<100 subscribers
0. 30-Second TL;DR
SegWit v1 (2017) – move signatures out of 1 MB block → 4 MB weight, fix malleability, enable Lightning.
SegWit v2 = Taproot (2021) – new sig algorithm (Schnorr), Merkelise scripts (MAST), shrink multi-sig, hide complex contracts, make Ordinals possible.
SegWit v3 = Taproot Assets (2024-25) – keep asset data off-chain in “Universes”, anchor only proofs on-chain, give assets their own VM (TAP-VM) that can evolve toward Turing-complete while Bitcoin stays unchanged.
→ Path: pure size boost → prettier & smarter Bitcoin scripts → infinite scale & programmability outside the base layer.
1. Why “Separate the Witness” at All?
Old problem: TX signatures sat inside the transaction →
Anyone could flip a byte (malleability) and change TX-ID → broke 2nd-layer protocols.
Sig data counted against 1 MB → artificial ceiling.
No privacy for multi-conditional scripts (all conditions visible).
SegWit’s universal idea: signatures are only “witnesses” – move them to an add-on zone that:
does not enter TX-ID calculation,
is still committed to in the block (merkle path into coin-base),
can have its own size limit.
2. SegWit v1 (BIP 141/143/144) – “Just Make Room”
Activated: block 481 824, Aug-2017
New stuff:
Weight formula: 3 × base-data + total-data ≤ 4 M → ≈ 1.7 MB typical, 4 MB worst-case.
P2WPKH / P2WSH addresses (bech32, “bc1…”) – lower fees, case-insensitive, no ambiguity.
wTXID – parallel ID that includes witness; miners build a second merkle tree rooted in coin-base.
Side-effect: script-version byte → upgrade by incrementing “witness version” (v0 → v1 later for Taproot).
Result: LightningNetwork goes live, fee market cools down, base-layer stays conservative.
3. SegWit v2 = Taproot (BIP 340/341/342) – “Make Smart Contracts Look Dumb”
Proposed: Jan-2020 Active: block 709 632, Nov-2021
3.1 Schnorr (BIP 340)
64-byte sigs vs 70-72 ECDSA → 4 % saving, but key-aggregation is the prize.
n-of-n multisig → single pubkey + single sig on-chain → big fee win + privacy win (can’t distinguish 1-of-1 from 11-of-15).
Linear maths → batch verification ~3× faster, adaptor-sigs, MuSig2, FROST, etc.
3.2 MAST (BIP 341)
Instead of dumping whole script in spend, only executed branch is revealed.
All possible scripts hashed into a Merkle tree; root = Taproot pubkey tweak.
→ Smaller witness, no malleability, privacy boost (unused conditions stay hidden).
3.3 Tapscript (BIP 342)
Upgraded op-codes (OP_SUCCESSx) → future soft-forks just assign meaning.
Removes 10 000-byte script size limit → big scripts possible (basis for Ordinals in-script data).
New sighash modes (SIGHASH_DEFAULT, ANY_PREVOUT) → enable Eltoo, vaults, etc.
First cultural explosion: Casey Rodarmor uses script-path to stuff JPEG bytes inside Taproot scripts → Ordinals → BRC-20, recursive inscriptions, 50 MB blocks full of cat photos.
4. SegWit v3 = Taproot Assets – “Take It Off-Chain, Keep the Audit Trail”
Birth: Lightning-Labs “Taro” white-paper, Dec-2021 Production: tapd v0.6.0, Jun-2025
4.1 Design Philosophy
Bitcoin block = commitment layer only (tiny 32-byte Merkle root).
Asset rules, metadata, supply tree live in Universes – arbitrary data stores (could be IPFS, cloud, or your laptop).
Trust-model: “Don’t trust, verify” – anyone can fetch the Universe, recompute the sparse-Merkle-sum-tree root, and check it matches on-chain root.
4.2 Core Pieces
MS-SMT (Merkle-Sum Sparse Merkle Tree) – every leaf is a vUTXO; each parent stores sum(amount) → detect inflation instantly.
Asset Script Key – Taproot pubkey that controls asset transfer (separate from BTC UTXO key).
Split Commitments – when you split a 100-unit token, only one branch needs the full witness; siblings just carry proof-of-split → saves space.
TAP-VM – stripped-down Bitcoin VM + asset op-codes; lives outside consensus, so can be upgraded to Turing-complete without risking base layer.
4.3 What You Can Build Today
Stable-coin (USD-asset) that rides over Lightning → instant, sub-sat fees.
