图片

Blockchain technology company Blockstream is hoping to succeed in developing a new multi-signature standard for Bitcoin transactions in the future, following the launch of working code last month.

In addition to this, Blockstream also released the latest version of its Bitcoin scaling software c-lightning in early March, marking a busy period for the well-respected development company.

Upgrading the Bitcoin protocol

Historically, potential upgrades to the Bitcoin protocol have been a point of contention since its inception in 2009.

Satoshi Nakamoto’s original Bitcoin white paper is seen as a sacred text, and any changes to the way the technology works are met with skepticism and opposition.

Still, the Bitcoin protocol has encountered some teething problems over the years due to the massive increase in the number of users and the network’s ability to process transactions in a timely and cost-effective manner.

Given that consensus must be reached on any potential changes to the code, Bitcoin has been improved through implementations such as SegWit, which has been slowly rolled out over the past two years.

Any changes not agreed upon by the majority of the community will result in a contentious hard fork, giving rise to forked coins such as Bitcoin Cash.

Therefore, any potential changes to the Bitcoin protocol require significant time, research, development, and testing before being rolled out to the wider community for consideration and implementation.

MuSig

Blockstream’s new Schnorr-based multi-signature scheme (MuSig) has been launched for public testing and feedback in order to create efficient, trouble-free code in the future.

For the uninitiated, MuSig is an improvement that could potentially help scale the Bitcoin blockchain by reducing transaction sizes through improved performance and user privacy.

The foundation of the code was laid in a research paper published in 2018 by Blockstream cryptographers Pieter Wuille and Andrew Poelstra, along with Yannick Seurin and Gregory Maxwell.

Just over a year later, Blockstream released the working code on GitHub for the wider cryptocurrency community to test, in the hopes that it could eventually be merged into the Bitcoin Core code and other projects.

Schnorr Signatures

A digital signature provides cryptographic proof that a transaction was authorized by a specific private key owner, and most individual Bitcoin users send transactions using a signature from the owner of the private key of the sending address.

Multi-signature provides the same type of cryptographic proof when a wallet has multiple owners, in which case the individual owners need to generate their own personal signatures in order to generate the multi-signature authorizing the transaction.

Schnorr signatures are a specific type of multi-signature that offer some important benefits. The name Schnorr comes from Claus Schnorr, the creator of the multi-signature algorithm.

Cointelegraph reached out to Blockstream cryptographer Andrew Poelstra to get a better understanding of the intricacies of the proposed MuSig upgrade, and as he explained, the algorithm offers a number of benefits:

“Schnorr multisigs are a specific type of multisig that are small (64 bytes regardless of the size of the signer set), can be verified very efficiently, and avoid exposing the number of signers to the blockchain.”

The reason why this implementation would have a huge impact on how the Bitcoin protocol works is because of the form of multi-signature currently used.

Poelstra again explained that the current multi-signature, the Elliptic Curve Digital Signature Algorithm (ECDSA), is too simplistic because it requires all signatories to generate separate signatures, which are then included in the relevant transaction.

“This means that for 2 signers, it takes twice as much blockchain space to process a transaction and twice as long to verify. If Bitcoin supported Schnorr signatures instead of ECDSA, this would enable several new technologies - most importantly Schnorr multi-signatures.”

To the network of miners validating bitcoin transactions, these Schnorr-based multi-signatures appear identical to normal signatures, meaning they are the same size and take the same amount of time to verify, but they are also more private.

According to Poelstra, they will not reveal the original set of signers or even the number of signers of a multi-sig transaction, which should increase the anonymity and privacy of multi-sig transactions.

ECDSA

Bitcoin currently uses the ECDSA signature algorithm to verify ownership and transfers of BTC on the blockchain, and as Blockstream explained in its original announcement, ECDSA signatures have a number of limitations.

The biggest concern is that creating multi-signatures with ECDSA is difficult due to the complexity of the generated signature structure.

Blockstream’s main concern with ECDSA and other current multi-signature schemes is that they assume that transaction signers have control over how and when their keys are generated and have reliable and secure memory for them.

In fact, many Bitcoin users cannot access their keys and how they are generated, and they cannot control third parties and how they use their keys. The MuSig solution proposed by the blockchain hopes to solve this problem in two ways.

First, MuSig creates short and consistently sized signatures that appear the same to the verifier regardless of how many signers are involved, which is intended to improve efficiency by reducing the burden of signer details while maintaining security.

