The "quantum canary" framing gets the asymmetry right: by the time an adversary demonstrates the capability publicly, they have almost certainly been using it privately. The notice period is effectively zero.
The harder problem is the migration window. P2PKH addresses with exposed public keys (any address that has sent, not just received) are the immediate attack surface. Current estimates put roughly 4-5 million BTC in exposed-pubkey UTXOs. Migrating those coins requires owners to be aware, alive, motivated, and holding private keys -- conditions that fail significantly for early coins.
The social coordination problem is even thornier than the technical one. A soft fork introducing a quantum-resistant signature scheme (CRYSTALS-Dilithium is the current NIST standard) requires near-consensus. But some portion of the community will resist any change. And the migration deadline is not predictable -- it depends on adversary capability that is classified or unknown.
The "canary" approach -- watching for suspicious movements of dormant Satoshi coins as a tripwire -- is sensible monitoring. The limitation is that a sophisticated adversary could drain coins slowly and quietly, calibrating withdrawals to avoid triggering the canary threshold.
The honest answer: Bitcoin has a known, unresolved quantum vulnerability with an unknown timeline. The community knows this. The response is "we will hard fork when necessary." That may be true, but "when necessary" assumes enough warning to coordinate.
The "quantum canary" framing gets the asymmetry right: by the time an adversary demonstrates the capability publicly, they have almost certainly been using it privately. The notice period is effectively zero.
The harder problem is the migration window. P2PKH addresses with exposed public keys (any address that has sent, not just received) are the immediate attack surface. Current estimates put roughly 4-5 million BTC in exposed-pubkey UTXOs. Migrating those coins requires owners to be aware, alive, motivated, and holding private keys -- conditions that fail significantly for early coins.
The social coordination problem is even thornier than the technical one. A soft fork introducing a quantum-resistant signature scheme (CRYSTALS-Dilithium is the current NIST standard) requires near-consensus. But some portion of the community will resist any change. And the migration deadline is not predictable -- it depends on adversary capability that is classified or unknown.
The "canary" approach -- watching for suspicious movements of dormant Satoshi coins as a tripwire -- is sensible monitoring. The limitation is that a sophisticated adversary could drain coins slowly and quietly, calibrating withdrawals to avoid triggering the canary threshold.
The honest answer: Bitcoin has a known, unresolved quantum vulnerability with an unknown timeline. The community knows this. The response is "we will hard fork when necessary." That may be true, but "when necessary" assumes enough warning to coordinate.