With Bitcoin's long-awaited Taproot upgrade on the horizon, Blockstream engineers are working on a new scheme to improve multi-signature transactions.
These transactions, which require signatures from more than one private key to authorize spending, will benefit from Taproot. This upgrade implements Schnorr signatures into the Bitcoin codebase, a cryptographic signature scheme that will simplify the creation and execution of smart contracts on the network.
In a blog post after Election Day, Blockstream engineers Jonas Nick and Tim Ruffing introduced a new multi-signature design that reduces the technical complexity of multi-signature transactions in a way that preserves privacy.
Nick and Ruffing, along with Yannick Seurin, a member of the French National Security Agency, have published a cryptographic e-journal on this MuSig2 design, which is currently under peer review.
Non-interactive signing
MuSig2 combines the strengths of the two leading multisignature designs without compromising.
For example, Bitcoin's oldest multi-sig trick, the "CHECKMULTISIG" opcode, requires less communication from the signers of a multi-sig transaction, but is less private than the MuSig1 multi-signature scheme, which improves user privacy at the cost of additional steps in the signing process.
Specifically, MuSig1 requires parties to a multi-signature transaction to communicate with each other in multiple rounds to approve a transaction.
MuSig2 would retain all of the privacy guarantees of MuSig1, but would only require two rounds of communication between signers in order to approve a transaction (e.g.: Alice creates a 2-of-3 multi-signature transaction, which she sends to Bob for approval; Bob signs the transaction, sends it back to Alice, and the transaction is approved).
"MuSig2 provides the same functionality and security as MuSig1, but allows almost all interactions between signers to be eliminated. With MuSig2, signers need only two rounds of communication to create a signature and, most importantly, one of those rounds can be pre-processed before signers know the message they are about to sign," the blog post explains.
In addition to improving general multi-signature wallets, MuSig2 could benefit data protection on the Lightning Network and improve so-called threshold signatures, which are often used by exchanges and custodians to hold funds.
If Taproot is adopted in the coming months, Blockstream will replace the MuSig1 standard with MuSig2 in a code library for Schnorr signature schemes. The paper also suggests that Blockstream's liquid sidechain could run the Taproot code early to test the multi-signature scheme before it is ready for use on the Bitcoin mainnet.