Do we also have a plan how we will switch the old addresses to the secure addresses? Transfer the coins?
Let's assume these guys
Pollard's kangaroo ECDLP solver have a very very fast computer and can calculate ECC private keys in the 2^256 range and demonstrate it and reassure us. How would we proceed?
From user side, they need to move their coin to "secure address". But from technical side, there are few dilemma such as,
1. Should we freeze UTXO with vulnerable cryptography or let it stolen?
2. Should node/miner reject transaction where the output contain "old address" after "secure address" is available?
And what algorithm is that exactly? They always talk like one exists but I havent seen it yet.
I'm also not an expert on the subject, however the one most commonly talked about at the moment is Lamport signatures, but probably only because they are the most developed. They have a couple of disadvantages, however, most notably their size, which effectively precludes them being used in their current form. There is plenty of researching going on in this area though, so I suspect the algorithm we eventually fork to is one which is still very early on in its development.
Lattice-based and Multivariate-based cryptography also frequently mentioned.