PQC - What is our Goal, Even?

The discussion on address re-use within the context of Bitcoin development highlights significant concerns regarding privacy implications. Address re-use is generally discouraged, primarily due to these privacy issues, though users retain the freedom to reuse addresses if they choose. The conversation then shifts towards the options available for bitcoin outputs, specifically pointing out the viability of using P2TR (Pay to Taproot) now and in the future. This option is praised for its effectiveness.

A detailed comparison between different bitcoin output types, particularly P2TRv2 and P2MR (Pay to Merkle Root), is made to outline their suitability under various scenarios. The argument centers around the trust and security concerns related to key-path spending and ECC (Elliptic Curve Cryptography) signatures. For users concerned about these aspects, P2MR offers a superior alternative by eliminating the overhead associated with ECC key-path spends without losing flexibility thanks to its script-tree functionality.

Furthermore, it is argued that there is no significant difference in privacy or security between P2TRv2 and P2MR outputs assuming the existence of CRQC (Cryptographically Relevant Quantum Computing). However, P2TRv2 is critiqued for being larger and more costly, and its approach to predicting the timing of quantum advancements—referred to as "Q-day"—is deemed impractical. It is suggested that a better strategy would be to provide more efficient alternatives like P2MR, which is considered more economical, smaller, quantum-resistant from the outset, and does not compromise on privacy or security.

In scenarios anticipating Q-day, rational actors might opt for outputs like P2MR or an altered version of P2TRv2 that excludes key-path spend, favoring other script-based, hashed output types instead. If Q-day never materializes, P2TR is viewed as remaining the best solution currently available. This ongoing debate juxtaposes the views of P2TRv2 proponents who seek to disable (yet retain) the key-path spend feature of Taproot against supporters of BIP-360, a proposal closely resembling Taproot but with the key-path spend removed. This discourse underscores the complexities and strategic decisions facing developers as they navigate the evolving landscape of Bitcoin's technological infrastructure.