[johncolanduoni]

For 3), you could say the same about most of the crypto currencies’ mathematical groundings. The properties of hash functions like SHA256 are far from guaranteed, and are subject to the same advancements in analysis and computing capabilities as those that have led to the deprecation of SHA1, MD5, etc., albeit with a different desired weakness.

[bufferoverflow]

If these hashes are broken, most cryptocurrencies have a plan to switch to post-quantum cryptography. It can happen very quickly, within weeks.

Also consider that if they are actually broken, we will have much bigger problems - no secure banking, military data compromised, all kinds of hacking of all kinds of infrastructures, etc.

[zakk]

SHA is already quantum resistant. The problem is with public key encryption, i.e. bitcoin addresses.

[johncolanduoni]

The problem that Bitcoin relies on being hard (with regards to the proof of work, not addresses) is different from the one e.g. the standard PKI relies on being hard. It's not very likely the hashes would be broken by an advance in quantum computing; there are some sub-exponential speed ups that have been explored but nothing that would break the blockchain. It would be more akin to the movement from GPUs to ASICs.

[sincerely]

why not implement post-quantum crypto now if there’s already a plan in place? this seems like a situation where “better late than never” isn’t true

[johncolanduoni]

The post-quantum algorithms haven't been around very long and as a result don't have the same level of confidence. Most post-quantum implementations that are in or nearing production use both existing methods (e.g. DH) and a post-quantum counterpart (e.g. New Hope) and combine them in a way that requires both to fail for there to be an issue (e.g. XORing the produced secrets together).

[arisAlexis]

There is one launching check out theqrl.org