About this section of the Conclusion:
We propose that Bitcoin’s quantum resistance strategy for action adopts a dual-track approach: contingency measures delivering minimal but functional protection against CRQCs completed in ~2 years, and a comprehensive path allowing thorough exploration of the problem space and the development of a full-featured approach to take ~7 years
So based on Section 8, I think I understood what you mean by “contingency measures here”; I think you mean deployment of any/some PQC based script type, i.e. making it available for use. Am I right? While I see the logic in putting that as a “first step”, somehow it feels like the wrong way round; that part is the most difficult to come to a decision on, even if it would be the most useful to have upfront.
My gut feeling was also that we need 2 phases, but I had a different thing in mind - that the first phase would be (a) not a protocol, but a community step: migration to non-reused addresses so as to be in the “only short-term attack vulnerable” portion (also not sharing xpubs which should never happen anyway!), and using script-path taproot where possible, and then (b) a deployment of some CDR protocol variant, even in the absence of consensus on a PQC sig scheme. Then over a longer period, actual PQC schemes could be deployed.
I realize that seems illogical, maybe it is, but I am more thinking about what could actually happen, than what I think should happen in an ideal world. Maybe I’m wrong but I expect consensus on adding PQC to Bitcoin is going to be extremely slow - unless the threat becomes very obvious indeed.