So far as I can inform, P2TR is best than P2WSH in virtually each case. The main assumption within the design of P2TR is in fact, that you’ll desire to make use of the keypath at any time when attainable, and that many extra advanced spending situations might be shortcut by getting everybody to agree on signing off on the end result instantly in type of a keypath spend when the scriptpath spend would have the ability to implement the identical final result.
Particularly within the context of multisig and script timber with a number of leaves, the P2TR building is superior, however there’s one besides by which you must all the time desire P2WSH. Everytime you solely have a single script within the tree, anticipate that you’ll by no means use the keypath, and can’t profit from public key aggregation, you must use a P2WSH output. The P2WSH output effectively commits to a single script, whereas a P2TR scriptpath requires the controlblock to disclose the leafscript within the tree that provides 34 weight items to the enter’s witness stack. One other benefit is in fact that some senders won’t be able to create P2TR outputs at first whereas sending help for P2WSH is already broadly carried out.
Privateness
P2TR outputs will stand out at first since there will probably be few of them. In the long run, the anonymity set of P2TR is more likely to be bigger since each single-sig makes use of and extra advanced situations look the identical when they’re spent by way of the keypath.
Engineering effort to undertake
Sending to P2TR addresses would require wallets to implement help for Bech32m. Wallets that wish to obtain and spend P2TR outputs might want to implement the Schnorr signing algorithm, and reengineer any OP_CHECKMULTISIG
based mostly schemas with the op-codes obtainable in Tapscript.
H/T to Vojtěch Strnad for correcting my authentic reply by declaring that P2WSH is extra environment friendly in a single-script use-case.