TrustlessSwap – atomic BTC ↔️ asset swap without cross-chain bridges.
BTCFi – lending markets use BTC as collateral, assets as borrowables, all settled on Bitcoin graph.
4.4 Road-map Hints
Lightning-Labs: “TAP-VM v2” exploring WASM → near-Turing while keeping fraud-proof mechanism.
If WASM VM ships, expect Uniswap-style AMMs, perpetuals, even zk-rollups settled to Bitcoin without changing Bitcoin.
5. Putting It Together – The 3-Step Bitcoin Evolution
Upgrade | Year | Where Data Lives | What Got Bigger | What Got Smarter | Consumer Face |
|---|---|---|---|---|---|
SegWit v1 | 2017 | Witness attached to TX | 1 MB → 4 MB weight | fixed malleability | Lightning wallets |
Taproot v2 | 2021 | Still on-chain, but pruned | same block, more bytes for logic | Schnorr + MAST + big scripts | Ordinals, BRC-20 |
Taproot Assets v3 | 2025 | Off-chain Universes; 32 B root on-chain | infinite (theoretical) | separate VM, future Turing | Stable-coins, BTCFi, gaming assets |
6. Key Take-aways for Builders & Investors
Soft-forks only: each version activated without a chain-split → Bitcoin conservatism intact.
Address adoption: bech32 (v0) → P2TR (v1) → TAs (v1 + off-chain) – wallets must upgrade sequentially.
Fee economics: witness data discounted → complex scripts / big files cost less per byte than raw financial TXs → incentives align to push creativity into witness or outside chain.
Security budget: off-chain assets still need on-chain settlements → more TX demand → higher long-term fees for miners.
Watch the VM race: whoever makes TAP-VM ** Turing-complete first** (without breaking fraud-proof simplicity) wins the Bitcoin L2 jackpot.
Conclusion:
SegWit’s trilogy turned Bitcoin from “digital gold only” into a three-layer cake:
bullet-proof settlement,
programmable scripts,
boundless asset universe anchored to it.
The upgrades are additive, not replacement – you can still use 2009-style pay-to-pub-key today. But if you want to mint a yield-bearing EM stable-coin, trade it instantly over Lightning, and settle back to BTC – all secured by Bitcoin’s hash-power – the roadmap is already in the code.
0. 30-Second TL;DR
SegWit v1 (2017) – move signatures out of 1 MB block → 4 MB weight, fix malleability, enable Lightning.
SegWit v2 = Taproot (2021) – new sig algorithm (Schnorr), Merkelise scripts (MAST), shrink multi-sig, hide complex contracts, make Ordinals possible.
SegWit v3 = Taproot Assets (2024-25) – keep asset data off-chain in “Universes”, anchor only proofs on-chain, give assets their own VM (TAP-VM) that can evolve toward Turing-complete while Bitcoin stays unchanged.
→ Path: pure size boost → prettier & smarter Bitcoin scripts → infinite scale & programmability outside the base layer.
1. Why “Separate the Witness” at All?
Old problem: TX signatures sat inside the transaction →
Anyone could flip a byte (malleability) and change TX-ID → broke 2nd-layer protocols.
Sig data counted against 1 MB → artificial ceiling.
No privacy for multi-conditional scripts (all conditions visible).
SegWit’s universal idea: signatures are only “witnesses” – move them to an add-on zone that:
does not enter TX-ID calculation,
is still committed to in the block (merkle path into coin-base),
can have its own size limit.
2. SegWit v1 (BIP 141/143/144) – “Just Make Room”
Activated: block 481 824, Aug-2017
New stuff:
Weight formula: 3 × base-data + total-data ≤ 4 M → ≈ 1.7 MB typical, 4 MB worst-case.
P2WPKH / P2WSH addresses (bech32, “bc1…”) – lower fees, case-insensitive, no ambiguity.
wTXID – parallel ID that includes witness; miners build a second merkle tree rooted in coin-base.
Side-effect: script-version byte → upgrade by incrementing “witness version” (v0 → v1 later for Taproot).
Result: LightningNetwork goes live, fee market cools down, base-layer stays conservative.
3. SegWit v2 = Taproot (BIP 340/341/342) – “Make Smart Contracts Look Dumb”
Proposed: Jan-2020 Active: block 709 632, Nov-2021
3.1 Schnorr (BIP 340)
64-byte sigs vs 70-72 ECDSA → 4 % saving, but key-aggregation is the prize.
n-of-n multisig → single pubkey + single sig on-chain → big fee win + privacy win (can’t distinguish 1-of-1 from 11-of-15).