Secondly, MuSig hopes to provide provable security using ordinary public keys. Their goal is to give signers the flexibility to generate and provide multiple signatures for transactions without providing additional information about how the keys were generated.

It is worth noting that this remains a difficult problem for Bitcoin key generation due to the diversity of key management strategies in the ecosystem.

Extensive testing is needed

While Blockstream hopes to provide a viable solution to improve multi-signature transactions, they are under no illusions about the challenges of doing so.

Securing multi-signature transactions is much more complex, as it cannot simply be done by cryptographically hashing the signatures using the same hashing method to ensure uniform randomness.

Subsequent signers of a multi-signature transaction can use the other signers’ “nonce” (a hash value that can only be used once in an encrypted transaction) to make multiple signatures.

The current solution is to use session IDs for signing sessions for multi-signature transactions, which is a temporary solution until Blockstream develops a more robust solution.

Replay attacks remain a concern with multi-signature transactions, given the number of steps involved in verifying a transaction that requires signatures from multiple participants.

Taking all of this into account, Poelstra told Cointelegraph that the security of Schnorr signatures and their use in MuSig is not a concern:

“Schnorr signatures are algebraically simple to reason about and are provably secure under the same cryptographic assumptions as ECDSA. Of course, as with any proposed change to Bitcoin, the introduction of Schnorr signatures will require extensive testing and review.”

The way forward

Creating a timeline for the testing and potential implementation of MuSig is not a simple concept, and given the complexity of ensuring the security and validity of multi-signature transactions, a viable and trustworthy solution will take considerable time to produce.

As Poelstra explained, developing and implementing MuSig will require collaboration with the wider Bitcoin community:

“The first step is to develop a specific, concrete proposal and send it to the Bitcoin development mailing list for community review. The review process can take several months, during which time the proposal can undergo many changes. In parallel with this and subsequently continuing, code needs to be written, tested, and reviewed, and then the software needs to be widely deployed before the changes can be activated. It is difficult to say how long the whole process will take.”

Poelstra said that if the code is approved and implemented by the wider Bitcoin community, no hard fork of any kind would be necessary to implement the changes:

“The introduction of Segwit in 2017 also introduced a versioning mechanism for changes to Bitcoin Script (e.g. introducing a new signature scheme), which allows such upgrades to be done in a soft fork. Prior to Segwit, it was also possible to introduce Schnorr signatures in a soft fork, although more engineering work was required to ensure a smooth transition for users when updating at different times.”

We encourage the broader Bitcoin development community to test Blockstream’s code on GitHub to facilitate the development of fully working code in the coming months and years.

图片

Bitcoin Core Developer Reveals How Schnorr Signatures Help Scale Bitcoin

Four Bitcoin developers have released a paper outlining how Schnorr multi-signatures (“multisig”) can help scale the Bitcoin blockchain:

  • eprint.iacr.org/2018/068.pdf

图片

In a paper published on Jan. 15, Greg Maxwell, Andrew Poelstra, Yannick Seurin, and Pieter Wuille discuss and illustrate how a technique for “bundling” multi-signature data together to reduce transaction size could improve performance and user privacy in Bitcoin.

Multi-signature has gained widespread adoption in various Bitcoin applications over the past few years, with its trademark security benefits being a key feature of some consumer wallet applications, and this week’s paper focuses on how Schnorr multi-signature can provide enhanced transaction privacy.

As various improvements move closer to mainstream acceptance, the need for Bitcoin scaling solutions remains urgent.

Chief among them was January’s Lightning Network, a so-called Layer 2 protocol that facilitates nearly zero-fee bitcoin transactions that are processed almost instantly.

As Blockstream engineers said in a Jan. 16 post, mainnet lightning transactions are still in “testing phase” and are being conducted on a small scale, with only about 50 nodes and 80 channels running.

Schnorr signatures have long been a favorite of technology commentators, and were praised by blockchain consultant Sam Wouters for their security benefits last July. Wouters explained the significance of the technology in an article, saying:

“At the end of the day, if there’s only one person sending this transaction from multiple sources, there should be some way to do it with just one signature, right? That’s what Schnorr signatures allow us to do.”

Further reading:

  • ICP and Schnorr integration usher in the Bitcoin DeFi era

  • Runes are coming as Bitcoin halving approaches — and the Internet Computer will support them

图片

#MuSig #Schnorr #ECDSA #Blockstream $BTC

IC content you care about

Technology Progress | Project Information | Global Activities

Collect and follow IC Binance Channel

Get the latest news