Willow quantum chip demonstrates verifiable quantum advantage on hardware

I think that’s backwards: most of the stuff you mentioned is using TLS and can switch to post-quantum algorithms with a config change, and do so incrementally with no user-visible impact - e.g. right now I’m already using PQC for many sites and about half of the traffic Cloudflare sees is using PQC:

https://radar.cloudflare.com/adoption-and-usage

In contrast, cryptocurrencies have to upgrade the entire network all at once or it’s effectively a painful fork. That effort appears to just be getting talked about now, without even starting to discuss timing:

https://github.com/bitcoin/bips/pull/1895

Is this a purely server side migration? Do browsers/OSs need updating too?

> In contrast, cryptocurrencies have to upgrade the entire network all at once or it’s effectively a painful fork

Bitcoin is much more centralized than the popular imagination would have you believe, both in terms of the small number of controlling interests behind the majority of the transaction capacity, and just as importantly the shared open source software running those nodes. Moreover, the economic incentives for the switch are strongly, perhaps even perfectly, aligned among the vast majority of node operators. Bitcoin is already dangerously close to, if not beyond, the possibility of a successful Byzantine attack; it just doesn't happen precisely because of the incentive alignment--if you're that large, you don't want to undermine trust in the network, and you're an easy target for civil punishment.

Clients need to be updated, too, since what's happening is that the server and client need to agree on a common algorithm they both support, but that's been in progress for years and support is now pretty widespread in the current versions of most clients.

Stragglers are a problem, of course, but that's why I thought this would be a harder problem for Bitcoin: for me to use PQC for HTTPS, only my browser and the server need to support it and past connections don't matter, whereas for a blockchain you need to upgrade the entire network to support it for new transactions _and_ have some kind of data migration for all of the existing data. I don't think that's insurmountable – Bitcoin is rather famously not as decentralized as the marketing would have you believe — but it seems like a harder level of coordination.

I definitely agree that the major players will want to move forward, but it seems like there's a legacy system kind of problem where it can stall if you get some slackers who either don't update (what happens to cold wallets?) or if some group has ideological disagreements about the solution. None of that is insurmountable, of course, but it seems like it has to be slower than something where you personally can upgrade your HTTPS servers to support PQC any time you want without needing to coordinate with anyone else on the internet.

I can't remember which chain it was but I'm sure I've seen stats on in-progress rollouts of protocol changes where the network took something like weeks or months to all get upgraded to the new version. You can design for tolerating both for a time.

(I know that you understand this, but just highlighting it)

In fairness, the original Bitcoin white paper referenced both (1) distributed compute and (2) the self-defeating nature of a Byzantine attack as the means of protection. It's not as though (2) is just lucky happenstance.

Hence, why proof of stake can exist.