You can read part 1 here, part 2 here, part 3A here, part 3B here, part 3C here, part 4A here, part 4B here, and part 4C here, and part 4D here, part 5 A here, part 5 B here, part 5 C here part 5 D here, and part 5 E here
An attack during moment number 2: Hijacks pre-blocktime.
The story doesn’t end here. The paper doesn’t describe the possibility of a pre-blocktime hijack.
So back to the paper. As explained: while making a transaction, your public key is exposed for at least the blocktime. For BTC this blocktime is 10 minutes. That is the period where your public key is visible and where, as described in the paper, a transaction can be hijacked, and by using quantum computers, a forged transaction can be made. So the critical point is determined to be the moment where quantum computers can derive private keys from public keys within 10 minutes. Based on that 10 minute period, they calculate (estimate) within how many years QC’s start forming a threat to BTC. (“ By our most optimistic estimates, as early as 2027 a quantum computer could exist that can break the elliptic curve signature scheme in less than 10 minutes, the block time used in Bitcoin.” This is also shown in figure 4 on page 10 of the paper and later more in depth calculated in appendix C, where the pessimistic estimate is around 2037.)
But before a miner selects a transaction and starts to work on a block, the transaction is added to the mining pool and waits there to be selected. This selection isn’t instant, and thus another window of opportunity to start working with the public key arises. Now in rush hours, transactions can be stuck in the pool for a while simply because transactions are piling up and the network can’t handle the amount of transactions fast enough. So at these times the window of opportunity could increase quite seriously and the time the public key is exposed is extended.
But you could also artificially extend that 10 minutes through network based attacks like DDoS, BGP routing attacks, NSA Quantum Insert, Eclipse attacks, or anything like that. (And I don’t mean you extend the block time by using a network based attack, but you extend the time you have access to the public key before the transaction is confirmed.) Bitcoin would be earlier at risk than calculated in this paper.
Also other Blockchains that hash their public keys, and which have way shorter block times, imagine themselves safe for a longer period than BTC. But with this extension of the timeframe within which you can derive the private key, they too will be vulnerable way sooner.
Not so long ago an eclipse attack demonstrated it could have done the trick. Here a paper on the eclipse attack. Causing the blockchain to work over max capacity, means the transactions will be waiting to be added to a block for a longer time. This time needs to be added on the blocktime, expanding the period one would have time to derive the private key from the public key.
That seems to be fixed now, but it shows there are always new attacks possible and when the incentive is right (Like a few billion $ kind of right) these could be specifically designed for certain blockchains.