Taproot 101: How Bitcoin’s Latest Upgrade Enhances Privacy and Scalability

Even if you have been a part of the crypto space since the early days, you probably haven’t heard about so many major Bitcoin upgrades.

The reason for the above is simple. Bitcoin is currently the world’s oldest and top cryptocurrency that features one of the most resilient computer networks today with a nearly 99.99% uptime and only two downtimes throughout its history (lasting less than 15 hours in total).

As a result, Bitcoin developers have to ensure that the upgrades they roll out are 100% stable after going through multiple rounds of rigorous testing. This way, they can avoid grave consequences for the BTC community.

Just imagine a scenario when a flaw in a code allows hackers to double-spend BTC or cripple the majority of the network. It would cause irreparable damages for both Bitcoin and the whole crypto industry.

For that reason, it usually takes multiple years after one Bitcoin upgrade is followed by another. The last time the network went through a major change was in August 2017, when miners activated Segregated Witness (SegWit), a solution that allows the chain to store data more efficiently. However, it sparked a heated debate in the community, which led to a chain split and the Bitcoin Cash hard fork.

Furthermore, since BTC features a massive community – that includes millions of end-users, miners, investors, businesses, and developers –, it’s hard to reach a consensus about an upgrade proposal.

That said, this time, it seems most Bitcoin network participants have agreed to roll out a new upgrade called Taproot, which has recently reached the critical 90% consensus level among miners.

Taproot is expected to improve BTC transactions’ privacy, lower transfer fees, allow for more flexibility, and enhance the scalability of the blockchain.

But what is Taproot, and how does it work?

What Is the Taproot Upgrade and How Will it Benefit Bitcoin?

Taproot is a soft fork scheduled to take place at block 709,632, which is expected to occur around November 14, 2021.

Originally proposed by Bitcoin Core contributor (and former CTO) Gregory Maxwell in 2018, Taproot will change BTC’s current ECDSA digital signature algorithm to Schnorr (more on this later).

Simply put, by doing so, complex signatures (e.g., ones that need multiple parties to sign a transaction) can be combined together. As a result, complex transactions will now look identical to standard (user-to-user) Bitcoin transactions, which increases the participants’ privacy.

Furthermore, combining numerous signatures in a transaction into a single one (instead of including them one-by-one into a block) reduces the amount of data that has to be transferred and stored on the blockchain.

As a result of more efficient data storage, Bitcoin will be able to process more transactions per second (TPS), while complex transfers are expected to cost less after the Taproot upgrade.

Interestingly, since the current algorithm for digital signature will be changed, the Taproot upgrade is expected to be implemented along with the new Schnorr algorithm in November.

How Does Taproot Work?

By now, you know the basics about Taproot and what the upgrade means for Bitcoin.

Next on, we will dive a bit deeper into our topic to understand how Taproot will change digital signatures in the network.

Digital Signatures, P2SH, ECDSA

To better understand our topic, it’s crucial to revisit some of the basics about transactions in the Bitcoin network.

As you may already know, cryptocurrencies utilize public-key cryptography (hence the name), in which you have two keys: a private and a public key.

While you can share your public key to receive funds from others, the private key is utilized to sign transactions digitally (and also to access your funds and restore your wallet).

Digital signatures play crucial roles in the Bitcoin ecosystem as they are needed to prove the ownership of your coins as well as spend them.

And this is where scripts come into the picture.

In practice, all coins in the cryptocurrency’s network are “locked” in scripts that refer to lines of code included in a transaction and then after in the blockchain (upon successfully getting processed with other transfers in a block by miners).

The scripts within the Bitcoin network determine how participants can spend their BTC in their next transactions. The simplest condition is to prove the ownership of your coins by digitally signing the transfer with your private key.

However, there are much more complex transactions in the Bitcoin ecosystem than simple user-to-user balance transfers that feature more sophisticated spending conditions.

Examples of such include timelocks and multi-signature transactions. While the prior allows users to spend their coins after a specific date or block height, multisig requires a transaction to be signed by a certain number of private keys from a pre-determined group (of private keys) authorized to sign the transfer (e.g., three out of five signatures are needed to successfully send BTC from a multi-signature wallet to a recipient).

In short, multisig transactions are utilized for wallets where multiple parties collectively control funds to share the risks and enhance security. For example, AAX uses multi-signature technology for its robust wallet system to eliminate a single point of failure and ensure the safety of customers’ funds.

In terms of Bitcoin transactions, developers can combine different conditions to create and deploy complex smart contracts (self-executing digital agreements between parties that automatically enforce pre-agreed rules).

For example, a BTC in a multisig wallet can be spent if any of the following conditions are met:

  1. Both parties sign the transaction with their private keys
  2. One of them provides a secret number after two days have passed
  3. One of the two private keys is used to sign the transaction after reaching the 690,000 block height

Starting from 2012, when pay to script hash (P2SH) – a transaction and address type in the Bitcoin network – was implemented, the scripts containing the conditions of spending are not publicly visible. Instead of the whole script, only its hash (a long string of numbers) can be seen on the public ledger.

