PSA: The quantum apocalypse isn't coming A cryptographically-relevant quantum computer is physically impossible: real hardware hits a fundamental back-reaction limit at a few hundred high-fidelity logical qubits due to size-dependent noise from the error-correction process itself. Shor on 256-bit ECDSA requires thousands to tens of thousands of near-perfect ones. The gap is physical and insurmountable. The actual use-cases for “quantum computers” are: - Gassing up investors with science jargon - Building a regulatory moat - Scaring people away from battle-tested open-source cryptography Implementing quantum resistance would be very bad for Bitcoin: - Dilithium2 / Dilithium3 in P2TR - Falcon-512 / Falcon-1024 in P2TR - SPHINCS+-128f in P2TR - ECDSA + Dilithium2 hybrid (legacy/SegWit/Taproot) - ECDSA + Falcon-512 hybrid (legacy/SegWit/Taproot) - New lattice or hash-based spend paths - New QR address formats / commitments - Signature size 9–240× larger - Pubkey size 27–40× larger - Typical spend 15–50× higher fees forever - Witness data 15–50× bigger - UTXO set 10–20× larger within years - Validation time 5–20× slower - Far more complex code, not battle tested - Permanently higher fees (15–50× per tx) - Lightning channel closes 15–50× more expensive - Pruning nodes die (UTXO bloat kills them) - Full-node storage +10–20× in a few years - Increased centralization pressure - Permanent consensus & DoS risk increase - New critical bugs and side-channels Some of the work people are doing to show that we COULD add QR, IF we needed to, is probably helpful to fight the FUD. But don't buy the hype and don't get bullied by the quantum mafia hype machine. #Bitcoin View quoted note →