Hi all,

Recently I've been exploring what a post-quantum attack on Bitcoin would
actually look like, and what options exist for mitigating it.

I've put up a draft of my research here:
https://medium.com/@tristanhoy/11271f430c41

In summary:
1) None of the recommended post-quantum DSAs (XMSS, SPHINCS) are scalable
2) This is a rapidly advancing space and committment to a specific
post-quantum DSA now would be premature
3) I've identified a strategy (solution 3 in the draft) that mitigates
against the worst case scenario (unexpectedly early attack on ECDSA)
without requiring any changes to the Bitcoin protocol or total committment
to a specific post-quantum DSA that will likely be superseded in the next
3-5 years
4) This strategy also serves as a secure means of transferring balances
into a post-quantum DSA address space, even in the event that ECDSA is
fully compromised and the transition is reactionary

The proposal is a change to key generation only and will be implemented by
wallet providers.

Feedback would be most appreciated.

Regards,

Tristan