mirror of
https://github.com/bitcoinbook/bitcoinbook
synced 2024-12-23 15:18:11 +00:00
23 lines
2.0 KiB
Plaintext
23 lines
2.0 KiB
Plaintext
[[schnorr]]
|
|
=== Schnorr Signatures
|
|
|
|
https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
|
|
|
|
A _Schnorr signature_ is a digital signature scheme for elliptic curves named after the inventor of the algorithm Claus Schnorr. Schnorr signatures were proposed in 1989 and subsequently held under patent by Claus Schnorr until 2008, which coincided with the year of Bitcoin's invention.
|
|
|
|
Bitcoin was originally designed to use the Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm. Schnorr signatures are an _alternative_ signature scheme to ECDSA. Schnorr signatures were introduced in Bitcoin in 2021, as part of a _soft fork_ upgrade package called "Taproot". The Bitcoin implementation of Schnorr signatures is specified in BIP-340 found at https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki (see <<BIP-340>>).
|
|
|
|
Schnorr signatures offer several advantages compared to ECDSA signatures, including _provable security_, _key aggregation_, _batch verification_, and _space efficiency_. These advantages lead to increased privacy and capacity for Bitcoin, when Schnorr signatures are used instead of ECDSA signatures.
|
|
|
|
[[why_ecdsa_over_schnorr]]
|
|
.Why did Satoshi use ECDSA instead of Schnorr?
|
|
****
|
|
If Schnorr signatures are superior to ECDSA signatures, why did Satoshi use ECDSA?
|
|
|
|
In 2008, the patent on Schnorr signatures expired, meaning that Satoshi could have used Schnorr signatures in Bitcoin instead of ECDSA. Given the many advantages, we must wonder why Satoshi didn't use Schnorr signatures.
|
|
|
|
While we don't have a definitive answer, the commonly accepted reasoning is that in 2008 ECDSA signatures were standardized, well tested and implemented in several broadly used cryptographic libraries (e.g. OpenSSL). In contrast, Schnorr signatures were not standardized or as well studied, probably because the patent prevented them from being broadly used without paying for a license.
|
|
|
|
BIP-340 is the culmination of a multi-year research, standardization, and development effort to bring Schnorr signatures to Bitcoin.
|
|
****
|