Graftroot: Private and efficient surrogate scripts under the taproot assumption

The discussion on Bitcoin-dev mailing list is focused on the case where a delegate is signed conditional on another delegate being signed. The participants suggest that internally something like segwit is required so that one side's delegation can be referred to by a signature-stable identity. However, they do not have a suggestion for a good way to do this at present. Another point raised in the discussion is the introduction of functionality that makes a script invalid after a certain time, which can exclude old delegates by timing/block height arguments or even pre-sign delegates for different periods of time. This construction allows unilateral key rotation without invalidating the interests of other parties in the existing multisig and does not require any on-chain transaction, only storing the signed delegation.