A new proposal in the Bitcoin community, aimed at mitigating risks posed by potential quantum attacks, has sparked intense debate among stakeholders. The proposal, known as BIP-361, is designed to phase out the existing signature verification method over a period of five years and would effectively freeze coins that do not migrate to addresses resistant to quantum threats.
The driving force behind BIP-361, aptly described as the “Post Quantum Migration and Legacy Signature Sunset,” is the need to protect Bitcoin assets from the theoretical risk posed by quantum computers. These advanced machines could potentially derive private keys from public keys available on a blockchain, granting attackers unauthorized access to wallets. The moment when a quantum computer becomes capable of breaking Bitcoin’s encryption methods is referred to as “Q-Day.”
BIP-361 outlines a three-phase timeline for its implementation. The first phase involves blocking incoming transactions to vulnerable addresses approximately three years after the proposal is activated. This would be followed by the freezing of all legacy coins two years later. A potential future recovery path is also suggested through zero-knowledge proofs for users who may miss the migration deadline.
As highlighted in the proposal, over 34% of all Bitcoin has publicly exposed keys on-chain, making those funds susceptible to theft if a sufficiently powerful quantum computer were to emerge. Historically, Bitcoin upgrades have not rendered existing transactions invalid; however, BIP-361 marks a significant shift by introducing a choice between collective network security and individual access to coins.
The proposal is currently in draft status, lacking an activation timeline and depending on BIP-360, a separate quantum-resistant transaction framework still under consideration. Earlier this year, Google announced a formal timeline to transition its infrastructure to post-quantum cryptography by 2029, noting that the quantum threat is closer than it may appear.
Leo Fan, founder of the decentralized compute network Cysic, commented on the implications of BIP-361, asserting that the proposal alters the landscape of ownership within Bitcoin. He emphasized that timely migration would become a condition for maintaining ownership, shifting the risk of quantum attacks from a future concern to a pressing deadline.
However, there is significant pushback against the proposed measures. Critics argue that enforcing a protocol freeze constitutes a form of confiscation, fundamentally violating the principle of “not your keys, not your coins.” Frederic Fosco, co-founder of Bitcoin metaprotocol OP_NET, stated that the proposal undermines Bitcoin’s foundational promise by enabling authorities to freeze assets based on consensus-driven decisions.
Chris Peikert, a core researcher at cryptography firm Fhenix Research, warned that if the proposal is adopted, coins secured solely by ECDSA signatures would effectively be forfeited. This situation would necessitate a protocol change to prevent withdrawals from accounts with exposed public keys.
The potential for conflict within the network poses another risk. Enrico Rubboli, founder of layer-2 sidechain Mintlayer, noted that an unprotected chain’s market value could plummet the moment a single case of quantum theft is demonstrated, exposing the vulnerabilities of all exposed addresses. He emphasized that Bitcoin’s decentralized governance, while a strength in stable times, may prove to be a weakness in times of urgent threat.
Amid the controversy, co-author Jameson Lopp acknowledged the mixed feelings surrounding BIP-361, stating that his support for the proposal stems from a preference for it over the potential consequences of inaction. As discussions continue, the Bitcoin community remains divided on how best to navigate the impending challenges posed by quantum computing technology.
