A group of Bitcoin researchers has introduced a proposal aimed at mitigating potential threats posed by quantum computing to the cryptocurrency’s underlying cryptography. Bitcoin Improvement Proposal 361, drafted by Jameson Lopp and others, lays out a possible migration pathway to secure the network against quantum attacks. The suggested timeline could ultimately freeze billions in unmigrated legacy coins if holders do not adopt quantum-resistant schemes.
Quantum risks prompt defensive move
Bitcoin’s security currently relies on elliptic curve cryptography, specifically ECDSA and Schnorr signatures, which are protected against attacks by conventional computers. However, the evolution of quantum computers capable of running Shor’s algorithm presents a risk, as these machines could eventually reconstruct private keys from public keys seen onchain.
Older address types, such as pay-to-public-key (P2PK) and reused addresses, expose public keys to the blockchain. According to estimates shared in the proposal, over one-third of all bitcoin in circulation sits within these categories, including a significant portion believed to belong to Satoshi Nakamoto, Bitcoin’s pseudonymous creator. These addresses are considered most susceptible in a potential quantum attack scenario.
The proposal reasons that even if Bitcoin is not the earliest target for quantum attacks, public proof of quantum capabilities could harm community trust. The authors framed the migration plan as a way to defensively protect not only individual funds but also the credibility and future of the entire network.
Three-phase transition envisaged
BIP-361 sets out a structured migration process with three stages that may stretch over several years. The initial phase, starting approximately three years after activation, would disallow sending new transactions to the compromised legacy address types. During this time, funds could still be moved out from vulnerable addresses, encouraging users and services to shift toward quantum-resistant formats.
The second phase, beginning around two years later, would escalate restrictions to the consensus layer. At this point, all transactions relying on legacy signature schemes would become invalid under network rules, permanently freezing any remaining unmoved coins.
A possible third phase, still in research, proposes a recovery system. Under this idea, zero-knowledge proofs would allow users to reclaim frozen funds by demonstrating knowledge of their seed phrases, without directly exposing their private keys. The technical and practical feasibility of this recovery process remains under discussion.
Potential supply impact and next steps
The authors describe the plan to freeze unmigrated coins as a necessary step to reduce systemic attack surfaces before quantum computing becomes practically relevant. They further highlight that any coins made permanently inaccessible through this process would shrink Bitcoin’s effective supply, a factor that could influence the asset’s economic model over the long term.
Jameson Lopp, one of the proposal’s authors, is a noted Bitcoin engineer, educator, and advocate, known for his contributions to blockchain security standards. His recent work has focused on highlighting future-proofing strategies for the Bitcoin protocol.
Currently, there is no set timetable for activating BIP-361, and the proposal remains in draft status among Bitcoin Core developers and the broader community. Ongoing debate is expected around both the technical specifics and the economic implications of freezing legacy coins.
“Even if Bitcoin is not a primary initial target of a cryptographically relevant quantum computer, widespread knowledge that such a computer exists and is capable of breaking Bitcoin’s cryptography will damage faith in the network,” the BIP authors warned in their summary.