However, when the sender meets one of the conditions to execute the transaction and spend BTC, it reveals the whole script along with all the data it contains. This includes all the conditions that were met and that weren’t, which network participants can easily audit on the blockchain by using the initial hash of the script.

As you can see, this can cause some privacy concerns for the sender as anyone could analyze the script’s hash to see the conditions inside, which could also show sensitive information like the type of wallet utilized for the transfer.

In addition to the privacy problems originating from P2SH, Bitcoin also faces further anonymity- and efficiency-related issues due to its current digital signature algorithm called Elliptic Curve Digital Signature Algorithm (ECDSA), which was originally implemented by Satoshi Nakamoto.

Simply put, the main problem with ECDSA is that every signature related to a transaction is included individually (e.g., if there are 15 signatures in a transfer, all 15 are included one by one).

Doing so increases the sizes of multisig and other complex transaction types. And, due to the growth in size, the more signatures a transfer includes, the more expensive it becomes.

Furthermore, since these complex transactions are later processed into blocks by miners and recorded on the blockchain, they slow down the network and reduce its efficiency due to the increased data usage.

Most importantly, as multiple signatures are added one by one in a transaction, it’s easy for network participants – which can include anyone from blockchain analysts and standard users to malicious parties – to spot multisig transactions, smart contracts, and other complex transfers.

For example, this presents a significant issue for coin mixers like CoinJoin that allow users to achieve higher levels of privacy when transferring BTC.

However, due to the ECDSA algorithm, CoinJoin transactions show differently on the blockchain than standard ones, which offers the ability for analysts to identify them, rendering most of the privacy features of such transfers unusable.

Combining this with the downsides of P2SH makes it easy to identify multisig transactions and learn the conditions of spending the funds along with potential details about the sender.


Named after the prominent German mathematician and cryptographer Claus P. Schnorr who laid its foundation, Schnorr is a digital signature algorithm that utilizes linear math to aggregate signatures.

In other terms, unlike the ones with the ECDSA algorithm, Schnorr digital signatures are linear.

As a result, all the signatures and their correspondent public keys can be aggregated into a single threshold signature and threshold public key.

For that reason, only a single public key and a signature have to be included for a multisig transaction (instead of several), which makes them cheaper and more efficient in terms of data storage than with ECDSA. Due to the decreased load on the Bitcoin blockchain, it will be able to process more transactions per second.

Most importantly, Schnorr’s aggregated signatures and public keys look exactly the same as standard ones, which makes multisig transactions in the Bitcoin network indistinguishable from others, increasing users’ privacy.

On top of all this, the Schnorr algorithm allows developers to access more functionality in terms of transactions.


With Schnorr, signatures and their correspondent public keys can be combined in a way that multisig and other complex transactions show on the Bitcoin blockchain like regular ones.

Leveraging Schnorr, Taproot is based on the Merkelized Abstract Syntax Tree (MAST) to take things a bit further in terms of privacy. Simply put, in the case of a multisig transaction, MAST only reveals the condition that has been met after spending BTC.

Like other MAST-based structures, Taproot includes a condition called the cooperative close where all participants agree on the outcome to sign a multisig transaction together and proceed with the settlement.

When the cooperative close condition is met, all participants combine their public keys and digital signatures. After that, with the help of a script that modifies the threshold key and signature, they spend the coins together.

In such a case, thanks to Taproot and Schnorr, the multisig transaction will look like a regular one without revealing any of the conditions or the script itself.

But what happens when an alternative condition is met (when participants fail to cooperate with each other)?

In that scenario, the non-modified threshold public key and the script that tweaked it are revealed on the blockchain, serving as proof that the coins included in the transaction can be spent if one of the alternative conditions is met.

That said, during normal circumstances when all participants cooperate, Taproot can completely hide the complex elements of transactions and disguise them as regulars.

Taproot: Bitcoin’s Most Important Upgrade Since SegWit

Taproot is clearly the most important and anticipated network upgrade since SegWit was introduced in August 2017.

And for an excellent reason.

Just like SegWit, Taproot makes data storage on the blockchain more efficient by batching numerous signatures into a single one by replacing the current ECDSA algorithm with Schnorr.

While this allows complex transactions – such as multisig transfers, (layer-two) Lightning network operations, timelocks, and smart contracts – to cost less, it also enables Bitcoin to improve its scalability and throughput.

Furthermore, as Taproot hides the conditions to spend coins while making complex transactions indistinguishable from others, it enhances the privacy of network participants.

Although, it must be noted that, since the BTC addresses of senders and recipients can still be audited publicly, Taproot won’t make Bitcoin transactions anonymous. Instead, it will increase privacy within the network to a certain degree.

While Bitcoin rarely rolls out major upgrades as it needs to ensure maximum stability for its network, many experiments are going on in the decentralized finance space, from which a small part of them will likely fail.

However, the best ones – that have gone through numerous tests and trials – might become full-fledged BTC features or at least essential parts of Bitcoin’s further layering over time.

Choose a language