> Reasons I'm skeptical (perhaps you can address these):
1) Monero may have first mover advantage in the privacy realm, but at the cost of prunability. Grin not only avoids that cost but further improves prunability beyond bitcoin. To me the first mover advantage will always belong to bitcoin, which will likely adopt privacy improving features in the long term.
2+3) Indeed; when evidence appears of quantum computers becoming feasible at breaking EC crypto, current blockchains will need to adopt post-quantum crypto methods of signing transactions, and migrate existing balances. Since EC crypto is more heavily ingrained into Grin, it may have a much harder time than the more modular bitcoin design, or even find it impossible to do so. I'm not aware of any post-quantum equivalent to Pedersen commitments.
My hope is that quantum computer development runs into insurmountable barriers...
>current blockchains will need to adopt post-quantum crypto methods of signing transactions, and migrate existing balances.
That's sort of true. Bitcoin is mostly quantum safe. The only vulnerability is that a quantum computer could deduce a private key and change a transaction during the brief (~1 hour) window when the transaction is pending. Quantum computers would have get to ~660*10^6 quantum gates per second before this becomes feasible (roughly a clock cycle of 660 MHz in classical terms). The first quantum computers will likely be slower than this.
The bitcoin ledger itself is quantum safe because addresses are hashes of public keys rather than just naked public keys. QC won't significantly speed up hash inversion thus a QC won't be able to steal funds out of an arbitrary address.
This is what I mean by bitcoin "layering the crypto" so as not to have a single point of failure. Sure bitcoin could have just used public keys as addresses. Instead it choose to use hash's of keys seemingly for no reason. Some of the facets of Satoshi's design are so genius that we only learn their purpose years later.
>My hope is that quantum computer development runs into insurmountable barriers...
ehhh maybe the GRIN devs should think about this now rather than later.
> The bitcoin ledger itself is quantum safe because addresses are hashes of public keys rather than just naked public keys.
This is true of later addresses, but in early times, addresses were naked public keys, and tons of bitcoins are thus vulnerable to slow quantum computers.
I could have sworn that hashing the pub key was all the way back in the whitepaper. In any case are any "naked pub key" coins still left unspent? I'd reckon that if they are actively owned by someone than that person can forward to a secure address when QC becomes practical and if they are "lost" then who cares if someone with a QC comes and claims them?
1) Monero may have first mover advantage in the privacy realm, but at the cost of prunability. Grin not only avoids that cost but further improves prunability beyond bitcoin. To me the first mover advantage will always belong to bitcoin, which will likely adopt privacy improving features in the long term.
2+3) Indeed; when evidence appears of quantum computers becoming feasible at breaking EC crypto, current blockchains will need to adopt post-quantum crypto methods of signing transactions, and migrate existing balances. Since EC crypto is more heavily ingrained into Grin, it may have a much harder time than the more modular bitcoin design, or even find it impossible to do so. I'm not aware of any post-quantum equivalent to Pedersen commitments. My hope is that quantum computer development runs into insurmountable barriers...