Hello everybody. Nice to meet so many people interested in quantum threat to a blockchain in one place. We've been working on one post-quantum project for 2 years and of course we're talking with physicists, pq-cryptographers and other academic minds. And I just want to add a couple things and links you guys might like.
First probably you will be interested in reading about Neven's law (
https://www.quantamagazine.org/does-nevens-law-describe-quantum-computings-rise-20190618/). It is not a "law" of course but an interesting thing to keep in mind.
Second the most powerful quantum chip for today is 128-qubit chip produced by Rigetti (
https://medium.com/rigetti/the-rigetti-128-qubit-chip-and-what-it-means-for-quantum-df757d1b71ea).
Third how many quits you need to crack a blockchain. It depends on a type of encryption, but the point is, it is 2300+ (
https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks)
Fourth Intel thinks we'll get 1000 quits by 2024 (
https://spectrum.ieee.org/nanoclast/computing/hardware/intels-new-path-to-quantum-computing) and ECDSA will be at risk by 2027 (
https://arxiv.org/pdf/1710.10377.pdf).
Fifth implement post-quantum encryption to existing blockchains? This is a close to impossible task.
Sixth That's what NIST says about PQC in their project (probably all of you aware of it but
https://csrc.nist.gov/Projects/Post-Quantum-Cryptography):
Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure. Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.
So, yes, quantum threat is a thing to be aware (and probably afraid of) and yes, we gotta start working on it now. Plus, thanks to smart people from NIST we're in good hands. Btw we're working on a utility to secure all of the blockchains from it. I hope this week we'll publish an article about quantum thief where we will explain why the only thing that will save us from it is game theory (and PQC, of course).
I hope I didn't miss anything. Will be happy to answer your questions (but I can get here only a couple times per week max so don't wait for fast replies, sorry)
I'm interested on your take on your 5th point. Its quite a bold claim that has been disputed over in the development sub forum and here by some pretty bright minds. Why do you think its an impossible task? I think its difficult for a number of reasons including but not limited to the consumer issues that would come with bigger such a big change. As far as I know there are many different projects working on including quantum resistant algorithms into the existing infrastructure of Bitcoin and they are making good progress. The only issue with that is this would require a hard fork and there will be multiple different options to choose from. I would be interested in getting achows opinion on the matter but I'm afraid that discussion about quantum computers would quickly get buried.