Bitcoin May Need Up to Seven Years to Reach Full Post‑Quantum Security, BIP‑360 Co‑author Says
By Andrew Fenton – Cointelegraph Magazine
TL;DR
- Bitcoin researcher Ethan Heilman estimates a seven‑year horizon for a complete migration to quantum‑resistant addresses if the process began today.
- The timeline assumes a smooth three‑year rollout of BIP‑360 and related code, followed by a half‑year activation window and a gradual user‑side migration that could stretch to five years after activation.
- A breakthrough in quantum computing could compress this schedule, but the current roadmap highlights significant technical, coordination and governance hurdles.
A Seven‑Year Forecast
Ethan Heilman, a cryptographer who co‑authored the updated BIP‑360 proposal, told Cointelegraph that a best‑case scenario would see Bitcoin become fully quantum‑safe in seven years. The estimate breaks down as follows:
| Phase | Approx. Duration | Key Activities |
|---|---|---|
| BIP development & review | ~2.5 years | Drafting, community review, test‑net validation |
| Soft‑fork activation preparation | ~0.5 year | Signalling, miner/validator coordination |
| Network activation | ~0.5 year | Soft‑fork goes live, new output type becomes usable |
| User‑side migration | Up to 5 years | Wallet upgrades, custodial migrations, Lightning‑Network updates, treasury‑software changes |
He stresses that this is an optimistic scenario that presupposes near‑universal consensus on the roadmap. “If the perceived quantum risk spikes, the migration could accelerate; otherwise, we’re looking at a multi‑year effort,” he added.
What BIP‑360 Does – and Doesn’t Do
The freshly merged BIP‑360 proposal introduces a new output type called Pay‑to‑Merkle‑Root (P2MR). It builds on the Taproot (P2TR) design but hides the public key and removes the key‑path that current Bitcoin transactions expose, thereby mitigating long‑range quantum attacks on funds that have remained dormant for years.
Limitations
- P2MR only protects against attacks that require significant time to compute a private key after the transaction is broadcast.
- It does not guard against “short‑range” attacks, where a quantum adversary could potentially break a key between the moment a public key appears in the mempool and the time the transaction is confirmed. Full protection will require a subsequent soft‑fork that adds post‑quantum signature algorithms to the scripting language.
Because the new output type is backward‑compatible, nodes that do not recognize P2MR will simply ignore it, allowing a phased rollout without forcing an immediate network split.
The Quantum Threat Timeline
The seven‑year horizon places Bitcoin squarely within a period many experts believe could see the emergence of fault‑tolerant quantum computers capable of running Shor’s algorithm:
- Thomas Rosenbaum (Caltech) predicts a functional, error‑corrected quantum machine within 5‑7 years.
- Scott Aaronson (University of Texas at Austin) has warned that a quantum computer powerful enough to break current cryptographic primitives could appear before the next U.S. presidential election.
- Adam Back (Blockstream), however, maintains that a machine capable of extracting Bitcoin private keys remains decades away.
The scientific community also notes that the number of physical qubits required to crack modern encryption schemes has been dropping dramatically—from tens of millions in 2020 to estimates of a few hundred thousand today—thanks to advances in error correction and architecture design.
Technical Hurdles Beyond BIP‑360
Larger Signatures & Block Throughput
Post‑quantum signature schemes can be 10–100× larger than today’s ECDSA/EdDSA signatures. If adopted without other changes, they would slow Bitcoin’s throughput from its current 3–10 TPS to a fraction of a transaction per second. Potential mitigations include:
- Witness discount adjustments (reducing fee weight for larger signatures)
- Increasing block size or layer‑2 scaling (e.g., Lightning) to absorb the extra data
- Zero‑knowledge proof techniques that compress signatures into succinct proofs
Consensus on Fundamental Changes
Adopting post‑quantum primitives may require modifications to Bitcoin’s core parameters, such as block size limits or new fee structures. The community’s experience with past upgrades—most notably the contentious Taproot rollout—suggests that reaching agreement on such foundational changes could be challenging.
The “Satoshi Coins” Dilemma
A small fraction of Bitcoin (the coins mined by Satoshi Nakamoto) remain in addresses whose private keys are unknown. Since these coins cannot be migrated to quantum‑safe addresses, the network faces a philosophical debate: freeze them permanently to preserve property rights, or accept the risk that a future quantum adversary could eventually steal them.
Cross‑Chain Collaboration
Ethereum’s post‑quantum team has already prototyped a ZK‑STARK‑based aggregation scheme that could serve as a reusable layer for multiple chains. Researchers like Justin Drake have expressed interest in seeing Bitcoin adopt similar constructions, potentially standardising post‑quantum security across the ecosystem. Collaborative papers between Blockstream researchers and Ethereum developers hint at a growing willingness to share solutions, though any cross‑chain integration would still need to respect Bitcoin’s conservative development philosophy.
Key Takeaways
- Seven‑year outlook: If consensus is achieved quickly, a full quantum‑resistant Bitcoin could be realized within roughly seven years, combining network upgrades and user‑side migration.
- Quantum breakthrough risk: Accelerated progress in quantum hardware could compress this timeline, turning the projected “optimistic” schedule into a race against time.
- Technical complexity: Post‑quantum signatures are far larger than current ones, raising concerns about transaction throughput, fee markets, and blocksize policy.
- Governance challenge: Achieving community agreement on the required protocol changes—especially concerning block size, fee structures, and treatment of immutable early‑mined coins—remains a major hurdle.
- Potential for collaboration: Ongoing research with Ethereum’s post‑quantum team may provide reusable tools that lower the implementation burden for Bitcoin.
Conclusion
While Bitcoin’s proof‑of‑work model shields it from immediate quantum threats to mining, the underlying elliptic‑curve cryptography remains vulnerable. BIP‑360 offers a prudent first step, but a full transition to quantum‑safe signatures will demand coordinated development, sizable engineering effort, and possibly controversial protocol changes. The next few years will be critical in determining whether the Bitcoin community can mobilise quickly enough to stay ahead of the quantum curve.
Source: https://cointelegraph.com/magazine/bitcoin-7-years-upgrade-post-quantum-bip-360-co-author/?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound
