Linearity & Signature Aggregation
Linearity & Signature Aggregation
The most revolutionary feature of Schnorr signatures is their Linearity. This property allows multiple signers to cooperate to create a single signature that looks like it came from a single person.
1. The Math of Addition
In Schnorr, if you have two private keys ($d_1, d_2$) and you add them together ($d_{sum} = d_1 + d_2$), the resulting signature for the sum of the public keys is simply the sum of the individual signatures.
$$Signature_1 + Signature_2 = Signature_{combined}$$
2. Multi-Signature Privacy (MuSig)
In older Multisig (e.g., 2-of-2 P2SH), the blockchain shows:
-
The first signature.
-
The second signature.
-
The script that lists all the involved public keys. This is heavy (lots of data) and revealing (the world knows it was a multisig).
With Schnorr and MuSig:
-
The two parties collaborate off-chain to create one joint Public Key.
-
They collaborate to create one joint Signature.
-
On-Chain Result: The transaction looks exactly like a standard, single-signature payment.
-
Privacy: No one knows it was a multisig.
-
Scalability: A 100-of-100 multisig takes the same space as a 1-of-1.
3. Cross-Input Aggregation (Future)
Linearity also allows for "Cross-Input Aggregation." Imagine you are sending a transaction with 10 different inputs (UTXOs).
-
Currently: You need 10 different signatures.
-
With Schnorr Aggregation: You could combine all 10 into one single signature for the whole transaction. This would reduce the weight of complex transactions by 30% to 50%, significantly lowering fees.
4. Key Tweaking
Linearity allows a public key to be "Tweaked" by adding a hash to it. This is the foundation of Taproot. $$P_{taproot} = P_{internal} + Hash(P_{internal}, script) \times G$$ This allows an address to behave like a normal key, while hiding a secret script "inside" it.
| Benefit | Impact |
|---|---|
| Privacy | Complex scripts look like simple keys. |
| Space | Multisig weight is reduced to zero. |
| Fees | Massive savings for power users and institutions. |
In the next section, we will discuss Batch Verification.
TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation: