[ameliaquining]

The hash function used for proof-of-work is, but the signature schemes for authenticating transactions aren't. So you can't make a bunch of counterfeit bitcoins out of thin air, but you can steal other people's bitcoins, which isn't really better.

[proto-n]

Not exactly. You can't steal anything unless the person revealed the public key. Addresses are just hashes of public keys, therefore qc resistant. However, you can't ever reuse an address, as signing reveals the public key.

Otoh, afaik either it wasn't like this in the satoshi era or satoshi revealed the public key. In any case, satoshi's wallets are crackable by qc.

[ameliaquining]

I'm curious, does this mean that, if all Bitcoin wallets had been programmed from the beginning to never reuse addresses, Bitcoin could have been implemented without any asymmetric cryptography?