Blockstream and bitcoin core developer Pieter Wuille introduced the concept of tree signatures to create a more efficient multi-sig method with enhanced privacy. Tree signatures can be coded only in the extended Alpha scripting language and can implement M-of-N multi-sig transactions more efficiently than bitcoin scripting, as it requires more than one keyholder to participate.
With tree signatures, only the keys actually used for signing are exposed to the public. For instance, in a 1-of-N multisig policy, only one key is revealed on spending and the other keys stay hidden.
Bitcoin and Tree Signatures
“Merkle tree keys support very large 1-of-N. Schnorr signatures support very large M-of-M. This means that if we can write our spending conditions as a 1-of-(N possible M-of-M’s), we can build a Merkle tree consisting of Schnorr combined public keys,” Wuille explained.
Wuille gave more details on this enhanced multi-sig approach in his talk titled “Key Tree Signatures: A Mechanism for Very Large, Compact, Efficient Multisig” at the SF Bitcoin Devs Group.
“In our first sidechain, Elements Alpha, we introduced several improvements to the cryptography and scripting abilities of bitcoin,” the abstract indicated. “In this talk, I will discuss how some of these features can be used to build an improved multisig construction that is more efficient, compact, and flexible.”
According to Wuille’s presentation slides, tree signatures would require the use of a Merkle tree where each leaf is a public key, which is then the Schnorr sum of combination keys. This could enhance accountability, composability, efficiency, usability, and privacy.
Prior to this, Blockstream already launched its bitcoin sidechain through the Elements Alpha project. This also included Sidechain Elements, which is a sidechain development framework with open source code for developers. Blockstream is a group of renowned cryptography experts, including some bitcoin core developers seeking to enhance the security of the network.