Aligning privacy incentives in P2MR

The discussion revolves around a proposed modification to BIP360, focusing on the impact of mandating at least one merkle authentication path in the control block of P2MR transactions. This alteration aims to prohibit depth-zero script trees within P2MR, consequently requiring each P2MR address to sustain the expense associated with maintaining at least two spending conditions. This proposal is rooted in concerns that depth-zero script trees present a perverse incentive, which may compromise privacy and the intended efficiency of Bitcoin scripting.

Depth-zero script trees currently allow for smaller witness sizes, which economically and practically motivate developers to favor them over potentially more secure or private alternatives like taproot script spends. For example, certain short scripts might not include a cooperative spending path if it results in greater inefficiency compared to using a single non-cooperative path. Such practices can lead to easier fingerprinting of scripting protocols, reducing overall privacy and counteracting key objectives of P2TR.

By enforcing a minimum requirement of a depth-1 tree for P2MR addresses, the modification would eliminate the incentive to use simpler, less private scripting methods under P2MR, thereby aligning its efficiency with that of P2TR. This change is expected not only to uphold the standard uses of P2MR—such as hybrid addresses combining a Schnorr leaf and a post-quantum (PQ) cryptography leaf—but also to promote the adoption of best practices. Specifically, even users who might typically opt for a single EC Schnorr leaf are incentivized under the new rule to add a PQ fallback leaf, enhancing script robustness and encouraging the proper utilization of fallback options.

The shift proposed in BIP360 has been preliminarily discussed with several proponents of the protocol, garnering a positive reception. However, the proposer is keen on gathering further input, particularly from those inclined towards P2TRv2, to assess whether these adjustments adequately address the privacy concerns associated with P2MR and its potential impact on the fungibility of the UTXO set. The outcome of this consultation could significantly influence the future implementation and acceptance of the amended protocol.