Introduction

Taproot is a Bitcoin upgrade. It is a soft fork, meaning nodes running Bitcoin will need to upgrade in order to take advantage of the benefits of Taproot. However, older nodes will still be compatible with Taproot transactions.

Taproot has a new address format. This technically means you will need to create a new bitcoin account to use it. Due to the “unified accounts” feature of the BitBoxApp, you don’t have to worry about this, and you can start using Taproot in your existing wallet.

The benefits of using Taproot

Taproot is an “under-the-hood” upgrade to the Bitcoin protocol. Its benefits might not be immediately obvious, but it is the foundation that will enable many new features built on top of it. Taproot mainly improves on Bitcoin’s scripting capabilities. In practical terms, this means transactions that involve Bitcoin script will have improved privacy and efficiency.

For example, when opening a lightning channel or making a multi-signature transaction, it was easy to tell the difference between these specific transactions compared to normal Bitcoin transactions such as sending coins to another wallet. With Taproot, this is no longer the case. When doing a Taproot transaction, the transaction is indistinguishable from a normal transaction. Therefore someone observing the blockchain cannot determine what kind of transaction you did, because it looks like any other Taproot transaction.

Furthermore, spending conditions can be easier implemented when using Taproot. Spending conditions let you add rules to your transactions. For example, you could create a spending condition that only lets you spend coins after a certain time in the future. Technically, you specify the block height that will be approximately around the desired time. The introduction of Merkelized Abstract Syntax Trees (MAST) is how spending conditions are improved with Taproot. With MAST, you only need to reveal the spending condition you are actively using, not all the spending conditions as well. This also improves privacy by hiding the spending conditions with a “merkelized hash” instead of the spending conditions being included in the transaction information. Putting the spending conditions in a merkelized hash also has the added benefit of decreasing the size of the overall transaction.

Diagram of a Merkelized Abstract Syntax Tree (MAST) with spending conditions. When using MAST, only spending conditions that are actively being used are revealed.

Moreover, Taproot uses a different signing algorithm called “Schnorr”. Shnorr has a variety of advantages compared to ECDSA (Elliptic Curve Digital Signature Algorithm) which is what Bitcoin transactions use for Segwit and legacy transactions. Schnorr signatures allow for multiple signatures and their corresponding keys to be aggregated into a single signature. This is what allows different types of Taproot transactions, such as making a simple transaction or opening a lightning channel, to become indistinguishable from one another. In addition, Shnorr signatures allow for simpler higher-level protocols such as atomic swaps and payment pools. Schnorr also allows for batch validation of signatures in a block, which improves the verification speed of transactions.

Disadvantages of Taproot

Although there are many advantages of Taproot, it is important to note that there are some tradeoffs as well. Firstly, for everyday transactions, Taproot can be more expensive than a Segwit transaction. This is because, in general, Taproot transactions contain more data than Segwit transactions. The more data in a transaction, the more you have to pay in fees. Technically speaking, sending to a Taproot address is more expensive but sending from a Taproot address is less expensive, but when you consider the total, it is generally more expensive than the total of sending to and from a Segwit address.

The last major Bitcoin transaction upgrade was the upgrade to Segwit transactions. With Segwit, the benefits to the user were immediately obvious: the average transaction savings for a Segwit transaction compared to a legacy one are about 45%. This is not the case with Taproot.

Moreover, cryptographic libraries like libsecp256k1 don’t support the anti-klepto protocol for Taproot yet. This protocol checks to see if your private key is being leaked through the digital signatures you make. Anti-klepto is available for the BitBox02 when making a Segwit transaction, however, it is currently not possible for Taproot transactions to have this same protection.

To learn more about the benefits of the anti-klepto protocol, read our blog about it

Taproot adoption

Taproot is still very new, which means early adopters may run into compatibility issues when trying to use it. For example, some exchanges might not support it yet, so you may not be able to receive coins from a certain exchange to a Taproot address. Furthermore, currently there is not a standard for how to create watch-only wallets for Taproot accounts. So simply importing your Taproot xPub into your preferred watch-only wallet may not work. However, as adoption of Taproot increases over time, these issues will eventually be resolved.

Using Taproot with the BitBox02

The Glärnisch update added support for Taproot to the BitBox02 and BitBoxApp. The BitBoxApp uses unified accounts, which means you don’t need to create a new account to start receiving a Taproot address. You can simply change the address type to “Taproot” during the receive screen in the BitBoxApp. Since “Taproot” is still very new and not widely supported yet, the default address format is Native Segwit.

The BitBox02 and BitBoxApp support Taproot. You can receive to a Taproot address by simply changing the address type on the receive screen.

Conclusion

The activation of Taproot signifies another milestone for Bitcoin development. It lays the foundation for scaling Bitcoin applications in a more efficient manner by reducing the amount of information required for complex bitcoin transactions, such as opening a lightning channel or a multisig transaction, while improving privacy by introducing Schnorr signatures and MAST to Bitcoin transactions.

What is Taproot?
Taproot is an upgrade to the Bitcoin network. It improves on Bitcoin’s scripting capabilities allowing for Bitcoin applications to be built more efficiently while improving on privacy. It is a soft fork, meaning nodes running Bitcoin will need to upgrade in order to take advantage of the benefits of Taproot. However, older nodes will still be compatible with Taproot transactions.

Why use Taproot?
Taproot transactions use Schnorr signatures and Merkelized Abstract Syntax Trees (MAST). These technologies improve the efficiency and privacy of Bitcoin applications such as multisig and lightning channel transactions.

What are the disadvantages of Taproot?
Although Taproot has privacy and efficient benefits when it comes to complex transactions, such as ones with spending conditions, there are some downsides. Firstly, Taproot transactions for simple transactions can be more expensive than Segwit transactions. This is because, for simple transactions, Taproot transactions contain more data than an equivalent transaction using Segwit. However for complex transactions, such as multisig transactions, Taproot can be cheaper.

Is Taproot widely supported?
Taproot is still very new, which means you may run into compatibility issues when trying to use it. Exchanges might be slow to integrate it, so you may not be able to withdraw to a Taproot address from certain exchanges yet. Moreover, there currently is not a standard for how to import Taproot xPubs into a wallet to create a watch-only wallet. So you may not be able to create a watch-only wallet for a Taproot account with your preferred wallet yet. However, as adoption increases, these issues are expected to be resolved.

How does Taproot work with the BitBox02?
The BitBox02 and BitBoxApp support Taproot. Taproot was added in the Glärnisch update. The BitBoxApp uses unified accounts, which means you don’t need to create a new account to start receiving to a Taproot address. Simply change the address type to “Taproot” when receiving in the BitBoxApp.

Don’t own a BitBox yet?

Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.

The BitBox02 also comes in Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.

Grab one in our shop!

Shift Crypto is a privately-held company based in Zurich, Switzerland. Our team of Bitcoin contributors, crypto experts, and security engineers builds products that enable customers to enjoy a stress-free journey from novice to mastery level of cryptocurrency management. The BitBox02, our second generation hardware wallet, lets users store, protect, and transact Bitcoin and other cryptocurrencies with ease - along with its software companion, the BitBoxApp.