We all know QCs are being worked on but most likely decades away from being a danger to ECDSA used in Bitcoin... that said though, when that day does arrive, either due to QC or some mathmatical genius figures out how to break it, it seems prudent to have another signature system in the wings that people could opt to move their coins to.

I'd like to discuss the pros/cons of implementing lattice signatures in bitcoin now such that when ECDSA is broken it's an orderly transition to use a different lock on funds.

I'd also like to suggest that we add an optional PoW on a transaction submitted to a node so that when someone submits their transaction they can provide a PoW of that Tx alongside to the node to show they really want the tx to be included.

In normal usage like we are today, no PoW for a Tx is required.  But if there is a systemic compromise of existing transactions, this PoW feature could be enabled by miners such that they only repeat a tx with PoW offered along side it.  This way even if the unlikely event of a large QC being made and used to attack the network happens, there is a plan on how people can safely move their bitcoin to an alternative locking mechanism.

Thoughts?