Can you see Taproot address public key without spending coins on the address

[Karl_3000]

I saw something similar on this thread: https://bitcointalk.org/index.php?topic=5565334.msg66042914#msg66042914

DUMMIES GUIDE TO BEING QUANTUM SAFE.

In the past it was about protecting your PRIVATE KEY (your seed phrase). In the age of big scary quantum computers (BSQC) that are coming, you need to protect your PUBLIC KEY also.

Basically a BSQC can figure out your private key from a public key.

The present day taproot addresses (the latest format) are NOT safe, these are addresses starting with "bc1p" and they embed the public key into the address, not good.

Prior formats hide the public key behind a hash, so a BSQC can't easily crack it.

Do this:

1) create a new segwit wallet. It will start with "bc1q" (NOT "bc1p"), you can use older formats too like ones starting with "1" and "3"

2) send all your BTC into this new address

3) you can continue to stack sats into this new address

4) NEVER send BTC out of it, once you do you're BSQC hackable because your public key is revealed

5) wait for Bitcoin to upgrade to a quantum safe protocol, this may take 7 years, who knows

6) send your BTC into the new quantum safe address when the network is NOT congested, once you send, you reveal the private key for a short time. It's unlikely a BSQC will steal your coins in that short window

Some ramifications:

All the BTC sitting in ETFs, Treasury companies, and exchange cold storage can be quantum resistant if the custodians take action, even before BTC soft forks into a quantum resistant protocol.

Wallet Apps can also take appropriate action (making sure any spend from an address also moves remaining coins to a new non-taproot address).

Satoshi's 1M coins using an ancient P2PK address will be stolen (unless a future softfork freezes them). So are lost coins in addresses where there's past spending activity.
The general consensus between BTC experts is 2030 onwards as the timeframe when BSQC may come, aka “Q-Day”.

What's your take on all his explanations concerning the quantum attack day?

How is taproot address not safe against quantum computers if it is not resused for transaction?

[Cookdata]

How is taproot address not safe against quantum computers if it is not resused for transaction?

He is trying to tell you how your Bitcoin isn't safe from Quantum computers if you are using a taproot address to keep Bitcoin for long term.

When you send a transaction to other type of address, like native segwit, legacy and nested segwit, the transactions are visible on the blockchain network but the only thing you can see from the scriptpubkey is only the hash160, the public key will not be visible until the Bitcoin is ready to be spent which must be provided by the spender(both the signature and public key).

The two conditions that can reveal the public key is if you spend the output or spend part of the output. This is why it's not recommended to reused an output, it should be spent once because the public key to that address is already visible.

Contrary to taproots, when an outout is spent the pubkey becomes visible to the public, anyone can see your public key and that's a threat to everyone that are keeping Bitcoin for long term using taproot address.

He is suggesting you move your Bitcoin from taproot address to native segwit address prior to when Quantum solution will be available.

[Karl_3000]

How is taproot address not safe against quantum computers if it is not resused for transaction?

He is trying to tell you how your Bitcoin isn't safe from Quantum computers if you are using a taproot address to keep Bitcoin for long term.

Because the taproot address public key can be known to the public without spending from the address?

When you send a transaction to other type of address, like native segwit, legacy and nested segwit, the transactions are visible on the blockchain network but the only thing you can see from the scriptpubkey is only the hash160, the public key will not be visible until the Bitcoin is ready to be spent which must be provided by the spender(both the signature and public key).

You mean if you send bitcoin to recipient taproot address, the recipient address public key will be seen without spending from the taproot address? This is what I am asking.

[Cookdata]

When you send a transaction to other type of address, like native segwit, legacy and nested segwit, the transactions are visible on the blockchain network but the only thing you can see from the scriptpubkey is only the hash160, the public key will not be visible until the Bitcoin is ready to be spent which must be provided by the spender(both the signature and public key).

You mean if you send bitcoin to recipient taproot address, the recipient address public key will be seen without spending from the taproot address? This is what I am asking.

Everything about Quantum computers for now is speculation, all I know is that with your public key, Quantum computer can break the ecdsa to get the corresponding private key. The best practice and measure put in place now is to make sure your public key isn't exposed if you are going to keep Bitcoin for long term, that been said.

When you send a transaction to a taproot address, there is pubkey on the scriptpubkey refered x public key, there is a speculation but mathematical not proven that your funds can be at risk with quantum computer, that's why OP from the other thread is suggesting funds be moved from there to native segwit.

[satscraper]

You mean if you send bitcoin to recipient taproot address, the recipient address public key will be seen without spending from the taproot address? This is what I am asking.

Taproot address reveals the tweaked public key ^{its x-coordinate, to be exact}. The relevant tweak is irreversible operation^{as it involves hashing, multiplication and addition on EC curve}, which means you cannot recover the original internal public key from the tweaked one. Therefore, if you don't spend from Taproot address, there's no reason to worry about your stash even in the face of quantum computers with the technically feasible numbers of entangled qubits ^{(they require cooling to be entangled which in turn requires energy, a lot of energy in fact)} which wouldn't be powerful enough to derive the pertaining tweaked private keys because there's no starting point for them to compute or search. In my view the quantum threat is a bit exaggerated.

[nc50lc]

The present day taproot addresses (the latest format) are NOT safe, these are addresses starting with "bc1p" and they embed the public key into the address, not good.

How is taproot address not safe against quantum computers if it is not resused for transaction?

It's not apparent if the author is creating an FUD or just took the words in BIP-0341 literally, because that's not true.

To quote the most relevant information in BIP341's "design" that must have been his reference:

The public key is directly included in the output in contrast to typical earlier constructions which store a hash of the public key or script in the output. This has the same cost for senders and is more space efficient overall if the key-based spending path is taken.

He may have done some research and read this part but stopped right at that point.
It's either he left "Constructing and spending Taproot outputs" part unread or failed to understand it.