The technical solution to Bitcoin's quantum woes is actually straightforward: 1/ support an opcode to verify SPHINCS+, it's not the most efficient but it's the most conservative choice and you won't have to debate forever about whether it's safe enough. Soft fork or hard fork it doesn't matter. 2/ push everywhere for the default witness script used in every wallet that a SPHINCS+ signature as an alternative. 3/ when the 64 bit EC is publicly broken deprecate elliptic curve sigs by soft fork, they should all verify to false 4/ later include STARK sigs to prove ownership of a BIP39 seed to rescue unmigrated UTXO Do number one now, don't over think it.

I’ve actually come around to hash based signatures. Introducing no new assumptions even with steep performance tradeoffs is very bitcoin coded