Reading: A New Schnorr-Based Multi-Signature Scheme Is Coming


A New Schnorr-Based Multi-Signature Scheme Is Coming

Julio Gil-Pulgar · @gil_pulgar | Jan 25, 2018 | 05:30


A New Schnorr-Based Multi-Signature Scheme Is Coming

Julio Gil-Pulgar · @gil_pulgar | Jan 25, 2018 | 05:30

Cryptocurrency enthusiasts are excitedly anticipating the full implementation of several new technologies and schemes that promise to help address Bitcoin’s scalability problem, such as Segwit, Lightning Network, and Schnorr signatures. Most recently, to enhance the Schnorr signatures algorithm, a group of researchers has introduced a simple multi-signature scheme: MuSig.

MuSig Will Reduce Transaction Signatures

Bitcoin transactions require signatures, but these signatures take up significant block space. This situation gets worse when multiple addresses are involved in a transaction because each address needs its own signature. As a result, transaction size requirements increase, which, in turn, drive transaction fees higher.

MuSig Schnorr signatures

The Schnorr signatures algorithm could help to address Bitcoin’s scalability problem because it reduces the number of signatures required in a transaction.

Indeed, Schnorr signatures could help reduce storage and bandwidth by at least 25 percent. Also, Schnorr signatures could help shield Bitcoin from certain types of spam attacks.

Now, Gregory Maxwell, Andrew Poelstra, Yannick Seurin, and Pieter Wuille have published a paper entitled “Simple Schnorr Multi-Signatures with Applications to Bitcoin.” In it, the researchers propose a new Schnorr-based multi-signature scheme, MuSig, which they define as “a protocol that allows a group of signers to produce a short, joint signature on a common message.”

MuSig provides support for key aggregation and enhances security in the plain public-key model. As a result, MuSig can greatly help to improve privacy and performance. Pieter Wuille, Ph.D., writes:

A multi-signature scheme is a combination of a signing and verification algorithm, where multiple signers (each with their own private/public key) jointly sign a single message, resulting in a single signature. This single signature can then be verified by anyone who also knows the message and the public keys of the signers.

The New Cryptographic Construction: Key Aggregation

MuSig brings a new concept, key aggregation. This scheme further reduces the number of signatures in a multi-signature scheme to one single signature. Dr. Wuille explains:

In a multi-signature scheme that supports key aggregation, the multi-signature looks like a single-key signature, but with respect to an aggregated public key that is a function of only the participants’ public keys. This means that verifiers don’t actually need to know the original participants’ public keys anymore – they can just be given the aggregated key instead.


Therefore, by implementing key aggregation, verifiers no longer need to know the original participants’ public keys. Instead, verifiers require only the aggregated key.

Bitcoin must soon solve its problems with scalability and high transaction fees. Therefore, technologies and new schemes promising to address these issues, such as Schnorr signatures with key aggregation, should, upon careful review, receive support from all crypto stakeholders to move forward.

What do you think would be the effect on Bitcoin if Schnorr signatures replace Bitcoin’s signature digital algorithm, ECDSA? Let us know in the comments below.

Images courtesy of Pixabay, Twitter/@@pwuille, and Bitcoinist archives.

Show comments