Graftroot is an improvement designed to expand the capabilities of Taproot, a proposal that seeks to offer Bitcoin better capabilities for its programming language by enabling the creation of more powerful smart contracts.

El development of Bitcoin it does not stop, and in the midst of that dynamic, an improvement that is expected within this protocol is that of Graftroot. This improvement is based on the work that is being carried out on two already known improvements Taproot and Schnorr firms, and its objective is to make the creation of transactions and scripts more flexible to create much more elaborate blocking conditions. In this way, Bitcoin scripts using Graftroot could allow the programming of various blocking conditions that are currently not possible, all while maintaining security and improving the privacy of the system.

But how can Graftroot make all this possible? Well, this and much more we will analyze below.

Origin of Graftroot

First of all, the origin of Graftroot goes back to two very important concepts: Taproot and the Schnorr firms. These are the building blocks of the Graftroot, and without these it is impossible for it to function. To make it very clear, Taproot is an improvement that seeks to change the way in which Bitcoin scripts they can be built, run, and stored on the Bitcoin blockchain. Its main mission is to make Bitcoins Scripts more flexible so that they can improve their programming or smart contracts.

The improvement proposed by Taproot is accompanied by a new type of digital signature called Schnorr signatures. This is a type of digital signature whose purpose is to create smaller, more secure and private digital signatures than their counterparts. ECDSA, the standard used by Bitcoin today.

With that said, we can see that Taproot and Schnorr firms will greatly improve Bitcoin's capacity, and it is something we can applaud. However, this does not end there. He 5 of February 2018, the Bitcoin developer, Gregory Maxwell, sent an email to the list of Bitcoin developers publicizing their Graftroot proposal. The proposal was an improvement for Taproot that will expand its possibilities. The idea quickly caught on, especially since Taproot's designer was also Gregory Maxwell, and no one knew better than him how this improvement worked and how it could be improved.

In fact, Maxwell presented both ideas only 13 days apart, making it very clear that there was room for improvement on both ideas.

Gregory Maxwell: What is Graftroot?

Taproot suffers from a limitation and that is that only one alternative can be provided natively. Trees or waterfalls can be made from taproots, but they have less privacy and efficiency than a single level. However, under the principal root assumption, where there is a monotonous function on simple public keys and nothing else that is sufficient to authorize a transaction, we can do even better.

With Graftroot, participants establish a threshold key, optionally with an alternative taproot, just as they do with the taproot. So at any time, they can delegate their ability to sign a surrogate script by signing that script (and only the script) with their primary key, and sharing that delegation with whoever they choose. Later, when the time comes to spend the coin, if the signers are not available and the script must be used, the redeeming party does whatever it takes to satisfy the script (for example, it provides its own signature and a time lock, or whatever) and presents that information along with the signer's signature of the script.

The result is that instead of allowing a single alternative, an unlimited number of alternatives can be provided. All are executed as efficiently as a single alternative, and the number of them is hidden with no overhead. Alternatives can be provided for coins as well, without the need for them to move, the movement is only necessary to destroy the ability to use alternatives by changing keys.

The above said in a less technical and extensive way is: Grafroot allows us to introduce more programming in the scripts, improving the programming conditions and activation of the scripts, and all this without altering the protocol and enjoying the privacy advantages that Taproot and Schnorr allow us.

Certainly an elegant solution, which at the same time offers improvements that we will all appreciate and that will have a great positive impact on the usability of Bitcoin.

How does Graftroot work?

Now exactly how Graftroot works. Well, first of all, as we already discussed, Graftroot works thanks to Taproot and the Schnorr firms. These two functions are basic and necessary for proper operation. But don't worry, you can know everything you need to know if you visit our articles to Taproot y Schnorr firms, here at Bit2Me Academy.

With that said, we will proceed to give a brief example of how Graftroot works. To do this, imagine the following scenario:

Example of how Graftroot works

First of all, we have Daniela and Luis managing a multi-signature wallet. The wallet is of the 2-of-2 type, that is, the 2 signatures are needed to authorize an expenditure of the money within that wallet.

However, Daniela and Luis decided to make the way of spending more flexible under certain conditions. Thus they establish that after a year, the money in said purse can be mobilized with the signature of one of them nothing more. Thus, Daniela or Luis, after that time, can move the money thanks to this insurance condition. Along with this condition, they program another one in which Luis can spend the balance by providing a secret.

Once the conditions are written, Daniela and Luis create their threshold keys using Schnorr signatures, they sign the main and alternative scripts, and each one of them maintains the data they need to meet the spending conditions that have been programmed in the scripts. .

Explaining the scenario

First of all, Daniela and Luis can create a 2-of-2 multisignature and put their money there, this is something that we can do in Bitcoin right now. What is new is to include several alternative conditions that will be executed if the necessary conditions are present for said operation to be fulfilled. And if one of them is met, the rest of the conditions cannot be seen by anyone else.

This means that, if, for example, Daniela withdraws the money a year later because Luis has had a problem, she will be able to do it without problems. But at the same time in the blockchain, we will only be able to see the script that has allowed such action, the rest of the scripts and conditions will remain hidden. In other words, only that condition that is met in the transaction can be seen in the blockchain publicly, the rest of the alternatives and conditions will remain private and no one will be able to know what they were.

This feature certainly improves privacy, but not only that, it improves the ability to program each Bitcoin within the network. And the best thing is that these transactions, when seen on the blockchain, will not have much difference from a normal cryptocurrency transaction.

As for the "insurance function" imagine how many Bitcoins are not frozen in the blockchain because they simply forgot or lost the key to manage it? With an address and a script using Graftroot it would be possible to program special conditions so that the money within that address can move under other conditions that are programmed, thus avoiding their losses. Thus, cases such as QuadrigaCX with its 1000 BTC lost, or that of a Bitcointalk user with 8900 BTC lost, would be another story.

How much do you know, cryptonuta?

Will Graftroot's app put Bitcoin on the same level as Ethereum's smart contract programming?


While Graftroot (and Taproot) greatly expand Bitcoin's current capacity for smart contracts, this does not mean that Bitcoin's programmability exceeds or reaches Ethereum's. In fact, that is not the goal, but rather to allow the network to be able to carry out operations that currently rely on centralized options or second layer protocols. For example, with Taproot and Graftroot active, the same Bitcoin protocol would be able to run secure DEX or Atomic Swaps without the need for an external protocol of some kind, something that users will greatly benefit from.

Pros and cons of Graftroot


First of all, one of the pros of Graftroot is that they allow you to create smart contracts (Bitcoin Scripts) that are much more elaborate, with more conditions and with functions that would otherwise be impossible to implement. This significantly improves the usability of Bitcoin, and opens the doors for the on-chain implementation of new secure and transparent exchange functions.

Furthermore, Graftroot does not waive the privacy and scalability enhancements that Taproot and Schnorr firms offer us, as these two technologies are required by Graftroot. This has motivated developers to welcome the use of Taproot and Schnorr within Bitcoin, which we will soon be able to see.


On the downside, Graftroot introduces more complexity to Bitcoin's code, inexorably leading to security issues. However, both Taproot and Schnorr within Bitcoin have been in development since 2018, the code has been studied, which reduces the possibility of problems of this type.

What is really a problem with Graftroot is that this is an interactive system, in which both parties must sign the scripts (the main one as well as the alternative ones) in order to make any expenses. If this does not happen for some reason, the money will be there until that action is completed.