I haven't once even thought of investing in crypto, and think that the technology is mostly useless and proof of work schemes should be banned on environmental grounds.

Even so, I don't agree that quantum is a threat to crypto. There are already well known quantum-resistant encryption schemes being deployed live in browsers, today. Crypto can just start adopting one of these schemes today, and we're still probably decades away from a QC that can factor the kinds of primes that crypto security uses. The transition will be slightly more complex for proof of work schemes, since those typically have dedicated hardware - but other types of crypto coins can switch in months, most likely, if they decide to, at least by offering new wallet types or something.

>There are already well known quantum-resistant encryption schemes being deployed live in browsers, today. Crypto can just start adopting one of these schemes today, and we're still probably decades away from a QC that can factor the kinds of primes that crypto security uses.

It's very strange that some people act like switching over to a post quantum cryptography scheme is trivial. Did you watch the video I replied to, which is a talk by an actual quantum computing researcher?

I hadn't watched the video, but I cam away even more confused by your comment. The video, while very alarmist about the threat of QC, is also very explicit that switching to PQE is very easy. The whole point of the talk is "switching is easy, the costs are huge, start doing it today".

I also think the talk vastly overestimates the urgency of this, based on little more than marketing projections. The reality is that many of those claims are hugely optimistic, and ignore some fundamental difficulties. Mainly, the qubits / quantum gates being produced today are not at all as programmable as the logical qubits used in the theoretical results presented in those papers. So, even if they do achieve the projected marketing numbers, it's likely that they won't be able to run Shor's or Grover's algorithm on those QCs.

Not to mention, we've had many periods of flimsy encryption being used for important infrastructure, and it has not resulted in wide scale disasters. Of course we should be responsible and avoid this, but I think the doomsday scenario suggested is way overblown, even if it were true that a 1500 logical qbit programmable QC would be available in 2030.

I haven't seen anyone post any progress on factoring large numbers with quantum computers in a while. Annealers won't do it efficiently, but probably still hold the record anyway, for a relatively small number you could do classical hardware. Gate model machines with enough qubits to do it are still ages off. Bitcoin should find a way to transition to a post-quantum algorithm, but that's about it. As long as they do it before anyone has a big enough QPU, they're fine, and nobody is even close, it seems.

Unless advances in QC could rewrite the blockchain then there's not much to worry about. If the crypto algorithms are compromised, you coins are pretty much frozen on the chain until a new algorithms are implemented. Are you're arguing QC makes signatures/verification/mining impossible?

Before things were frozen you would have the biggest crash in market history. Then it would be like a futures market that has gone limit down. The panic during this time would be unbelievable. Then when it reopens it would crash further and effectively end trust in crypto.

Why though? Who is to decide which point of the blockchain is the good one and which blocks to “reject”?

Think twice. Everyone who hosts the blockchain would decide to stop because he invested in crypto, at least with some hardware costs. Beside of the small group of people that owns a quantum computer. I don't expect that this group is >50% of the people that hosts the blockchain.

You don't need >50% of bad actors to compromise the blockchain, but rather >50% of the total hashing power. This could very well be achievable by a small group of people with QC at some point.

How does QC aid SHA256 hash throughput?