Is Bitcoin ready for the quantum era? Read our report at: chaincode.com/bitcoin-post-q… @ClaraShik & @ozdeadman explore the threats posed by cryptographically relevant quantum computers (CRQCs) and outline a strategic path forward. Here are the key takeaways: 🧵👇

Experts project CRQCs to emerge by 2030–2035, so the report proposes a dual-track strategy to ensure preparedness: • A minimal contingency path (~2 years) for rapid response to unexpected breakthroughs • A comprehensive path (~7 years) to develop & refine optimal solutions

ECC-based signatures that expose the public key put an estimated 4–10 million BTC at risk. Current post-quantum signatures are significantly larger. However, since this is a rapidly evolving research topic, we expect improvements in reducing sizes in the near future.

Quantum mining is a different story. It must compete with today's specialized ASICs. Grover’s algorithm offers a limited advantage and can’t be parallelized like classical mining. Mining is expected to remain more quantum-resilient than transaction signatures.

Sounds like FALCON 512 is probably the way to go if we suddenly had to do this tomorrow. I assume a hash can move the 897 byte public key to the signature... so for our purposes, effectively a 32-byte pubkey and 1.6 kB signature. Or is there a reason to keep the pubkey larger? Any possibility of MimbleWimble-like tricks to allow for pruning spent signatures maybe?

@ChaincodeLabs Do any of these have any potential for Taproot-like dual purpose keys, where a longer script can be shortcut by a multisig?

@ChaincodeLabs SQIsign I looks promising in terms of size, but the verification cost is way too high right now, unless there's some way to do large batch verifications faster. Otherwise, we'd have to reduce block sizes to like 3 kB or less.😱 And of course further study to ensure it's secure.

@ChaincodeLabs Is the bottom right cell correct? The colour is green but lower values are red (x99)

@ChaincodeLabs Lattice was tested for hardness for over a decade. Will the "near future" new algos be tested for that long as well or will you implement them without full confidence and pray nobody cares?

@ChaincodeLabs @BitcoinPierre That's why @cellframenet Compact, quantum-secure, and NIST-approved. Unlike bulky alternatives, Cellframe’s post-quantum stack balances security and efficiency from the ground up. 4–10M BTC at risk? $CELL was built so that never happens again. #PostQuantum #Cellframe #Crypto