Wednesday, August 26, 2015

Blockstream’s Pieter Wuille Proposes Tree Signatures for Improved and Flexible Multisig Bitcoin Transactions

sfdev-pwuille2

In June, Bitcoin Magazine reported that Blockstream launched Sidechain Elements, a sidechain development framework with open source code, including an experimental sidechain for developers dubbed Elements Alpha. Now, in the first technical post to appear on the Blockstream blog after the announcement of Sidechain Elements, Blockstream and Bitcoin Core developer Pieter Wuille proposes the intriguing concept of Tree Signatures, an efficient multisig method with enhanced privacy.

Blockstream was formed by renowned cryptography experts, including some Bitcoin Core developers, to accelerate innovation in digital currencies and implement the sidechain concept described in the paper “Enabling Blockchain Innovations with Pegged Sidechains,” released in October. In November, Blockstream closed a $21 million seed funding round with nearly 40 high-profile investors.

Tree signatures, which can be coded only in the extended Alpha scripting language, can implement M-of-N multisig transactions (which required more than one keyholder to participate) more efficiently than Bitcoin scripting. Wuille shows how to combine Merkle trees and Schnorr signatures to implement large M-of-N multisig schemes:

“Merkle tree keys support very large 1-of-N. Schnorr signatures support very large M-of-M. This means that if we can write our spending conditions as a 1-of-(N possible M-of-M’s), we can build a Merkle tree consisting of Schnorr combined public keys.”

An interesting feature of the new multisig scheme is that only the keys actually used for signing are exposed to the public. For example, in a 1-of-N multisig policy, only one key is revealed on spending and the other keys stay hidden.

Wuille gave a talk titled “Key Tree Signatures: A Mechanism for Very Large, Compact, Efficient Multisig” at the SF Bitcoin Devs Group.

“In our first sidechain, Elements Alpha, we introduced several improvements to the cryptography and scripting abilities of Bitcoin,” reads Wuille’s abstract. “In this talk, I will discuss how some of these features can be used to build an improved multisig construction that is more efficient, compact, and flexible.”

A video of the talk will soon be posted online. In the meantime, Wuille posted his presentation slides.

Sidechains are a fundamental innovation because they permit separating the codebase and functionality of a blockchain (sidechain) from its currency. A sidechain can implement all sorts of innovative changes from Bitcoin Core, while still carrying bitcoin as a currency by means of two-way pegs that permit transferring bitcoin to the sidechain and back. Therefore, sidechains permit innovating without threatening the stability of Bitcoin or having to introduce ad-hoc altcoins. Elements Alpha is the first experimental sidechain, and, hopefully, it will be followed by operational sidechains.

Sidechains could put private bitcoin transactions back and adapt to anti-privacy techniques as they are developed. One of the most interesting features in Elements Alpha is Confidential Transactions, a cryptographic tool to improve the privacy and security of bitcoin transactions by keeping the amounts transferred visible only to participants in the transaction. Richard Gendal Brown, an executive architect for banking innovation at IBM UK, who wrote a simple but excellent explanation of sidechains, is persuaded that Confidential Transactions are a good step forward.

“Confidential Transactions are a very clever application of cryptography to hide the value of transactions whilst still allowing them to be fully validated by the network,” wrote Gendal Brown. “Without features like Confidential Transactions (or related technology such as ZeroCoin or ZeroCash), [Bitcoin-like] systems may be unsuitable for those with confidentiality and privacy requirements.” He added that perhaps Confidential Transactions aren’t a full solution, but they are a good start.

It’s important to bear in mind that sidechains will be able to operate with bitcoin as a currency only after suitable hooks are implemented in Bitcoin Core, which might encounter some resistance.  A Bitcoin Improvement Proposal (BIP) to allow for bitcoin sidechains is in the works.

Photo by Denise Terry

No comments:

Post a Comment