Just wanted to add a thought I had some days ago (have thought about it and I see no drawback until now).
Like
garlonicon wrote in this post, most of we'd need to make Bitcoin "quantum-resistant" is to extend Bitcoin Script with mechanisms to handle other public key cryptosystems than ECDSA.
While there's surely a long way to go to get this implemented in the Bitcoin protocol, one could imagine an extension protocol for tokens based on the OP_RETURN mechanism, like OmniLayer, supporting interesting quantum-resistant cryptosystem candidates first, which would be possible much faster (they could simply copy/paste parts of the algo of this shitcoin which was promoted in this thread by a certain FUDster
). You could then not only create Tether-like centralized tokens which are quantum resistant, but also in theory an 1:1 pegged Bitcoin stablecoin - the easiest way would be using a proof-of-burn scheme, where each bitcoin burnt would entitle its owner to create one unit of the quantum-resistant Bitcoin stablecoin (we could call it QBitcoin).
If the threat becomes real at some point and Bitcoin extends its Script language to support a quantum-secure algorithm, then it should be possible to "merge" the QBitcoin with the "old" upgraded Bitcoin. This would be a way to ensure QBitcoin's peg with Bitcoin holds, although maybe not absolutely necessary.
I write this mostly because if someone is really worried about quantum computers then this could be possibly a straightforward path for Bitcoin to achieve quantum resistance step by step, without having to wait for a complete, thoroughly-tested implementation - and no shitcoin is really needed.
By the way, I wonder if
Simplicity, if it gets included into Bitcoin, could provide the necessary functions for "quantum resistant addresses"? In the
whitepaper it's mentioned that it's "expressive enough to represent any finitary function", so wouldn't "quantum computer resistant cryptography" be a possible use case?