It's Monday and since I have nothing else to do in life and also because taproot🟩 will probably be implemented, I broke my head for several hours understanding Schnorr Signatures, here's a thread explaining what it is: #Bitcoin
👇👇👇
1/ Before getting into what Schnorr signatures, lets first understand what a signature is, when you sign a piece of paper or a check it implies that you're proving the authenticity of intent to: for example, transferring money or settling a divorce with your wife.
2/ We try and make our signatures as hard and shit looking as possible so that people don't copy it. In the world of digital signatures, they are mathematical proof of “knowledge of a number”.
3/ So if you have to prove a signature belongs to you, you should have possession of a number, if you have the number you can recreate the signature. (just like on the check, if you can draw it, its yours)
In the world of cryptography, this number is called the "Private Key"
4/ Your private keys let you create a signature that proves your intent to spend your #Bitcoin .
"Not your key, not your coins." Does that ring a bell?
5/ There are several signature algorithms available and #Bitcoin uses something called ECDSA (Elliptic Curve Digital Signature Algorithm). Don't ask me why, Satoshi decided to use that one. It's probably the best he had available at the time.
6/ He could have used Schnorr signatures back then but the creater of Schnorr signatures, his name is Schnorr (duh!) decided to patent it for no fucking reason and its patent only expired in 2008 so Satoshi probably went with ECDSA.
7/ Anyway going back to ECDSA, there are several elliptical curves, #Bitcoin uses the one called "secp256k1", again I have no idea why Satoshi used this one. It looks like someone's butt on a graph. Every curve has an equation and for our butt, it is this: y² = x³+7
8/ Alright I won't get into calculations, if you want to understand more about elliptical curves cryptography, here's a link:
hackernoon.com/what-is-the-ma…
9/ After all the crap that happens in the background using that elliptical curve equation, a public key is derived from your private key.
P = k * G
P = public key.
k = private key
G = generator point (you get from the curve)
10/But using that little formula above, can I not do k = P/G which is deriving the private key from the public key, like someone getting your password from your email address. No it's not possible, its called "Discrete Log Problem" in math. Video below:
11/A digital signature is a mathematical proof of possession of a private key "k" without showing the world the actual key. Kinda like when you type a password, you only see **** but the your mom next to you knows that you know the password.
12/A signature consists of two numbers (r,s). Together with the public key P , anyone can verify that “the signature was created by someone who posses the private key k corresponding to this public key P". And the process of verification does not reveal the private key itself.
13/ Alright now we hopefully know how ECDSA works but why does taproot🟩soft fork intends to change this to Schnorr, there has to be something wrong with ECDSA.
14/ There are two problems with ECDSA:
1. Malleable: A third party without access to the private key though extremely unlikely can alter an existing valid signature and double-spend funds.
2. Non-Linear: Does not natively support multisig.
15/ #Bitcoin uses multi-sig via smart contracts right now called Pay-to-ScriptHash (P2SH).
16/ So Schnorr signature solves these 2 problems, it is non-malleable, that means #Bitcoin network becomes more secure.
It natively supports multisig because it has a unique property where multiple parties can combine their public keys into one single key called key aggregation.
17/ Why is this important? P2SH has a problem where it needs to know the public keys of all participants in a multisig. If we use Schnorr, since it's only 1 key (aggregated), implies less footprint on the blockchain and lower transaction cost.
18/ 2nd issue with P2SH is, it offers very little privacy. For whatever reason all P2SH transaction addresses start with a 3 so everyone knows when a multisig transaction occurs.
19/ If we use Schnorr, key aggregation makes it so that multisigs can become indistinguishable from regular transactions
20/ That's it, at least that is all I know about Schnorr. Hopefully I didn't bore you with this thread. Here are some good links to check out:
medium.com/bitbees/what-t…

medium.com/digitalassetre…
Cheers!
Stack #sats, have a great week ahead. #Bitcoin
Forgot to give credits to people.
Learnt a lot on the internet from @RajarshiMaitra @LucasNuzzi and @mobilefish

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Nitesh Chowdhary 🟩

Nitesh Chowdhary 🟩 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(