imagine ECDSA is demonstrated to be broken by quantum computing tomorrow

now everyone’s scrambling to move funds into a smart wallet with quantum-resistant signature verification ASAP

what’s the best implementation of this currently out there? does one even exist?

curious if @vitalik.eth has thought about this

NIST recommends figuring out a migration strategy to PQC by 2035 https://csrc.nist.gov/pubs/ir/8547/ipd

Signal has been using pqc in its protocol since last year

He has written about this in the past:

tl;dr: Assuming that most EOAs are BIP-32-based, require a ZK proof of ownership of the BIP-32 seed phrase (which can't be derived by a quantum attacker) to authorize moving EOA funds.

He has written about this in the past:

tl;dr: Assuming that most EOAs are BIP-32-based, require a ZK proof of ownership of the BIP-32 seed phrase (which can't be derived by a quantum attacker) to authorize moving EOA funds.

https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901

Sha256 and similar hash functions are considered quantum safe.

STARKs use hash functions heavily and so are also considered quantum safe.

So in a pinch you could hard fork an upgrade where everyone switches to a new key, and a zk proof of knowledge is used for the new private key instead of normal signatures.

Have you considered reaching out to @vitalik.eth directly to ask him about it?