pull down to refresh

I haven’t used taproot addresses yet myself but my understanding is that bech32m, just like bech32, uses sha256 and ripemd160 hashing steps on the public key as well: https://en.bitcoin.it/wiki/Bech32
Bech32m is the address format used to encode the output script of Pay to Taproot outputs on the user layer. Addresses don’t appear on the blockchain, in transactions, or in output scripts.
The output script for P2TR outputs consists only of the witness version and the witness program, and the witness program is an x-only secp256k1 pubkey. When a P2TR output is spent via the keypath, the witness stack only needs a signature. So no, most P2TR outputs would not protected by hashes, just as @kristapsk already stated above.
The exception would be if you made the keypath unusable, because spending via the scriptpath requires a control block that commits to the leafscript via a Merkle branch in the scriptree since the Merkle tree involves hashing.
reply
Address types and encoding are different things. First you create data to encode, then you encode it.
P2PKH (1...) and P2SH (3...) are different address types, but both use Base58Check encoding. For SegWit v0 (bc1q...) addresses bech32 encoding is used, but P2WPKH and P2WSH uses different hashing algos before doing bech32 encoding (SHA256+RIPEMD160 vs just SHA256, that's why different length of addresses). For SegWit v1 (bc1p...) currently only address type is P2TR and there just Schnorr (not ECDSA) pubkey is encoded using bech32m.
Using Schnorr signatures and not hashing pubkey is what allows to do these various Taproot tricks like having complicated smart contracts that look on a blockchain just like plain single pubkey.
reply
The pubkeys don’t change between ECDSA or Schnorr, they are just curve points on secp256k1 in either case. Just the signature is different, and the respective output type requires one or the other in the witness stack for spending.
reply
Yes, you are correct here.
reply
The question is whether or not the requirements for an attack change/simplify if you only know the bc1 address.
reply
Clearly I’m going to have to dig into taproot more :) thanks for the extra info.
reply