We talk about “long-term” survivability of Ergo without considering potential development in quantum computers.
How will Ergo adapt as quantum computers evolve?
Probably we should start thinking about sigma protocol to replace proveDlog with some quantum-secure mechanisms (like lattices/LWE/etc), and a mechanism to switch to it when the need arises.
There are some post-quantum sigma-protocols AFAIK, at least for lattices. However. there are certain problems with LBC (and most of other PQ schemes): they usually got broken after some investigation, security parameters values for real-world usage not very well known , no standards etc.
oh I’ve forgotten about this, thanks for the link! From abstracts it looks nice, need to check constructions and concrete numbers for efficiency and sizes.
So as a possible solution we maybe have a good candidate now it seems.