As you alluded to, network can have two parallel chains where wallets can be upgraded by users asynchronously before PQC is “needed” (a long way away still) which will leave some wallets vulnerable and others safe. It’s not that herculean as most wallets (not most BTC) are in exchanges. The whales will be sufficiently motivated to switch and everyone else it will happen in the background.
A nice benefit is it solves the problem with Satoshi’s (of course not a real person or owner) wallet. Satoshi’s wallet becomes the defacto quantum advantage prize. That’s a lot of scratch for a research lab.
>Satoshi’s wallet becomes the defacto quantum advantage prize. That’s a lot of scratch for a research lab.
Considering that would be criminal theft I doubt it. Moving the funds could also lead to panic crash, selling them off would not only take ages but involve doxing yourself and put a billion dollar bounty on your head because transaction are public and off ramps all use KYC.
It would be much safer to slowly crack old small value wallets over time.
Reminder that actual good cryptocurrency like monero have the advantage of wallets and transactions being private so you would need to crack without even knowing if they are worth it or exist.
The problem is that the owner needs to claim their wallet and migrate it to the new encryption. Just freezing the state at a specific moment doesn't help; to claim the wallet in the new system I just need the private key for the old wallet (as that's the sole way to prove ownership). In our hypothetical post-quantum scenario, anyone with a quantum computer can get the private key and migrate the wallet, becoming the de-facto new owner.
I think this is all overhyped though. It seems likely we will have plenty of warning to migrate prior to achieving big enough quantum computers to steal wallets. Per wikipedia:
> The latest quantum resource estimates for breaking a curve with a 256-bit modulus (128-bit security level) are 2330 qubits and 126 billion Toffoli gates.
IIRC this is speculated to be the reason ECDSA was selected for Bitcoin in the first place.
Note, the 126 billion Toffoli gates are operations, so that's more about how many operations you need to be able to reliably apply without error.
It should be noted that according to IonQ's roadmap, they're targeting 2030 for computers capable of that. That's only about 5 years sooner than when the government has said everyone has to move to post quantum.
Yes obviously that has to happen before authentication doesnt work anymore. And then it also needs to end before, because yeah obviously everybody who can crack it has access to all wallets.
A nice benefit is it solves the problem with Satoshi’s (of course not a real person or owner) wallet. Satoshi’s wallet becomes the defacto quantum advantage prize. That’s a lot of scratch for a research lab.