I'm in, I think, a group of people now, that have pointed this out, here and elsewhere ... I like to call it the "epistemological problem" because, why use short words when a long one will do :) The scenario is all the worse because (as, again, has been pointed out before): the "I have a CRQC" signed message you mention is (more likely), or can be, someone who has just placed a short in the market, rather than an actual CRQC holder. The point is that during a period from "bitcoin doesn't have PQ algos" to "bitcoin has PQ algos" the transition will always be essentially 100% opaque; every honest action of moving to safety looks identical, onchain, to theft.


  a key that is crackable in-advance of bitcoin being cracked, so that we know quanutm is "real".

 1. deterministic random elliptic-curve address on a much smaller-bit-strength curve, but not so much smaller that classical attacks are feasable    
 2. bounty for the solution enforceable with a smart contract
 3. refusal to accept that "i have a CRQC" message unless this well-known-key is used, because anything else is likely a scam (private key known in advance)
 4. understanding that cracking a 180-bit key only gives us 6 months to a year of quantum engineering scaling to fix bitcoin
 6. published plan to move quickly as needed
 
the physics is cool, but the engineering needed to scale may still well be impossible in the physical world.   bitcoin *cannot* respond to claims that unicorns exist with protocol changes.  but we *can* respond with a bip that allows us to rapidly deploy defense against unicorn horns once irrefutable evicence arrives that they exist.   

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAJowKgJwq88yfJEQzZ%2Bv-33EtEuYif1y6qsXtyoRyk2V%2B44cww%40mail.gmail.com.