Hi owenj7920. The Zcash protocol specification can be found here: https://zips.z.cash/protocol/protocol.pdf. It is updated regularly and very thorough/detailed.
The question comes down to if/when quantum computing can crack key exchange and signatures, are any shielded transactions with exposed transaction IDs, z-addrs, or viewing keys actually exposed or able to be compromised? Would this equate to the same transparency as t-addrs like t1PKBiv7mtzD9bNafYaqyxaENeiNDbpKxxQ - where all transactions and values are shown and potentially leaked? I guess a challenge for an attacker would be who owns the addresses. I assume it would eventually link to a regulated exchange unless someone used decentralized/anonymous exchanges.The attacker would know how much ZEC and when it was moving; possibly with enough resources and access could correlate a node and IP address that wasn’t tor’d.
Quantum computers already exist, but not large scale enough to crack existing cryptography. At this time, the underlying symmetric methods are still considered secure vs large quantum computers with the recommendation to double the key size to increase long term strength.
Since this crypto is so widely used everywhere, we can be assured there will be global news and alerts from pretty much every secure web site/bank/healthcare/government/cryptocurrency for users to take action when this becomes an issue.
Ignoring public t-transactions that can be seen anyway - Sapling and newer [Orchard]) should be secure against quantum attacks given the public key (z-addr) is not exposed. Since the block chain does not record or see these shielded addresses, public key exchange attacks are mitigated. However, if someone publicly posts their z-addr without taking additional “churn” steps, it might be possible to link/spend some transactions in the future if the cryptography methods are cracked.
ZIP-316 (Unified Addresses/Keys) isn’t here yet (until NU5) but it seems to move things in a better direction - requiring at least one private address by default and an algorithm to protect against key replacement. I’m not sure how much protection these new addresses provide (if any). They appear to be encoded with bech32[m]. From Bitcoin taproot discussions, they advice against address re-use (public key for the spend is broadcast in transaction), but ECC/Zcash official say it is safe to re-use Shielded addresses.
Since we can’t count on people keeping their z-addr’s secure, moving funds into a new pool (sending to a new address format that supports post quantum resistance) will be the recommended action; but we are far from that as official protocols and methods are being finalized (globally) and the timeline for a successful attack is expected to be 10-20+ years out.