Going over the
secp256k1 spec, I was reading through to the
sect571k1 secion (3.7.1). Might it be a good PQC stop-gap upgrade to
secp256k1? It is still defined on a Koblitz curve giving the higher level of efficiency compared to random parameter selection and offers 15360 bit DSA equivalency compared to the current 3072 bit equivalency (5x increase). Agreed the signatures are twice (2.23) as large and and would require twice the (witness) block space as well as much heavier load on verifying nodes, but perhaps it is a viable alternative given that it would require 5x as many qubits (in theory) to factor.
If QC arrives in the next 50 years, might it be convenient to have a PR ready to deploy to simply "kick the can" down the road another century?