The thing that supposedly sets Bitcoin apart from other cryptocurrencies is that it's deflationary and 'immutable', in that Satoshi is gone forever and any deviation of Bitcoin from his golden idea will result in undermining its essence. If Bitcoin can get quantum-attacked then, from a technical point of view, nothing will be lost. The Bitcoin core devs can issue a word-of-god statement stating that they'll roll back the chain to before the attack, and all is well. Then they'll change the cryptography. But at that point, is it still Bitcoin? Because you've undermined the immutability. If the core devs can just say "this core property of Bitcoin is now something completely different", who's to say that they won't change their minds about the deflationary nature in the future? All credibility will be lost. Now, if you accept that, is perhaps all credibility lost already? ...

Bitcoin has had significant protocol upgrades before, including the highly divisive segwit. IMO immutability is a non-issue, there's plenty of evidence that Satoshi generally agreed that consensus via the longest chain (most PoW) wins.

Thus, upgrading the protocol/code to change the encryption to something quantum-resistant should be no more controversial a change than segwit. The community has already answered the "is it still Bitcoin". Yes it is, protocol and code is free to change given longest-chain consensus.

The problem will be what to do with legacy addresses. Never before have issued coins been forcibly deleted by a BIP. It could turn out that legacy addresses (including Satoshi's) that fail to have their coins moved after a deadline must be considered compromised and burned/destroyed. That has no precedent with bitcoin, although it does with ETH.

Anyone know if there's a way out that doesn't require this? Obviously there's no way to ensure all legacy address coins are moved by the deadline.

> The Bitcoin core devs can issue a word-of-god statement stating that they'll roll back the chain to before the attack, and all is well. Then they'll change the cryptography.

That doesn't work, because once the signature scheme has been broken, nobody can prove that their coins are theirs. No roll back or word-of-god would help.

The only way to make bitcoin quantum-safe, is to introduce a quantum safe signature scheme, to encourage everyone to move their coins and to somehow accept that those who don't are not longer in control of their coins.

Bitcoin core devs do not make decisions for the distributed network. Yes they have outsized power but with the whole BIP110 thing going on now and Bitcoin Knots gaining adoption, I'm more confident now that sudden changes from the core devs will not be blindly accepted by all. That aside, it will be necessary to hard fork the chain from a point before a quantum attack, but there will be several proposals and the community will vote with their nodes.

No because you are not changing the ledger. You are changing the authentication mechanism for transactions. It's like adding a new supported password hash.

The core developers need buy-in from nodes controlling > 50% of the computing power in the network to make any fundamental change to the network.

This was already pretty well hashed out (heh) during the 'core'/'cash' issue when there was an attempt to fork in an expanded the block size. Both chains still exist. Bitcoin operation is entirely up to the miners to determine the heaviest chain, and that's like two entities (the number of entities required is called the Nakamoto coefficient). It's not magic, but there is a huge cult built up around it by scammers, rubes, opportunists and speculators.

For better or worse, Bitcoin is a true democracy. If all/most users decide to switch to a new quantum safe algorithm, then it is so.