Fom my good friend BTCBap - "You seem to accept using HDDs for these massive signature sizes as a necessary tradeoff for cost-effective scaling - "not terribly unhappy" with lugging around an 8tb for bitcoin. However, isn't the performance impact of using HDDs a significant concern these days? Like isn't that actually an issue? Don't people say you should really only run nodes with ssds? How much would this actually affect the UX of Bitcoin? Would hardware signing devices take minutes to sign, especially multiple UTXOs, with these gargantuan signatures?"
Fortunately, I think the answer to all these questions is "no", but these questions deserve a better answer, and so I'm writing this follow-up article to the one I just wrote on P2QRH / QuBit chain size growth. Isn't the performance impact of HDDs a significant concern these days?
As hard drives increase in capacity, usually this follows from an increase in density, which allows the write / read heads to increase the amount of bytes read or written in the same distance. Additionally, they've added these enormous RAM caches, 256MB for the 20TB models, which is a good number because bitcoind's blk.dat files are ~128MB each.
2. Don't people say you should really only run nodes with SSDs?
For things like databases and indexes like electrs and ord, an SSD is essential to get anywhere anytime quickly. IME bitcoind isn't as bad.
3. How much would this actually affect the UX of Bitcoin?
I think the biggest impact will be in wallets, especially as one might decide to use multiple signature algorithms to secure each output, especially if the UTXOs hold more value. Users will need to be informed of the fees using a proper client side transaction size calculation, which isn't trivial. Then you'll set the number of sigs per your "paranoia level".
4. Would hardware signing devices take minutes to sign, especially multiple UTXOs, with these gargantuan signatures?
You're correct in thinking the more UTXOs, the more signatures, and additionally, the attestation will support more than one signature per UTXO. However, even with larger signatures like SPHINCS, I don't imagine this taking longer than a few seconds. As for signature size, while they're much larger than those used in elliptic curve cryptography, those are only about 64 bytes each, whereas the size of post quantum signatures will be between ~400 bytes and 4KB each, which isn't very large on an individual level (like when signing). Typically verification is faster than signing, which is also important when your signatures will be verified by tens of thousands of nodes.
Also, if this wasn't clear from the first article, or the BIP, where it's mentioned multiple times, QuBit is a soft fork of Bitcoin, though there will also be testnets and maybe even a sidechain to help with the task of building wallets with post-quantum cryptography support.