I think it is never too early to start a discussion in the community on a roadmap to make Nano quantum-proof. Unfortunately Ed25519 is not quantum-proof so the search is on to nominate a new post-quantum signature scheme that is:
- Fast, particularly in verification (this is important to keep the consensus fast)
- Offers small signature size (we don't want to inflate the block)
- Has relatively small public and private keys (same as above)
Among the third round finalists of the NIST Post-Quantum Cryptography Standardization Process, only Rainbow has relatively small signature size (66 bytes) but the keys are huge (100-150kB!). Falcon-512 looks promising with 897byte/666byte public key and signature sizes, respectively.
Could such a post-quantum "upgrade" be done at all? Or would it be a totally new ledger where each account balance should be migrated somehow?