Taproot and RSK

Sergio Demian Lerner
Jun 22 · 3 min read

Taproot is the the second of set of exciting improvements that are coming to Bitcoin. First it was segwit, now taproot, and someday we’ll see the activation of covenants, drivechains and coinwitness. However, Bitcoin development must not be rushed. I’m surprised Taproot is coming so fast.

RSK can benefit from Taproot, but making use of Taproot features requires performing an RSK network upgrade and probably also upgrade the PowHSMs. Changing RSK is hard, although not as hard as Bitcoin. The RSK community also needs to design, code, debate, test, review, release, deploy and activate any consensus change. For example, RSK still hasn’t taken full advantage of all the benefits of the past Segwit upgrade. However we can start to think about how Taproot could improve RSK.

Taproot provides four benefits:

  • Increased Privacy
  • Cheaper transactions
  • More efficient transaction processing
  • Fixes a hardware wallet security issue

The first two (more private and cheaper transactions) directly benefit all Bitcoin users. Cheaper transactions also benefit RSK users, as RSK users perform Bitcoin peg-in and peg-out transactions. The third (more efficient transaction processing) benefits Bitcoin full node runners, but not RSK users or nodes. The fourth has no impact on RSK.

More efficient transaction processing

Schnorr digital signatures introduced in Taproot can be verified faster by doing so in batches. However, this benefit cannot be translated to fee discounts for users creating transactions using Schnorr signatures because the Bitcoin transaction pricing model is constrained to account only for the space consumed, either standard or witness (segwit). A data byte is priced depending on whether it is part of the standard 1 MB block, or it is part of the Segwit witness stack, but script opcodes are not priced based on the resources they consume. Therefore RSK and Bitcoin users cannot directly benefit from this improvement.

Privacy

Taproot improves privacy in certain multiparty protocols involving state channels or payment channels, and also in transactions having uncommon (generally fallback) script execution paths that the owners may prefer to hide. Taproot allows that the common execution path, which is generally an agreement of all parties involved in a multi-party protocol, looks like a regular Bitcoin transaction.

RSK does not benefit from Bitcoin privacy enhancements because RSK design intends to maintain the amount of funds pegged publicly visible and fully transparent, to allow easily auditing the pegged funds. Internally, the RSK blockchain can achieve transaction privacy through 2nd layer rollup solutions, some of which are coming to RSK soon.

Cheaper transactions

Taproot can provide cheaper Bitcoin transactions in several ways. First, transactions having long scripts can be cheaper because only the executed path of the script can be revealed using MAST (Merkelized Abstract Syntax Trees) in Taproot. MAST can be useful when creating a multisig involving thousands of participants but only when the threshold of signatories required is low. For example, any 5 signatories out of 1000 participants. With MAST, a tree can be created where each leaf node contains the opcodes to validate the signatures of a subset of the participants. Without MAST, the scriptPub would need to provide thousands of public keys or it would need to use very complex scripts implementing a Merkelized tree of public key sets in the script itself. The RSK powpeg multisig does not have a low number of signatories, therefore it doesn’t benefit from MAST. In the Powpeg multisig the threshold of signatories is always more than half of the participants.

However, a second reduction in transaction cost does benefit RSK. Taproot introduces Schnorr signatures, and Schnorr signatures have simple and proven protocols to achieve threshold signatures occupying the same space as a single signature. This means that, for example, RSK could expand the number of pegnatories from 11 to 99 and still maintain the same peg-out transaction cost. More interestingly, RSK could add a second multisig to protect the pegged bitcoins even more, this new multisig assigned to the top hundred miners, similar to what is described in the Minpeg proposal, yet the peg-out transactions wouldn’t require much additional space, but only a single signature.

Maybe the importance of Taproot being activated is that the Bitcoin community will start focusing on changes that could benefit sidechains a lot, such as covenants, virtual UTXOs and drivechains.

Research & Innovation

Thoughts and stories about our work.