[wahern]

> In contrast, cryptocurrencies have to upgrade the entire network all at once or it’s effectively a painful fork

Bitcoin is much more centralized than the popular imagination would have you believe, both in terms of the small number of controlling interests behind the majority of the transaction capacity, and just as importantly the shared open source software running those nodes. Moreover, the economic incentives for the switch are strongly, perhaps even perfectly, aligned among the vast majority of node operators. Bitcoin is already dangerously close to, if not beyond, the possibility of a successful Byzantine attack; it just doesn't happen precisely because of the incentive alignment--if you're that large, you don't want to undermine trust in the network, and you're an easy target for civil punishment.

[tennysont]

(I know that you understand this, but just highlighting it)

In fairness, the original Bitcoin white paper referenced both (1) distributed compute and (2) the self-defeating nature of a Byzantine attack as the means of protection. It's not as though (2) is just lucky happenstance.

Hence, why proof of stake can exist.

[acdha]

I definitely agree that the major players will want to move forward, but it seems like there's a legacy system kind of problem where it can stall if you get some slackers who either don't update (what happens to cold wallets?) or if some group has ideological disagreements about the solution. None of that is insurmountable, of course, but it seems like it has to be slower than something where you personally can upgrade your HTTPS servers to support PQC any time you want without needing to coordinate with anyone else on the internet.