Aligning privacy incentives in P2MR

The discussion revolves around the proposal for EC public key recovery in P2MR (BIP-360), which suggests a reduction of 35 bytes in the witness by eliminating the script-containing witness element. This concept is detailed further in an online source, which can be found here.

In the broader context of Bitcoin's adaptation to quantum computing risks, there's a significant debate regarding the adoption of new output types like P2MR and P2TRv2 to ensure quantum resistance. The migration to these new formats has been slow, as evidenced by the adoption rates of previous technologies such as P2TR, which, despite being incentivized, still covers only a small fraction of the UTXO set even after several years. Sources from mempool.space and Galaxy Digital in 2025 provide insights into this slow uptake (UTXO Set Report and Bitcoin Onchain Fees UTXO Analysis).

There's concern that too many barriers to adopting quantum-safe outputs might work against the mitigation of quantum computing risks. One argument suggests that costs associated with transitioning to new systems like P2MR, which could lead to a 15% increase in transaction costs, might deter users from migrating unless essential. Conversely, P2TRv2 might offer a cost-neutral or even cheaper alternative depending on previous technology used.

An important aspect of the discussion involves preparing for potential future scenarios where quantum computing could break existing cryptographic defenses. There is a possibility of deploying a rescue protocol to protect user assets if a quantum breakthrough compromises security before widespread adoption of quantum-resistant outputs. However, this scenario also raises concerns about trust and stability in Bitcoin if significant amounts of coins are at risk or appear confiscated through necessary but drastic measures.

Ultimately, the debate underscores the need for a strategic approach to integrate feature-rich cryptographic solutions that address quantum threats without imposing undue burdens before such threats materialize. The preference leans towards long-term planning with technologies capable of seamless integration and minimal disruption, suggesting a possible favoring of P2MR under certain conditions, provided it includes mechanisms like disabling specific EC opcodes during a quantum event. This strategy aims to balance readiness for a quantum event with practical operational needs in the interim.