Why Every Bitcoin Fan Should be Excited About Schnorr Signatures

If you’re keeping a finger on the pulse of Bitcoin development, you’ve probably already heard about Schnorr signatures.

The technology looks to replace bitcoin’s existing signature scheme with one that mashes signature data together. The concept is so attractive partly because it clears up space in the blockchain, which should help resolve both the transaction backlog and high fees bitcoin users sometimes need to deal with.

Schnorr, named after its inventor Claus-Peter Schnorr, is a signature scheme: the series of mathematical rules that link the private key, public key and signature together. Many cryptographers consider Schnorr signatures the best in the field, as they offer a strong level of correctness, do not suffer from malleability, are relatively fast to verify, and ‒ importantly ‒ support multisignature: several signatures can be aggregated into a single, new signature.

However, before SegWit implementation, it has not been possible to utilize Schnorr in Bitcoin.

Valid Bitcoin transactions require signatures. These signatures occupy critical block space. This situation deteriorates when multiple addresses are involved in a transaction because each address needs its own signature. As a result, transaction size requirements increases, which in turn pushes transaction fees higher. Schnorr is a BIP introduced with the intention of solving this issue.


Who Proposed This Improvement?

Four Bitcoin developers have released a paper outlining how Schnorr multi-signatures (‘multisig’) can help scale the Bitcoin Blockchain.

How Are Transactions Signed Now?

Bitcoin signatures are created using the Elliptic Curve Digital Signing Algorithm (ECDSA). Schnorr signatures are another form of digital signatures.

ECDSA signatures, vary a bit in size, but most come in at a length of 71–73 bytes, with a maximum of 75 bytes and a theoretical minimum of 8 bytes. [h/t Greg Maxwell]

The signatures are based on the same security assumptions as ECDSA and are compatible with the elliptic curve Bitcoin already uses (secp256k1). This means that Schnorr signatures can be created with the same private keys and are compatible with currently used key derivation schemes.

Schnorr signatures are more efficient and compact than ECDSA signatures. The maximum length of each signature is 64 bytes. [via Harding]

SegWit Opened The Door For Schnorr

With Segregated Witness, all signature data is moved to a separate part of the transaction: the witness, which is not embedded in the “old” Bitcoin protocol. And thanks to script versioning, almost any rule applied in the witness can be changed through a soft fork. Including the type of signature scheme used.



Trade while you sleep with two of the cryptocurrency bots on the market - Cryptohopper or Tradesanta.

Major Benefits of Schnorr Signatures

Capacity and Smaller Fees

With Schnorr, all inputs will instead require only one combined signature to represent all these different signatures. This offers an obvious data advantage, as only one signature must be included in a transaction, only one must be transmitted over the network, and only one must be included in a block. This means there’s more room for transactions.

This also means the transaction size will be small compared to combining all individual transactions. As a side effect, a smaller transaction fee is achieved.


Another major benefit of Schnorr signatures, is increased privacy as to how you are securing your bitcoins.

Some users intentionally use multiple signatures to send transactions, as this is a way to increase security. You can require multiple people or devices to send a transaction for example, which is commonly known as MultiSig.

In MultiSig, transaction inputs will only require one signature to represent all individual signatures, which is a “convenience” and data improvement.

Combined with the CoinJoin protocol, Schnorr signatures allow users to combine their transactions and signatures at the same time.

Status and Timeline

In an article for Coindesk, Bitcoin Core contributor Nicolas Dorier estimated it would take several years for Schnorr signatures to be implemented.

In a January 2018 talk at Stanford, Bitcoin core developer Pieter Wuille said that several Bitcoin Improvement Protocols (BIPs) are being worked on, and that it would be “a lengthy process” before they wre implemented. Schnorr signatures can be implemented with a soft fork due to upgrades made in SegWit, but it bears keeping in mind that they have been under development since 2012.


Schnorr’s signature aggregation would be a significant improvement to the Bitcoin protocol, and would provide a reduction in transaction sizes anywhere from 19% for single input transactions, up to 40% when applied to multisig, multi-input, and multi-output transactions.



Bitcoinmagazine, HackerNoon, Sam Wouters


We will be happy to hear your thoughts

      Leave a reply

      Enable registration in settings - general
      Shopping cart