You are off by one magnitude: 300’000×32×365 = 3’504’000’000 Also, you need one nullifier per input, not one per transaction. There are currently about 1.66 inputs per tx, so that’s 5.8 GB per year.
If the chain allows 50’000 spends and is only be pruned when it’s exhausted, there might be a handful chains by the highest volume actors pruned. That would be a vanishing part of all nullifiers.
Zcash has about 7k txs per day, less than 1/40th of Bitcoin, and it is over seven years younger.
I thought you are building on BIP361: P2MR. If the output can be spent via a key path, the output is generally not PQ-safe.
So, once people want PQ-safety, they cannot participate in multi-user transactions or bump feerates.
Thanks for the update, Claude. 