Pay-to-Taproot (P2TR)
2 min read
Pay-to-Taproot (P2TR) is a type of ScriptPubKey which locks bitcoin to a script that can be unlocked by a public key or a Merkelized Alternative Script Tree (MAST), allowing the bitcoin to be spent in a variety of ways.
On the surface, a P2TR output locks bitcoin to a single Schnorr public key, which we call Q. However, this public key Q is actually the aggregate of a public key P and a public key M, which is calculated from the Merkle root of a list of other ScriptPubKeys.
➤ Learn more about Schnorr key aggregation.
Bitcoin in a P2TR output can be spent by publishing a signature for public key P, or by satisfying one of the scripts contained in the Merkle tree. The first option is called the key path, while the second option is called the script path.
Pay-to-Taproot combines the functionality of Pay-to-Script-Hash (P2SH) and Pay-to-Public-Key (P2PK) scripts flexibly, allowing the owner or owners to choose how they would like to spend their money. This makes P2TR a significant improvement for the privacy of users.
While there are many ways of spending a P2TR output, only the one that is used must be revealed, allowing the unused alternatives to remain private. In addition, thanks to Schnorr key aggregation, the public key P can itself be an aggregate key, possibly representing a multisig setup. Most importantly, the status of public key P as a multisig key or a single key is never revealed, and thus all P2TR outputs resemble one another, undermining many chain analysis heuristics and preserving privacy for users.
Pay-to-Taproot outputs will be spendable once the Taproot upgrade is activated. However, a few enterprising Bitcoiners have already sent bitcoin to P2TR outputs. These outputs will remain unspendable until Taproot is activated.