PQC - What is our Goal, Even?

The recent discussion by Matt Corallo highlights a nuanced perspective on the security profiles of different cryptographic methods within Bitcoin's protocols, particularly focusing on the implications of key reuse in public keys. He argues that while Pay-to-MerkleRoot (P2MR) and Pay-to-Taproot v2 (P2TRv2) share a similar security profile when a pubkey is reused, it is misleading to claim that P2MR offers no advantages whatsoever. In fact, P2MR provides enhanced security over P2TRv2 until the point of key revelation because it does not expose the key path consistently, unlike its counterpart.

Corallo emphasizes that the real disadvantage arises when users do not adhere to best practices, such as reusing keys, which can negate any security benefits provided by the protocol being used. This misuse leads to vulnerabilities akin to those seen with Schnorr nonce reuse or poorly set up multisig configurations, where security breaches become inevitable. Therefore, he suggests that the statement "it has zero advantage" should specifically apply only to those who compromise their own security through improper actions.

Moreover, Corallo introduces a practical perspective on the scale of potential threats, questioning the likelihood of someone deploying a hypothetical 400 billion dollar quantum computer to exploit these cryptographic weaknesses merely to steal a relatively small amount, such as 2 BTC, from someone who has failed to use modern wallet protocols that mitigate address reuse. This scenario underscores that while theoretical vulnerabilities exist, their real-world exploitation is improbable unless there are significant assets at risk and protocols have been ignored.