BlockBeats message, January 25, a16z Crypto published a long article (Quantum Computing and Blockchain: Matching Urgency with Actual Threats) pointing out that the threat of quantum computing is severely polarized; both excessive optimism and excessive concern are incorrect. The publicly available progress in quantum computing is far from being able to practically run Shor's algorithm to crack RSA/ECDSA, but long-term risks cannot be completely ignored.
The threat window of quantum computing to different cryptographic primitives varies greatly. Encryption may suffer from 'harvest now, decrypt later' (HNDL) attacks, necessitating an early shift to quantum-resistant encryption; however, signatures are not easily affected by HNDL. Premature migration to quantum-resistant signatures may instead bring new risks such as performance loss, immature implementation, and code vulnerabilities, so a cautious advancement strategy should be adopted.