> I think segwit addresses are safe from long range attacks because they have another layer of hash

i think i get your point. segwit wraps pubkey around two hashes, sha256 and ripemd160, whereas taproot does not but rather commits to tweaked public key with bech32m and it reveals its tweaked pubkey to **scriptpubkey field** directly. That may be one attack surface even to the unspent taproot output??

Thanks for the link, I’ll take a look.

ellipticKurve256k1

I guess I was wrong about segwit being cheaper. Thanks for the correction.

As for the risk of QC it's well known that taproot is vulnerable. I think segwit addresses are safe from long range attacks because they have another layer of hash. I don't remember off the top of my head why exactly taproot is vulnerable.

bitcoin

Thinking of moving all of my stash to Taproot, any rational reason not to?

I guess I was wrong about segwit being cheaper. Thanks for the correction.

As for the risk of QC it's well known that taproot is vulnerable. I think segwit addresses are safe from long range attacks because they have another layer of hash. I don't remember off the top of my head why exactly taproot is vulnerable.

https://chaincode.com/bitcoin-post-quantum.pdf

Check this out if you have time.