it would encourage address reuse which has always been something we are trying to avoid
Yes, undeniably. OP_CC is a simple way to increase the economic bandwidth of the base layer without increasing block size. We’re seeing address reuse today, indicating that the privacy implications are bearable for many actors. And it’s an opt-in feature.
Also, you would get the same savings with Cross-Input Signature Aggregation of Schnorr signatures plus a lot more possible upside.
I’m not opposed to CISA! Clarifying question: For n<m multisigs using OP_CHECKSIGADD, wouldn’t it still be necessary to reveal the script including the pubkeys in the witness? With OP_CC, the leaf script for repeated SPKs is a single byte.
Also, I’m not sure CISA is realistic for quantum signatures.
there is already a proposal called
OP_CIVby Tadge Dryja that shares some similarities
Yep, I’m aware. However, @adiabat concedes his proposal does not save space vs. EC sigs. See https://youtu.be/cqjo3rmd6hY?t=1154. Moreover, I think OP_CC is much easier for wallets to implement.