I just published "Schnorr Signatures & The Inevitability of Privacy in Bitcoin."

A look at how the activation of Schnorr-based signatures is the first step toward solving two of the biggest challenges faced by Bitcoin.

Thread 👇

link.medium.com/iUi5dSnR1U

1\ It is reasonable to assume that Bitcoin’s long-term adoption depends upon the strength of its privacy guarantees, and that the proliferation of blockchain analysis can be a threat.

2\ At the same time, the popularity of the Lightning Network and its own potential to host private payments has generated uncertainty about future demand for on-chain settlement and the security of the network when there are no more block rewards.

3\ As such, Bitcoin's privacy guarantees and its long-term sustainability without perpetual inflation are perhaps two of the most divisive issues surrounding Bitcoin today.

And while very different in nature, there's a chance they will be solved simultaneously.

4\ We now have novel privacy-preserving technologies that are evolving at a fast pace, including Confidential Transactions, Bulletproofs, zkSNARKs, zkSTARKs, and MimbleWimble.

But I don't think any of them will ever be implemented on Bitcoin.

5\ Apart from the requirement of a HF, a problem with these technologies is that they can prevent the full audibility of Bitcoin’s monetary base. In other words, when transaction values are encoded, it becomes difficult to verify whether Bitcoin’s supply cap is, in fact, 21M BTC.

6\ Similarly, inflation bugs and double spends become harder to identify, and the requirement of trusted setups for some schemes pose considerable risks.

Thus, a push for the implementation of cutting-edge privacy on Bitcoin’s base layer will likely divide its community.

7\ But what if I told you Schnorr may be the first step toward *sufficient privacy* through techniques that do not require hard-forks or otherwise compromise auditability?

8\ In this article, I describe some interesting features of Schnorr-based signatures, including key aggregation, private off-chain smart contracts and the potential for cross-input aggregation.

9\ These features will address some of the shortcomings of CoinJoin, a privacy-preserving technique where multiple senders and receivers are combined within a single transaction. CoinJoin transactions are larger in size, but with Schnorr, they will offer much better privacy.

10\ In conjunction techniques such as Pay-to-EndPoint (P2EP), Schnorr can enable the creation of new transactions types that break the heuristics widely used in blockchain analysis, and make it nearly impossible to pin point specific entities by simply looking at the blockchain.

11\ Ultimately, the long-term demand for privacy through these types of transaction directly translates into an increase in on-chain transaction fees. As such, demand for privacy can be an instrumental way to develop Bitcoin's fee market after the last bitcoin has been mined.