be concealed, as would the public keys of the parties involved. The improvements do come at a cost, however, as Mimblewimble wouldn’t support scripts like Bitcoin does. As Mimblewimble is quite different from the Bitcoin protocol, it would likely be implemented as a sidechain, or even a separate altcoin. A technical introduction can be seen here.


The original Mimblewimble white paper was published in July of 2016 by the pseudoanonymous author Tom Elvis Jedusor. At the end of 2016, a Github project called Grin began building out the white paper. In November of 2017, the Mimblewimble launched on a testnet. Back in December of 2017, Grin solicited $30,000 USD in bitcoin to support development of the project. Currently the project is working on a second testnet (with no release date), but the founder of the project said it could go live in 2018.


Bitcoin developers are working hard to improve the network. Despite controversies over scaling in 2017 and the resulting fork, Bitcoin still has the largest amount of hashing power, high levels of decentralization and biggest market cap. With two major improvements, SegWit and the Lightning Network, live on the mainnet, the challenge for the Bitcoin development community will be to continue pushing out improvements in 2018 and beyond.

Note: Updated to include MAST.

Disclaimer: This article is not professional investment advice. All opinions expressed are my own.

If you liked this article, please see my other work here on Medium or Twitter at @ianedws.