Perhaps we’re being overly cautious here by trying to avoid revealing the public key of an address that contains non-dust UTXOs. But one of the goals with disposing of dust is to avoid any potential reduction in wallet privacy or security just by disposing of the dust.
We did use the SHOULD language in dust selection part of the spec. since in our reference implementation gives users the option to spend dust that has unspent non-dust UTXOs. But does this cause a user fingerprinting issue? I have to think about that since unlike the quantum stuff it’s a real, non-hypothetical concern.
On the other hand you bring up another real issue that we don’t want to expose unique hidden tap script paths just to dispose of dust.
Overall I agree that we want to make disposing of dust as convenient as possible so it actually gets done. But we need to do our Hippocratic duty of first do no harm. I’d like to hear what you and others think about the relative importance of these potential risks:
- revealing public keys when spending dust
- fingerprinting the user/wallet by giving them dust selection options
- revealing tap script tree scripts when disposing of TR dust
- requiring non-dust UTXOs MUST be spent before disposing of dust for the same address
The happy path dust disposal scenario I have in mind is:
- dust UTXOs are automatically locked when received (can’t be spent in normal coin selection)
- non-dust UTXOs are spent in the normal course of coin selection
- dust UTXOs becomes eligible for disposal
- wallet creates & signs dust disposal txs when keys are available
- at random times the wallet broadcasts (and tries to batch) signed disposal txs
This procedure applies as well to when someone migrates all their non-dust UTXOs to a new wallet keys/descriptor leaving behind the dust UTXOs.