Comment by liuliu
5 hours ago
What about the Bitcoin argument? If CRQC is built, given that you only needs ~1000 logic qubits (and probably fewer gates than RSA) for ECDSA, you would expect big financial incentive to just use the compute a little bit to crack a few cold wallets. (After all, leaking classified information to the press is much easier to be caught than cracking wallets). And we will notice this breakthrough almost immediately if not within a few weeks.
Most cold wallet addresses with a balance have never signed a transaction. This keeps the public key secret behind sha256 hashes which don't fall to quantum computing (128 bits of security with quantum search).