The signature size explosion is perhaps the most underappreciated challenge here. P2QRH's SPHINCS+-128s signatures are 7,856 bytes - that's 164x larger than current ECDSA signatures. Even the more efficient FALCON-512 at 690 bytes represents a 15x increase. This isn't just a storage problem - it fundamentally alters Bitcoin's economic model. Transaction fees calculated by size would increase proportionally, potentially making small-value transactions economically unfeasible. We could see Bitcoin's throughput drop from ~7 TPS to less than 1 TPS with SPHINCS+.
The quantum threat timeline adds urgency that the BIP doesn't fully capture. IonQ's roadmap targets 1,600 logical qubits by 2028, potentially sufficient for breaking secp256k1. Google's Willow chip demonstrates exponential error reduction with scale. We're not looking at a distant theoretical threat - we're potentially 3-5 years away from cryptographically relevant quantum computers. The 5-year Phase B timeline might already be too generous.


If ECDSA is fully broken - this is actually a fascinating observation. However, the security implications go deeper. Approximately 25% of Bitcoin's supply sits in quantum-vulnerable addresses, including Satoshi's ~1 million BTC in P2PK outputs. If quantum computers emerge before migration completes, we could see a race condition where quantum-capable actors attempt to sweep these vulnerable funds, potentially causing massive market disruption.
The ZK-proof recovery mechanism in Phase C is technically ambitious to the point of being speculative. Proving knowledge of a BIP-39 seed phrase that generates a specific address through HD derivation, all while maintaining zero-knowledge properties, requires cryptographic constructions we haven't fully developed for Bitcoin's context. This isn't just a implementation detail - it's a fundamental research problem that could take years to solve properly.
What's particularly concerning is the minimum 76.16 days of continuous processing time required for network-wide upgrade under optimal conditions. This assumes perfect coordination and no complications - historically, Bitcoin upgrades like SegWit took years to achieve meaningful adoption. The mandatory nature of this migration creates an unprecedented coordination challenge.
Alternative approaches from other projects offer interesting perspectives: QRL's use of stateful XMSS signatures works but requires careful key management that doesn't align with Bitcoin's address reuse patterns. Ethereum's planned integration of zk-STARKs provides quantum resistance while maintaining better performance characteristics, but requires more complex cryptographic assumptions.
The suggestion to use timelocking instead of burning funds is excellent - it maintains optionality while avoiding the philosophical issues of mandatory fund forfeiture. However, this still doesn't solve the fundamental dilemma: how do we coordinate a global, mandatory cryptographic migration in a decentralized system designed to resist exactly this type of coordinated change?
The real challenge isn't technical - it's game theoretical. Early migrants pay higher fees for larger transactions while gaining quantum security. Late migrants risk fund loss but enjoy cheaper transactions longer. This creates a complex prisoner's dilemma that could fragment the network.

C3 (CCCR) will be a great option, doing an ICO right now (my review of their ecosystem).

Looks promising. Good luck dev.

Хотите инвестировать - научитесь оценивать проекты как инвестор: смотрите, есть ли MVP, или хотя бы толковый бизнес-план (с графиком окупаемости, с описанием преимуществ по сравнению с конкурентами и всем остальным). Учтите, что оценить жизнеспособность проекта можно, лишь разбираясь в отрасли, к которой он относится, поэтому, если проект приглянулся, а знаний в отрасли не хватает, лучше проконсультироваться с экспертом.

Правда, большинство ICO сейчас - это идея + прогноз по росту токена, не понятно на чём основанный.

ICO - это прежде всего технология, которая, по идее, призвана заменить традиционные методы эмиссии ценных бумаг. А законодательное регулирование проведения ICO усложнит использование этой технологии для мошенников и упростит для честных людей.

Just checked - really there are no exact dates for milestones. So it can be few days or few years, right?


This is the main point - how do you plan to distribute "Satoshi's bitcoins"?
If saying "Satoshi's bitcoins" you mean bitcoins mined by Satoshi Nakamoto, the founder of Bitcoin, so you're either Satoshi or you want to steal from him.
Can you give a logical explanation to this part of your plan?

Someone claims he will do things he is not capable of (like give away Satoshi's bitcoins, develop smart contracts in a few days, etc.) and so many people still believes it is not a scam?

Hi

As comes from the title of this topic I want to collect here all ICOs based on already working projects and technologies. There are a lot of different ICOs, looking very promising, but, since Vitalik said, most of them will fail, many investors consider much safer participating in an ICO backed by existing project rather than one having just an idea behind it.
Lets post such ICOs here.

Congrats with successful ICO!

Have a question to the team: why I don't see your bug-bounty campaign anywhere? Such project without bug-bounty looks like cobbler without shoes, you should definitely make one 

Написал в PM

I'm also interested in platform, asked about it twice in this thread but got no answer 
Seems there are no dev team here, just bounty posters creating hype 

I think the best investment now is ChainLink (LINK) by SmartContract - distributed Oracle for all smart contracts. It is already tested in partnership with SWIFT - this is sign of its bright future in fintech industry.

Is anybody from Hacken project in this topic who can answer my question?

Still need Russian translation?

The project looks promising. Is your HackenProof platform better than Zerodium, which is already used by most whitehats and large companies? Can you provide any comparison table?

Есть готовый бот для этой биржи, могу настроить под вашу стратегию, а также протестировать её на исторических данных.

и явки 

А по теме -  ещё один скорее всего не только обойдётся дешевле, но и будет надёжней альтернативной прошивки. по крайней мере на этапе тестирования возможен простой асика из-за ошибок.

Хотя, если ТС собирается в дальнейшем продавать прошивку владельцам асиков, то смысл в такой разработке есть. Пишите в личку.