The best proposal I have heard for rescuing P2SH wallets after cryptographically relevant quantum computers exist is to require vulnerable wallets to precommit to transactions a day ahead of time. The precommitment doesn't reveal the public key. When the public key must be exposed as part of the actual transaction, an attacker cannot redirect the transaction for at least one day because they don't have a valid precommitment to point to yet.

▲

warkdarrior 3 hours ago | parent [-]

24-hour latency to make a payment? What is this, the 20th century?

	▲	Strilanc 2 hours ago \| parent [-]
		This is for rescue, not for payment. Once you've moved the coins to quantum-secure wallet, the delay would no longer be needed. ...probably some people would be very inconvenienced by this. But not as inconvenienced as having the coins stolen or declared forever inaccessible.