The Deva at Nunchuk posted this on X earlier today. It is a nice defense of miniscript and OP_IF. The debate is not settled that OP_IF is some kind of vulnerability nor is it the case that minoscript is some foolish "wizard" fanciness nobody actually uses.

There are some misconceptions about OP_IF and Miniscript. Let’s clear them up.

Misconception #1: Taproot branches are always better than their OP_IF equivalentMisconception #1: Taproot branches are always better than their OP_IF equivalent

Take this example policy for a business treasury:

Alice AND (Bob OR Timelock).

In English: To spend, Alice must always sign. Then either Bob signs, or a timelock acts as a fallback: if Bob is unavailable, Alice can broadcast the transaction by herself after some delay.

If you use a single OP_IF script, spending the primary path means revealing the whole script, including the unexecuted Timelock fallback. That Timelock logic is ~5 bytes.

If you split this into two Taproot branches (Leaf A: Alice+Bob; Leaf B: Alice+Timelock), you can hide the 5-byte Timelock.

However, spending Leaf A now requires adding a 32-byte Merkle proof to your Control Block to prove the leaf is in the tree.

So you'd pay a 32-byte penalty to hide 5 bytes of script. This makes the transaction ~27 bytes more expensive.

For certain types of wallets, OP_IF can absolutely be cheaper to use than Taproot branches. The above is a simplified example, but the principle applies generally.

Misconception #2: Miniscript is only for “fancy”, convoluted use casesMisconception #2: Miniscript is only for “fancy”, convoluted use cases

The evolution of Bitcoin self-custody can be seen as 3 major milestones:

• First Era: “Not your keys, not your coins”
  The early days of Bitcoin started with the simple premise that you must hold your private keys to secure ownership of your bitcoin. This typically manifested in the use of cold storage (dedicated signing devices), where the vast majority of setups required only a single signature.
• Second Era: Eliminating Single Points of Failure
  Your bitcoin is only as secure as its weakest link. A singlesig wallet represents a Single Point of Failure (SPoF). Hence, the critical importance of multisig when holding any serious amount of bitcoin became very clear.
• Third Era: Decaying Multisig & Layered Security
  Multisig solves the SPoF issue, but it creates a new challenge: the harder you make it to withdraw funds, the harder it is to pass on the wealth to the next generation or recover from lost keys.

"Decaying multisig" is the natural next step. It combines the best of both worlds: you start at a very high bar of security (just like a regular multisig), but then gradually relax it with timelocks so that over the long run, your family or business partners have an easier time accessing the funds.

As the market matures, it will become clear that different use cases and users will require different levels of security. The higher the stakes, the stricter the requirements: Layered security. There won’t be a one-size-fits-all.

These ideas are not rocket science. They represent the logical evolution of a new technology slowly being understood and adopted.

The example wallet we cited at the beginning isn’t a convoluted setup that only the craziest nerds can think of. Anyone can understand why someone might set up such a contract. It is highly practical and solves a very real pain point.

The beauty of Miniscript is that it allows us to standardize the types of wallets created in this Third Era. Because of it, you have strong assurance that a wallet created by one software can be easily recovered by any standard-compatible software.

Miniscript is one of the most important engineering projects in Bitcoin, because self-custody is the cornerstone of all things Bitcoin. Layer 2 or privacy technologies are meaningless without the ability to secure base layer Bitcoin.

Fast forward 10 years, and an enterprise-grade custody solution will likely involve Miniscript or something similar.