Two things I think underappreciated about Bitcoin scaling in the near future: (1) Schnorr signature aggregation is a huge deal because what's vastly more important than the size of a block is *how many signatures a full node needs to verify per second*, and aggregation reduces it dramatically, (2) sig aggregation is a non-trivial endeavour, to say the least - it's *much* harder than just implementing a Schnorr signature (which has benefits on its own, to be clear).


Is my memory correct in saying Schnorr will also aid in privacy?


Definitely, but because of what it enables: e.g. scriptless scripts, taproot, and also sig aggregation itself.

For example, even a crude implementation will mean that N of N multisig looks like any normal payment.

Scriptless scripts make for a far simpler atomic swap protocol that, again, looks like a normal payment. And this mechanism will improve the privacy of LN too.

There are other things.

@waxwing also Schnorr contributes to privacy since you can sign a whole block with one signature.


Yes I discussed the privacy implications in the thread (there are quite a few). This post was specifically thinking about scaling though.

@alonsovalencia @waxwing How would that work? (I have only basic understanding of Schnorr signatures and taproot)

@waxwing What are roughly the current stats?
How many signatures are verified per second and what's the CPU load of those? E.g. how many ms does it take to compute signature on some standard CPU?

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!