Cointime

Download App
iOS & Android

What Do Schnorr Signatures Do for Bitcoin?

Repost from River: “What Do Schnorr Signatures Do for Bitcoin?” The full report and all related findings are available on the official website of River.

Digital Signatures

Bitcoin uses digital signatures to enable coins to be transferred on the blockchain. Digital signatures are used to prove ownership of specific coins and to authorize their transfer to a new owner.

We define an electronic coin as a chain of digital signatures. Each owner transfers the coin to the next by digitally signing a hash of the previous transaction and the public key of the next owner.– Satoshi Nakamoto explaining the UTXO model in theBitcoin Whitepaper (2008)

Currently, Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA). With the Taproot upgrade, Bitcoin will integrate Schnorr, a second type of signature scheme with several advantages.

➤ Learn more about the Taproot upgrade.

ECDSA

Since Bitcoin’s inception, ECDSA has been used to secure bitcoin. ECDSA was chosen for Bitcoin for a few reasons:

  • Open Source. ECDSA was not protected by patents or copyright, so there were no legal issues with using it for Bitcoin.
  • Well Tested. ECDSA was widely known and applied when Bitcoin was first designed, and its security was sufficiently established by years of testing.
  • OpenSSL. ECDSA was implemented in OpenSSL, an open-source cryptography library used by Bitcoin. This made implementing ECDSA for Bitcoin simpler.

However, ECDSA also has several drawbacks which Schnorr improves upon. For this reason, developers have decided that Bitcoin should implement a different signature scheme, Schnorr.

The Advantages of Schnorr Signatures

Like ECDSA, the Schnorr Digital Signature Scheme uses elliptic curve cryptography (ECC). Schnorr signatures offer several advantages over ECDSA in terms of computational efficiency, storage, and privacy.

Key and Signature Aggregation

The most significant advantage offered by Schnorr signatures is key aggregation. A typical digital signature contains a single public key, a message to be signed, and a signature, asserting that the owner of the public key signed the given message. When multiple parties want to sign the same message, such as spending from a multisig address, they must each include their public key and signature. Thus, if three parties want to sign the same message, the proof will include three public keys and three signatures. This is suboptimal for computation and storage reasons, as each node must perform signature verification, an expensive function, three times and store three sets of signatures and public keys.

Key aggregation eliminates the need for multiple public keys and signatures. Schnorr public keys and signature can be aggregated such that, if three parties want to sign a transaction, they can trustlessly combine their three public keys to form a single public key. Then, using each of their three private keys, they can sign the same message. Finally, they can combine their three signatures to form a single signature which is valid for the aggregate public key. A verifier must only verify a single signature and public key in order to be sure that all three parties signed the message.

The privacy implications of key aggregation are significant. Because multiple parties can aggregate keys and signatures, multisig transactions can perfectly resemble singlesig transactions. Thus, all Schnorr spends will resemble each other, making it impossible for chain analysis to differentiate between multisig spends and single signature spends. This will invalidate several heuristics used by chain analysis, including the common input ownership heuristic and the script type heuristic. This privacy benefit will extend to all Bitcoin users who use Schnorr, but not to those who use ECDSA transaction types.

Batch Verification

When a node receives a new block, it normally verifies every transaction and signature in that block one by one. This is a time consuming and resource intensive process.

Key aggregation allows Bitcoin nodes to verify signatures in batches. This method significantly reduces the time and compute power required to verify a transaction with many inputs.

Because Taproot is a soft fork, most Bitcoin users and wallets will continue to use ECDSA even after Schnorr is activated. Blocks will continue to have both Schnorr signatures and ECDSA signatures, limiting the benefits of batch verification in the short term.

Why Did Bitcoin Not Use Schnorr Earlier?

Schnorr Signatures have been protected by patent since their invention in 1990, heavily restricting their use and stifling innovation. Since ECDSA was open source, it was widely utilized, rigorously tested, and trustworthy. Although the Schnorr patent expired in 2008, the same year Bitcoin was invented, it was decided that Schnorr signatures lacked the popularity and testing required to secure a system as critical as Bitcoin.

Schnorr signatures will be introduced to Bitcoin through Taproot upgrade, which will hopefully be activated around 2022. Although developers have added all necessary code to Bitcoin Core, Bitcoin nodes must accept the upgrade in order to consider Schnorr signatures valid.

Key Takeaways

  • Digital signatures are used to move bitcoin on the blockchain. Bitcoin has previously used ECDSA as the digital signature algorithm to do so.
  • In the near future, Bitcoin will enable Schnorr signatures in addition to ECDSA signatures. Schnorr signatures present multiple advantages over ECDSA.
  • Schnorr will improve privacy for all Bitcoin users. Schnorr will also realize fee savings for those using Schnorr and Taproot.
Comments

All Comments

Recommended for you

  • A Total of 37,212.18 DMD Permanently Burned Over the Past 7 Days

    July 9, 2026 — According to the latest on-chain data released by DMDAO, a total of 37,212.18 DMD has been permanently burned over the past seven calendar days through the protocol's predefined trading and wealth management burn mechanisms.

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.