pull down to refresh
I guess I was wrong about segwit being cheaper. Thanks for the correction.
As for the risk of QC it's well known that taproot is vulnerable. I think segwit addresses are safe from long range attacks because they have another layer of hash. I don't remember off the top of my head why exactly taproot is vulnerable.
https://chaincode.com/bitcoin-post-quantum.pdf
Check this out if you have time.
reply
I think segwit addresses are safe from long range attacks because they have another layer of hash
i think i get your point. segwit wraps pubkey around two hashes, sha256 and ripemd160, whereas taproot does not but rather commits to tweaked public key with bech32m and it reveals its tweaked pubkey to scriptpubkey field directly. That may be one attack surface even to the unspent taproot output??
Thanks for the link, I’ll take a look.
reply
i believe everything under ECC is vulnerable to quantum computers, if that comes out publicly to the world. Do you have any reason why you think that taproot is specifically more vulnerable to Q-day?
Hmm.. i doubt that.. as far as key path spending wise..
comparing this taproot txn to this segwith txn which both have one input(taproot / segwit respectively) going to two segwit outputs, one with taproot input(key path spending) has txn weight of 520 WU, and the other with native segwith input has 562 WU.