Linear maths → batch verification ~3× faster, adaptor-sigs, MuSig2, FROST, etc.
3.2 MAST (BIP 341)
Instead of dumping whole script in spend, only executed branch is revealed.
All possible scripts hashed into a Merkle tree; root = Taproot pubkey tweak.
→ Smaller witness, no malleability, privacy boost (unused conditions stay hidden).
3.3 Tapscript (BIP 342)
Upgraded op-codes (OP_SUCCESSx) → future soft-forks just assign meaning.
Removes 10 000-byte script size limit → big scripts possible (basis for Ordinals in-script data).
New sighash modes (SIGHASH_DEFAULT, ANY_PREVOUT) → enable Eltoo, vaults, etc.
First cultural explosion: Casey Rodarmor uses script-path to stuff JPEG bytes inside Taproot scripts → Ordinals → BRC-20, recursive inscriptions, 50 MB blocks full of cat photos.
4. SegWit v3 = Taproot Assets – “Take It Off-Chain, Keep the Audit Trail”
Birth: Lightning-Labs “Taro” white-paper, Dec-2021 Production: tapd v0.6.0, Jun-2025
4.1 Design Philosophy
Bitcoin block = commitment layer only (tiny 32-byte Merkle root).
Asset rules, metadata, supply tree live in Universes – arbitrary data stores (could be IPFS, cloud, or your laptop).
Trust-model: “Don’t trust, verify” – anyone can fetch the Universe, recompute the sparse-Merkle-sum-tree root, and check it matches on-chain root.
4.2 Core Pieces
MS-SMT (Merkle-Sum Sparse Merkle Tree) – every leaf is a vUTXO; each parent stores sum(amount) → detect inflation instantly.
Asset Script Key – Taproot pubkey that controls asset transfer (separate from BTC UTXO key).
Split Commitments – when you split a 100-unit token, only one branch needs the full witness; siblings just carry proof-of-split → saves space.
TAP-VM – stripped-down Bitcoin VM + asset op-codes; lives outside consensus, so can be upgraded to Turing-complete without risking base layer.
4.3 What You Can Build Today
Stable-coin (USD-asset) that rides over Lightning → instant, sub-sat fees.
TrustlessSwap – atomic BTC ↔️ asset swap without cross-chain bridges.
BTCFi – lending markets use BTC as collateral, assets as borrowables, all settled on Bitcoin graph.
4.4 Road-map Hints
Lightning-Labs: “TAP-VM v2” exploring WASM → near-Turing while keeping fraud-proof mechanism.
If WASM VM ships, expect Uniswap-style AMMs, perpetuals, even zk-rollups settled to Bitcoin without changing Bitcoin.
5. Putting It Together – The 3-Step Bitcoin Evolution
Upgrade | Year | Where Data Lives | What Got Bigger | What Got Smarter | Consumer Face |
|---|---|---|---|---|---|
SegWit v1 | 2017 | Witness attached to TX | 1 MB → 4 MB weight | fixed malleability | Lightning wallets |
Taproot v2 | 2021 | Still on-chain, but pruned | same block, more bytes for logic | Schnorr + MAST + big scripts | Ordinals, BRC-20 |
Taproot Assets v3 | 2025 | Off-chain Universes; 32 B root on-chain | infinite (theoretical) | separate VM, future Turing | Stable-coins, BTCFi, gaming assets |
6. Key Take-aways for Builders & Investors
Soft-forks only: each version activated without a chain-split → Bitcoin conservatism intact.
Address adoption: bech32 (v0) → P2TR (v1) → TAs (v1 + off-chain) – wallets must upgrade sequentially.
Fee economics: witness data discounted → complex scripts / big files cost less per byte than raw financial TXs → incentives align to push creativity into witness or outside chain.
Security budget: off-chain assets still need on-chain settlements → more TX demand → higher long-term fees for miners.
Watch the VM race: whoever makes TAP-VM ** Turing-complete first** (without breaking fraud-proof simplicity) wins the Bitcoin L2 jackpot.
Conclusion:
SegWit’s trilogy turned Bitcoin from “digital gold only” into a three-layer cake:
bullet-proof settlement,
programmable scripts,
boundless asset universe anchored to it.
The upgrades are additive, not replacement – you can still use 2009-style pay-to-pub-key today. But if you want to mint a yield-bearing EM stable-coin, trade it instantly over Lightning, and settle back to BTC – all secured by Bitcoin’s hash-power – the roadmap is already in the code.
Share Dialog
Share Dialog
No comments yet