Ask most of bitcoin what taproot did and you get three answers: multisig that looks like single-sig, better privacy, cheaper fees. All true. All the small version.

Those are side effects. Taproot is the most expressive programmable upgrade bitcoin has ever shipped and almost nobody is building on what it actually unlocked.

A Taproot output commits to two things at once: a key path, and a tree of tapscript spend conditions. The tree lives off-chain. It never hits the chain unless a branch gets used and even then, only that branch shows. Commit to many conditions, reveal one, hide the rest. No consensus change required.

That’s not a fee trick. That’s programmable money with privacy baked into the structure.

The teams actually pushing it prove the point. @ba690...156f0 pools users into one taproot output, every leaf a VTXO, everyone able to walk out alone. BitVM commits a whole computation to a Taptree, one leaf per gate, only touching chain in a dispute. Different problems, same insight and the surface is barely scratched.

We’re building the biggest non-custodial bitcoin-native credit book ever. A surge vault is a pay-to-taproot output that holds your btc and can only move when one of three pre-committed spend paths is satisfied.

And it starts with killing the key.

The NUMS key

A live key path is a backdoor a way your collateral could move without satisfying the contract. So we set the taproot internal key to a nums point. Nothing up my sleeve. Derived deterministically:

sha256("surge-nums") → 6a1bac…175423f2

There’s no private key for it. Key-path signing isn’t available, full stop. Every spend has to reveal and execute a script leaf. And you don’t take our word for it, recompute the hash yourself.

Don’t trust that we won’t move your coins. Verify that we can’t.

With the key path dead, all three real spends live in the tree, out in the open:

1️⃣ Repayment. User + dcn co-sign. Cooperative close only, neither side moves it alone. The leaf commits a vaultId so a witness can’t be replayed against another position.

2️⃣ Liquidation. Dcn signature, authorized only on a collateral-ratio breach or end-of-term delinquency. Same script, different trigger. Not a lever someone pulls when they feel like it.

3️⃣ Unilateral Exit. The one that matters.

The exit leaf enforces OP_CHECKSEQUENCEVERIFY, a ~1-year relative timelock, then needs only your signature. If the DCN and the whole coordination layer vanish, you wait out the timelock and recover your btc alone. No permission, no counterparty. Not a terms-of-service line that assumes we’re still around to honor it, a recovery guaranteed by bitcoin script.

That’s the real meaning of non-custodial: your control outlives everyone else’s failure. Exit is where that’s real or it’s marketing.

Custodians ask you to trust the coins are still there, still yours, un-rehypothecated. Surge hands you verification instead, a NUMS key you can recompute, three leaves you can read, an exit enforced by a timelock. Bitcoin script is the final authority. Off-chain services can ask; btc only moves when a committed leaf is satisfied on-chain.

Taproot wasn’t convenient. Convenient was holding the coins ourselves. It was the only thing consistent with credit you can verify and leave.

Spec’s all public → https://docs.surge.credit/tech/vaults

Don’t trust. Verify. 🟧