What is Graftroot?


One of the proposals for improvements that are most expected in Bitcoin is Graftroot. It seeks to implement better support for smart contracts on Bitcoin, in addition to other improvements in the cryptography of this cryptomon currency like Ethereum Code. In fact, it is, together with Taproot, one of the improvements aimed at improving the privacy of the world’s first crypto currency.

With Graftroot, the combination of cryptographic technologies is sought. This with the aim of giving greater privacy to the transactions that are executed on the Bitcoin network. By combining Taproot, Schnorr and MAST signatures, the aim is to create complex multi-signature transactions that look like a normal transaction. This brings greater privacy to the transactions. The aim is to make it more difficult for blockchain analysis companies to analyse the incoming and outgoing flows of the cryptosystems involved in the transactions.

What is Graftroot?

Graftroot is a recent technology that seeks to improve the privacy features of smart contracts on Bitcoin blockchain. It was proposed by Greg Maxwell, one of Bitcoin’s main contributors, with the idea of improving some aspects that are not covered by Taproot technology. The latter had also been proposed by Maxwell himself. The aim is to give greater privacy to the intelligent contracts that are made on the Bitcoin network.

With Graftroot, participants in a smart contract can combine their public keys in the execution of the contract. In this way, a single threshold key can be generated. This key can be accessed with a threshold signature, just like Taproot.

The difference is that in Graftroot threshold signatures are created for each alternative condition in the intelligent contract. Whereas with Taproot the signature is made on the complete set of conditions. This feature of Taproot has the disadvantage of generating a lot of data, which represents a disadvantage for the privacy of the contract within the blockchain. With Graftroot we want to solve this aspect, and make an intelligent contract look like a standard transaction for those who want to make chain analysis within the blockchain.

To quote Maxwell’s own words about Graftroot:

„With Graftroot, participants establish a threshold key, optionally with a Taproot alternative, just as they do with Taproot. At any time, they can delegate their ability to sign to a substitute script (and only the script) with their Taproot key and share that delegation with whomever they choose. Later, when the time comes to spend the currency if the signatories are not available and the script must be used, the redeeming party must do whatever is necessary to satisfy the script (for example, provide its own signature and a time lock, or whatever). and submit that information along with the signatory’s signature to the script.“

Graftroot’s objective

As already mentioned, Graftroot’s objective is to make intelligent contracts to be confused with normal transactions within the blockchain, thus making it more difficult to analyse the blockchain for signs of intelligent contracts, thus providing greater privacy to the negotiations carried out through intelligent contracts on the Bitcoin network.

How does Graftroot work?

The operation of Graftroot can be explained through an example:

Let’s suppose that a smart contract is established between two people, Maria and Carlos, so that they can spend the contract funds together.

  • It can be established, as an alternative condition in the contract, that Maria will be able to spend after a certain time, for example one week.
  • Alternatively, it is also stated that Carlos may spend funds if he provides a secret number.
  • Maria and Carlos then create and sign these alternative conditions.
  • Maria keeps her threshold signature with which she will be able to spend after the stipulated period, one week.
  • And Carlos, in turn, keeps his threshold signature with which he can spend if he provides his secret number.

When the contract is settled, two situations may arise, namely: the cooperative closure, where both participants sign the transactions, thus generating a threshold signature. Or the non-cooperative closure, when for any reason either party is not present. In this case, if Carlos is present, he can reveal the alternative condition stipulated in the contract and his threshold signature to prove the authenticity of the expenditure. Therefore, for consensus, this will look like all parties to the contract agreed to the transaction.

In the event that only Maria is found, she can proceed in a similar manner, exposing the alternative condition agreed in the contract and providing her threshold key to make the expenditure.

With Graftroot it is then guaranteed that the execution of any of the cases, is done with the generation of few data by means of the application of Schnorr signatures, abstract syntax trees known as MAST and Taproot’s own benefits. All this combination of technologies will make the transaction look like a normal transaction in the blockchain, even in the cases where alternative conditions were executed, that is, in the cases where some of the signatures were missing.


One of the most outstanding features of Graftroot is the possibility of incorporating into the intelligent contract several alternative conditions agreed by the participants of the contract at the time of its creation. In a 3 of 3 intelligent contract case, that is, there are 3 participants and the signature of all three is required to execute the contract, it does not involve much trouble to handle as a normal transaction. If 2 participants out of 3 sign, it can be conveniently processed through Taproot, but when 1 out of 3 participants already sign, more data is generated for the purposes of consensus, and this undermines the privacy of the contract, since it can be located more easily than a normal transaction within the blockchain.

Another quite interesting feature of Graftroot is that not all the alternative conditions need to be signed beforehand, they can be added after the creation of the contract, with the generation of their respective threshold signatures.

On the other hand, Graftroot supports the ability to delegate your keys to a script to sign through it in case of any eventuality. For example in the intelligent contract to cover contingencies in a will. A person can set alternative conditions that delegate their keys to a script that their children, for example, can use to sign at the time of the person’s death. This feature is known as a substitute script.

Implications of improvement

One of the implications of this improvement is to update the network to support these features. In the Bitcoin environment, there are many expectations about this upgrade that involves a smooth bifurcation to allow these features to be supported by the Bitcoin network.

The privacy and security of the execution of intelligent contracts is another of the most important implications within this set of proposed improvements for the Bitcoin network.

Pros and cons

Like everything else in the world of cryptography, there are pros and cons. Graftroot does not escape from it. Here are some of them:


  • Graftroot can facilitate even the most complex intelligent contract, and no one would notice.
  • Participants can even add more conditions after the initial contract is executed. 
  • It provides greater privacy in smart contracts with several alternative terms.
  • Graftroot’s efficiency is superior to Taproot’s in smart contracts with many alternative terms.
  • The alternative terms each have their own threshold signature.
  • It gives participants the possibility to delegate their keys to other people to sign in case one or more participants of the contract are absent.


  • On the one hand, it is interactive. The parties involved must communicate about the signing of the alternative scripts before they can spend the funds in the way they have agreed. 
  • Another drawback is that if a participant loses their threshold signature for the alternative script, they lose their backup with it. 


Bitcoin enthusiasts are looking forward to implementing this series of improvements to the Bitcoin network. It represents a very promising upgrade for the Bitcoin ecosystem. Bitcoin’s remarkable entry into the P2P decentralized crypto-currency market has opened the door to a whole world of possibilities in digital finance.

Now, with this series of technological improvements, Bitcoin seeks to remain at the forefront, offering features to all people worldwide so that they can make the most of their potential in an environment of privacy and security that is typical of the cryptographic ecosystem.

We will be waiting for new advances linked to the implementation of Graftroot in the creation of intelligent contracts in the Bitcoin network, as well as innovative projects derived from the implementation of this technology in the cryptographic space.