Among the many quantum resistance proposals for Bitcoin is something called Hourglass. Hourglass proposes limiting how many quantum vulnerable coins can be spent per block, slowing down the speed at which such stolen coins could hit the market.

Quantum vulnerability refresherQuantum vulnerability refresher

As you probably know, what makes coins particularly vulnerable to theft via quantum computer is if the public key for the coins is exposed. This is the case with addresses that have been reused as well as with some older coins (like pay to public key addresses - P2PK) where the coins were locked to a public key.

Coins with exposed public keys would likely be the first stolen by cryptographically relevant quantum computers because such quantum computers could take grind away at finding the coins' private keys for months if need be. A modern bc1q address only exposes its public key when it is included in a transaction that has been broadcasted. This means a quantum computer only has until the transaction makes it into a block to try to derive the private key and broadcast a new transaction stealing the coins.

Many quantum resistance proposals for Bitcoin propose freezing coins in vulnerable addresses so that they cannot be stolen all at once. But this looks a lot like confiscating the vulnerable coins.

The Hourglass proposalThe Hourglass proposal

Instead of freezing quantum vulnerable coins or leaving them wide open for theft, the Hourglass proposal places a limit on how many such coins can be included in any block.

1. Only one P2PK output may be included as a transaction input per block.
2. If the amount of the P2PK output being spent is greater than 1 bitcoin, the transaction must contain a single output to the scriptPubKey of the original P2PK output with an amount no less than the original P2PK output amount minus 1 bitcoin.
3. No P2PK outputs to any address not currently being spent from can be created.
4. No P2PK outputs can be created from other output types.

From the Rationale:

There are roughly 34,000 P2PK addresses with an average balance of 50 coins each. The original Hourglass proposal reduces the amount of P2PK coins that could hit the market to a maximum of roughly 7,200 coins per day. Feedback received from economic actors in the space indicates that this is not enough of a restriction to mitigate the market risks posed by quantum attacks on these coins.

Hourglass V2 further restricts the output amount to a maximum of 1 bitcoin per block, or roughly 144 bitcoin per day. This is far less than the 450 coins per day introduced by the current block reward subsidy, and should effectively mitigate the market impacts of quantum attacks on P2PK coins.

Under the rules of Hourglass V2, it would take more than 32 years to move all P2PK coins, dramatically reducing quantum-related market risks. On the flipside, original keyholders should remain able to move their coins with relative ease - even after Hourglass is in place - assuming no quantum-actors are currently competing for P2PK transactions.

This proposal is requires a soft fork and also would likely require a quantum resistant address type to already exist.

What you are about to do, do quicklyWhat you are about to do, do quickly

Perhaps it is my occasionally reckless nature, but I have the feeling that if coins are going to be stolen by quantum attackers, we ought to just let the bandaid get ripped off. This seems like it would turn most of the p2pk coins into miner fees.