Another challenge is that post-quantum cryptography is a specialized kind of cryptography. Post-quantum cryptography is a real specialty. Choosing the right scheme and implementing it without the right knowledge, might backfire. So implementing post-quantum cryptography without consulting a post-quantum cryptographer and commissioning an external audit is a serious risk. What will you use? Will you use XMSS? How you make sure your blockchain can handle stateful signatures? You use WOTS+? How you make sure this is user-friendly? How will you make sure there is no old debtor who will sent funds to an old address? You use SPHINCS? How you going to handle 41KB signatures? You use BLISS B? How you prevent side channel attacks? You waiting for a NIST outcome? There is no guarantee that will be a magic scheme. Might still take a lot of work to implement.
Just an example: If you will use WOTS+, you will need to find a solution for the fact that you can’t reuse addresses. The most well known example is IOTA. They had some unexpected issues where people actually lost money. The problem went a bit deeper than just not reusing addresses: http://blog.lekkertech.net/blog/2018/03/07/iota-signatures/ This is fixed from the user perspective in the Trinity wallet. The remaining issue to solve now is the fact that constantly changing addresses, is impractical. Any company needs a standard address to pay to, not a different address for every new payment. (qr-code stickers → the quick response code not to be confused with the abbreviation for quantum resistance, invoicing and the random order of customers paying invoices, etc.) Propositions for a solution have been made so this is still an ongoing process for IOTA.
In the next part I elaborate on the fact that an upgrade with a quantum resistance signature scheme, will change the performance of the blockchain. You can continue reading part 4C here