How Taproot will benefit hardware wallets
The latest Bitcoin upgrade - Taproot - will change how Bitcoin works, for the better. It improves how transactions are signed, removes unnecessary information such as whether any smart contracts were involved, and reduces the overall amount of data needed to send a transaction. This has positive implications for privacy, and will allow a greater number of complex transactions to fit into one block, increasing network efficiency.
While Taproot is backwards-compatible, meaning users needn’t do anything to start using it, miners need to commit to a software upgrade. Signalling for Taproot began last weekend, with six mining pools so far indicating readiness for the upgrade, where SegWit will advance from version 0 to version 1.
Although many are looking forward to the theorized privacy and scalability improvements, some fear it will unfold in the same sluggish way as the first implementation of SegWit, which only passed the 50% adoption mark two years after being first activated.
The goal of this article is not to simply weigh the benefits versus drawbacks of Taproot. Many such blogs have already covered the main arguments in detail, such as this approachable piece from SlushPool operators Braiins. Instead, we will consider what it means for hardware wallets, and what you can expect to see if Taproot is triggered in November.
Taproot caters to Bitcoin’s conservatism
Like it or not, one of the governing rules of the Bitcoin network is that block size is limited. This means that only around 3000 transactions can usually fit into a block, resulting in an effective transaction throughput of around five transactions per second. Objectively, this may seem rather low, but there are many reasons why it is a pretty good trade-off over centralized alternatives:
- Transactions are settled within that time, unlike a debit card transaction which needs to be approved by a third party,
- Improvements such as the lightning network can compress thousands of transactions into one on-chain transaction.
- Those transactions can not be cancelled, reversed or intercepted by anyone.
Increasing the block size, as some Bitcoin critics have proposed, is a naïve and reckless way to increase throughput. The conservative nature of Bitcoin has instead led to developers devising other, more elegant ways to make transactions take less space, through clever cryptography. By maintaining Bitcoin’s smaller block size, this has indirectly enabled greater decentralization.
The average user who wishes to run a node of their own can currently do so using cheap, accessible technology such as a Raspberry Pi and a hard drive, or simply reach for an old laptop and download a copy of the blockchain. This allows almost anyone to help verify transactions and keep the blockchain secure from anywhere in the world, without needing to purchase new hardware, constantly increase their storage capacity, or rely on centralized services such as exchanges to synchronize and validate the blockchain on their behalf.
While increasing block size would soon make it prohibitively expensive to run a node as an individual, Taproot introduces a new signature scheme, Schnorr signatures, to instead reduce the size of transactions beyond what SegWit v0 has managed, allowing a greater amount of transactions per block. This achieves the equivalent of increasing the block size, without raising the bandwidth needed to synchronize a node or inflating the cost of storage, ensuring that participating in Bitcoin’s governance remains affordable for the average user.
How will Taproot improve hardware wallet performance?
For hardware wallets, Taproot promises to be more efficient in terms of the time taken to send a transaction, with savings increasing in cases where the average number of inputs and outputs of previous transactions is high. This is thanks to the fact that with Taproot, the wallet no longer needs to send the often extensive history of transactions which preceded the one being spent.
For a transaction of just one input and two outputs, using Taproot would save approximately 50% of the time compared to a SegWit version 0 transaction. That’s a pretty good number, but realistically will hardly be noticeable. But as the number of inputs increases, so does the amount of time saved: at 100 inputs (but still just two outputs) the time to send a transaction can be reduced by as much as 90%.
When it comes to more complex transactions with large histories consisting of many inputs and outputs, such as CoinJoined transactions, the savings are immense. Assuming 100 CoinJoin participants the savings could result in signing times dozens of times faster than the current SegWit. With Trezor’s plans to introduce CoinJoin later this year, Taproot should make it much quicker and easier to use these privacy-restoring transactions.
Benefits for multisignature, lightning and smart contracts
As Bitcoin users have diversified into using different address types with their wallets, or second-layer solutions such as the lightning network and other types of smart contracts, it has become much easier to single out the activity of particular wallets, and therefore compromise their privacy. Schnorr signatures replace the need to present the script of the smart contract, making all transactions look the same, boosting privacy.
Many enterprises are now using multisignature setups to manage their funds, and many individuals use the lightning network to reduce on-chain fees, so Taproot is a much-needed solution that will allow them to complete on-chain transactions without revealing other participants or the fact that they used a smart contract at all.
With regards to performance, in Jameson Lopp’s test of hardware wallet multisignature signing, Trezor performed respectably even under more extreme configurations. But as the number of signers increase, the time to sign eventually becomes unworkable. Thanks to Schnorr signatures, this will no longer be the case, as the need to stream previous transactions is eliminated. Following Taproot’s activation, even the most complex multisignature scheme can be signed within minutes, if not seconds.
Patching the fee exploit with Taproot
As an added benefit, Taproot fixes a longstanding problem arising from a theoretical attack vector related to fees, detailed in this firmware update blog. The way that fees are currently handled in SegWit and P2SH transactions means that there is actually no explicit metadata field that states the fee size; it is instead inferred from transaction data.
This opens up an exploit in which an attacker could trick a user into spending an abnormally large amount on fees during a seemingly innocuous transaction, without realizing they are doing so. Of course, your Trezor will always show the fee accurately thanks to robust methods of calculation, but with Taproot all the input amounts are explicitly included in the signed data, which isn’t the case now, protecting users who might be using a wallet with a less reliable fee algorithm, since if an attacker tries to lie to the wallet about the input amounts, then the wallet will generate a signature that won’t be accepted by the network.
Taproot is the right decision for sustainable network growth
The benefits of Taproot are enormous from an engineering standpoint. More efficient and quicker transactions will make the network more accessible and therefore more secure, while closing up a fee exploit and also increasing privacy. The potential drawback, that Taproot transactions will be another way to single out network participants, only come into effect if adoption is slow. Given the incredible support Taproot has seen on social media, this should not be the case.
As long as Taproot is used — and the incentives for doing so are huge — categorizing individual addresses becomes much more difficult. For now, users are waiting for mining pools to lead the way and signal their support ahead of the November activation. Large pools will need to put their users first in this case. Their reputation may suffer if they do not, but ultimately a user-activated soft fork may undermine their influence and the upgrade could be activated even without their participation.
Taproot is the logical next step for the industry and Trezor supports it wholeheartedly. Hardware wallets will become even more efficient and users will have more options when it comes to their security and privacy. As the use of Bitcoin becomes more widespread, the Taproot upgrade will be key to scaling the network to a global audience who expect a seamless experience, and Trezor will be ready to deliver.
