Author: Anthony Towns 2018-01-23 06:44:19
Published on: 2018-01-23T06:44:19+00:00
In a discussion about merkelized scripts on bitcoin-dev, Gregory Maxwell proposed using a tweaked C to produce P for the key to be published. This would create a pay-to-contract construction that is hardened against attacks. The proposal involves paying to a scriptPubKey of Taproot supporting version and EC point P. However, there are concerns about paying directly to the pubkey instead of the pubkey hash, as it may be a step backwards with regard to resistance to quantum attacks against ECC. It is noted that paying direct to pubkey does not make pay-to-taproot cheaper than p2wpkh, as the extra bytes in the scriptPubKey would need to be compensated for by reducing the witness. It is suggested that "S" could include a version that could be bumped to add new features to the script, but left hidden within the hash. Despite these concerns, the proposal is generally well-received.
Updated on: 2023-05-20T04:49:07.076838+00:00