Funny Name or Not, Schnorr Is a Big Deal for Bitcoin

fake-nose-glasses-e1518210370204
12 February 2018

“To the moon!”

While this cryptocurrency rallying cry is typically used as the price of a coin starts a climb, this time the slogan’s being used to demonstrate excitement over the progress that’s being made on a long-anticipated bitcoin code optimization.

Called Schnorr signatures, the technology looks to replace bitcoin’s existing signature scheme with one that mashes signature data together. The concept is so attractive partly because it clears up space in the blockchain, which should help resolve both the transaction backlog and high fees bitcoin users sometimes need to deal with.

According to developers working on the technology, the change would lead to an estimated 25 percent to 30 percent boost in bitcoin’s transaction capacity.

Yannick Seurin, a cryptographer at French cybersecurity agency ANSSI, who’s been working on the cryptography behind Schnorr, told CoinDesk:

“Schnorr signatures and the applications they enable generate high hopes. As evidenced by the recent scaling debate, any efficiency improvement is highly beneficial to bitcoin.”

Indeed, the bitcoin community has united around several technologies to make bitcoin more efficient, and as such, cheaper, faster and easier to use for payments. Schnorr is just one of many, joining FIBRE network, peer-to-peer optimizations, and, the most ambitious of all, the upcoming Lightning Network.

But Schnorr has recently become the focus of some of bitcoin’s most renowned developers.

This is not only due to Segregated Witness (SegWit) being activated on bitcoin finally (a technology Schnorr relies on) but also the other benefits Schnorr signatures offer, like improving privacy on certain types of transactions and reducing spam known to clog up the network.

Jonas Nick, for example, told CoinDesk he’s interested in the privacy advantages, no surprise for the Blockstream infrastructure security engineer. Yet, he’s also enticed by how it could work hand in hand with other code changes to unlock more advanced bitcoin use cases.

“I’m particularly excited to work towards the goal where smart contracts look like normal payments on chain. Schnorr signatures play a crucial role there, along with MAST, Taproot and Graftroot,” Nick said, referring to a number of changes geared towards enhancing bitcoin’s smart contracts.

Subtle attacks

This excitement over Schnorr has been a long-time coming – the technology has been in development since 2012.

While that might seem curious to some, for those close to the technology, these delays won’t be surprising. Firstly, there aren’t many developers that know bitcoin and cryptography well enough to help with a change such as Schnorr.

And secondly, since Schnorr would be a big change to the over $100 billion dollar bitcoin network, the technology needs extensive peer review and testing.

Both definitely slowed Schnorr’s progress.

According to celebrated bitcoin contributor and Blockstream co-founder Pieter Wuille, during a talk at Stanford, Schnorr has dealt with several “non-obvious challenges” over the years.

For instance, last year Wuille and other developers found a “rogue attack” in their Schnorr implementation, leading them to submit a paper outlining a possible fix. But, the academic board the paper was submitted to, flatly rejected it, pointing to a better paper – albeit unrelated to bitcoin – that already addressed the attack vector in a more secure way.

And this is how ANSSI cryptographer Seurin become involved with the bitcoin developers.

“I noticed that the specific signature aggregation scheme they were thinking of didn’t have a proper security analysis at the time,” he said. “As provable security is my specific research area, and I previously worked on Schnorr signatures, I contacted Pieter Wuille.”

Wuille then sent Seurin the paper, and together with Bitcoin Core contributor Gregory Maxwell and Blockstream mathematician Andrew Poelstra, wrote a more secure construction.

And while that construction helped, another problem appeared a bit later.

Another attack vector was found by Blockstream engineer Russell O’Connor (Wuille dubbed it “Russell’s attack”), which would allow users to steal bitcoin that was transacted with the signature theme.

During the presentation, Wuille said:

“So something to learn about this, at least for myself, is that attack models in multi-party schemes can be very subtle. This was not at all obvious.”

Process and politics

Those attack vectors are resolved, but work on the technology continues.

Several Bitcoin Improvement Proposals (BIPs) are in the works, Wuille told the audience at the talk. And once those are finished, it’ll provide blueprints for how the new signature scheme works and how exactly it would be added to bitcoin. Plus other bitcoin contributors will then have a chance to review and propose changes to the implementations.

Not to mention, a code implementation is long in the making, which Nick said have been fuzz testing for quite some time. Fuzz testing refers to the act of throwing random data at a piece of code and checking whether the output always comes back correct.

“Since you do that many hundreds of times per second on many cores for an extended period of time, [fuzz testing] has historically a good track record of finding subtle bugs,” Nick told CoinDesk, adding:

“We haven’t found an issue … yet strengthening our confidence in the implementation.”

If that remains the case, Schnorr code shouldn’t take so long, according to Wuille.

In his talk, Wuille said, “Ignoring politics, it’s not so hard to add an opcode by way of SegWit’s script versioning.”

Yet, as the controversy surrounding the activation of SegWit displayed, politics might be a hard thing to ignore.

Either way, the code change has seen a lot of attention recently, developers have been writing explainer blog posts and a number of people have been chatting about it on Reddit.

But, with billions of dollars on the line, if an upgrade messes up the way bitcoin works (case in point, the attack vectors mentioned above), the majority of stakeholders might be hesitant about adding to the code quickly.

Bitcoin Core contributor Nicolas Dorier, for one, estimates that it could still take a couple years to get Schnorr added to bitcoin.

And even Wuille, during the presentation, conceded this timeline may be necessary.

He concluded:

“I would like to see what we’ve been working on here merged into bitcoin, but that’s a lengthy process.”

Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Blockstream.

Funny glasses via Shutterstock