Prove you have bitcoins without revealing where, with Taproot

A method still under development allows to demonstrate the possession of bitcoins without revealing the address where the coins are stored, taking advantage of the technology that will be included in the Bitcoin protocol, Taproot.

In his mailing list, editor Marty Bent commented on how the Taproot scalability solution, plus the integration of a cryptographic ring signature scheme, allows a Proof of Possession to be carried out on a certain amount of bitcoins, without revealing their location.

The proof of concept was deployed on SigNet, a new testnet that was added to the Bitcoin Core client last year. The experienced developer Jonas nick, who currently works for Blockstream, published its results last December, proving possession over a Taproot outlet (coins), without giving details of its route or address on the blockchain.

The code of the proof of concept was added to GitHub by the developer, who there details the implementation of ring signatures to a set of outputs (UTXO) type Taproot.

Ring signatures are a unique signature generated from the public keys and secret keys of the participants in a transaction. In this proof of concept, the “participants” of the transaction would be the owners of the inputs and outputs that are part of the operation and from which a ring signature will be extracted.

In this development, which also integrates Taproot, the Borromean Rings signatures are used, according to the libsecp256k1-zkp implementation for this type of cryptographic signatures in Bitcoin.

Ring firms were created in 2001 with applications in the preservation of anonymity, currently used for example in cryptocurrencies such as Monero.

Bent, noted that this implementation it would be of great help to protect the privacy of Bitcoin users when performing transactions in the chain (on-chain). He also indicated that it would allow proof of possession or ownership in those side or alternate chains that use bitcoin as collateral.

Satoshi Nakamoto and a general proposal for Bitcoin privacy

Bent comments in his post that Satoshi Nakamoto proposed a similar scheme to ring firms to “obfuscate” Bitcoin addresses as far back as 2010 on the BitcoinTalk forum.

What we need is a way to generate shielded variations of a public key. The shielded variable would have the same base properties as a public signature, so the private key can generate a signature from any of the available public keys. Others would have no way of knowing that the armored key is part of the root key, or if other armored keys exist from that same root key.

Satoshi Nakamoto, creator of Bitcoin.

Proving possession of funds without disclosing their location is applicable to Bitcoin and its side chains. Source: David Shares /

In the same comment thread, it can be seen that Satoshi considered ideal that certain information remained on the user side and not the client, such as the value and the inputs and outputs of a transaction.

“The fact that clients (nodes) have to maintain the complete history reduces the privacy benefits. Someone who handles large amounts of money can see the full transaction history, “he wrote.

For its part, Bent also stressed that, although it is a proof of concept, implementable only in the test network, it could be a matter of time before the proposal is developed and can be integrated into the main network.

It remains to define the activation method of Taproot, a soft fork that has already been accepted by the miners of the network. The adoption of Taproot will bring greater privacy to Bitcoin, as the use of this implementation is spread among users and service providers, according to CriptoNoticias.