Blockstream and bitcoin core developer Pieter Wuille introduced the concept of tree signatures to create a more efficient multi-sig method with enhanced privacy. Tree signatures can be coded only in the extended Alpha scripting language and can implement M-of-N multi-sig transactions more efficiently than bitcoin scripting, as it requires more than one keyholder to participate.
With tree signatures, only the keys actually used for signing are exposed to the public. For instance, in a 1-of-N multisig policy, only one key is revealed on spending and the other keys stay hidden.
Bitcoin and Tree Signatures
“Merkle tree keys support very large 1-of-N. Schnorr signatures support very large M-of-M. This means that if we can write our spending conditions as a 1-of-(N possible M-of-M’s), we can build a Merkle tree consisting of Schnorr combined public keys,” Wuille explained.
Wuille gave more details on this enhanced multi-sig approach in his talk titled “Key Tree Signatures: A Mechanism for Very Large, Compact, Efficient Multisig” at the SF Bitcoin Devs Group.
“In our first sidechain, Elements Alpha, we introduced several improvements to the cryptography and scripting abilities of bitcoin,” the abstract indicated.