is it not the case that Taproot/tapscripts output would expose it's public key in it's pubkey script on the chain before it is spent? I'm gonna have to check that out today, I'm not certain
So, it seems my recollection was right, but I got the implications wrong:
The public key is directly included in the output in contrast to typical earlier constructions which store a hash of the public key or script in the output.
...however, the whole point of Taproot is to make P2PKH and P2SH indistinguishable on the blockchain
(at least in most typical cases?) And so the actual public key for the private key that can spend an output is either another hashed script, or is provided to taproot's compute pubkey function such that no script path can be used. This still permits using the underlying "real" pubkey (which I think is defined as internal_pubkey in the Taproot BIP docs) to execute a spend of the output.So, the spending pubkey is actually redefined as a key internal to the taproot script, and the pubkey for the overall taproot script tree is the "real" pubkey, as it is now the key that's actually publicly available! The whole notion of what public key means is therefore not the same in taproot outputs...phew!
Anyone have any idea if this has any implications for QC resistance? My instinct is to say that the internal key is never revealed, because the taproot magic keeps it forever hidden. I expect to be wrong
