The $1 Trillion Question
A new Bitcoin Improvement Proposal (BIP 361) is sending shockwaves through the crypto community. Authored by Casa CTO Jameson Lopp and five co-authors, the proposal titled “Post Quantum Migration and Legacy Signature Sunset” presents Bitcoin with an existential choice: freeze vulnerable coins or risk them being stolen by quantum computers.
The stakes couldn’t be higher. With over 34% of all bitcoin (approximately $340 billion at current prices) sitting in addresses with exposed public keys, BIP 361 proposes the most radical change to Bitcoin’s consensus rules since its inception.
What Is BIP 361?
BIP 361 is a draft proposal (assigned February 11, 2026) that introduces a phased sunset of legacy ECDSA and Schnorr signatures — the cryptographic primitives that currently secure Bitcoin transactions. The goal: migrate Bitcoin to quantum-resistant cryptography before sufficiently powerful quantum computers become a reality.
The Core Mechanism
The proposal turns quantum security into a private incentive:
“Fail to upgrade and you will encounter additional friction to access your funds, creating a certainty where none previously existed.”
Rather than forcing immediate action, BIP 361 uses gradual friction to encourage migration while protecting the network as a whole.
The Three-Phase Timeline
| Phase | Timeline | Action | Impact |
|---|---|---|---|
| Phase A | 3 years after activation | Block new deposits to quantum-vulnerable addresses | Forces adoption of post-quantum (PQ) address types |
| Phase B | 5 years after activation (“flag day”) | Restrict legacy spends — requires quantum-safe rescue protocol | Legacy transactions become significantly harder |
| Phase C | Implied | Permanent unspendability for unmigrated coins | Ultimate sunset of legacy signatures |
Phase A: The Deposit Freeze
Starting three years after activation, Bitcoin nodes would reject transactions that send bitcoin to legacy addresses (those using ECDSA or Schnorr signatures). This doesn’t affect existing holdings but prevents new funds from flowing into vulnerable addresses.
Why this matters: It creates immediate pressure for wallets, exchanges, and services to upgrade to quantum-resistant address formats. No new user can accidentally (or intentionally) put funds at risk.
Phase B: The Rescue Protocol
Five years after activation — the “flag day” — spending from legacy addresses becomes encumbered by a quantum-safe rescue protocol. While not fully detailed in the draft, this likely means:
- Legacy transactions require additional quantum-resistant signatures
- Or, funds must be moved through a special “rescue” transaction type
- Significantly increased complexity and friction for legacy holders
Phase C: The Sunset
The ultimate implication: coins that haven’t migrated to quantum-resistant addresses become permanently unspendable. This is the “sunset” — the final end of legacy signature support.
Why Now? The Quantum Timeline
The proposal emerges from a rapidly shifting threat landscape:
NIST’s 2024 Milestone
In 2024, NIST ratified three production-grade post-quantum signature schemes, transforming quantum-resistant cryptography from theoretical to practical. The tools to secure Bitcoin against quantum computers now exist.
Accelerating Quantum Progress
| Source | Timeline | Significance |
|---|---|---|
| McKinsey | 2027-2030 | Estimates cryptographically-relevant quantum computer |
| Google Research | Early 2026 | Published findings suggesting quantum threat accelerating |
| Algorithm Improvements | Ongoing | Quantum algorithms improving up to 20X, lowering hardware requirements |
The safety envelope is shrinking. Even if quantum hardware improves slowly, algorithmic advances are dramatically reducing the theoretical requirements for breaking Bitcoin’s cryptography.
Bitcoin’s Exposed Public Keys
As of March 1, 2026:
- 34%+ of all bitcoin have revealed public keys on-chain
- These UTXOs could be stolen by a sufficiently powerful quantum computer
- Once quantum computers can break ECDSA, these funds are vulnerable
The attack vector: Quantum computers can use Shor’s algorithm to derive private keys from public keys. Bitcoin addresses that have never been spent from (never revealed their public key) remain safe. But any address that has sent a transaction has exposed its public key — and therefore its vulnerability.
The Great Debate: Freeze vs. Stolen
BIP 361 forces Bitcoin to choose between two unpalatable options:
Option 1: Do Nothing (Stolen Coins)
- Wait for quantum computers to arrive
- Risk 34%+ of bitcoin supply being stolen
- Potential catastrophic market crash
- Loss of confidence in Bitcoin’s security guarantees
Option 2: BIP 361 (Frozen Coins)
- Force migration to quantum-resistant addresses
- Risk coins being permanently lost if holders don’t act
- Violate “your keys, your coins” principle
- Potentially destroy Bitcoin’s immutable promise
The Community Divide
Arguments FOR BIP 361:
- Prevents catastrophic quantum theft
- Phased approach gives 5+ years to migrate
- Protects the network as a whole
- Better frozen than stolen
Arguments AGAINST BIP 361:
- Violates core Bitcoin principles
- Lost keys = lost coins forever
- 5-year deadline may be too aggressive
- Could set precedent for future confiscations
Jameson Lopp’s perspective: “This proposal is radically different from any in Bitcoin’s history just as the threat posed by quantum computing is radically different from any other threat in Bitcoin’s history.”
Technical Deep Dive
How Quantum Computers Threaten Bitcoin
Bitcoin uses ECDSA (Elliptic Curve Digital Signature Algorithm) and Schnorr signatures for transaction signing. Both rely on the elliptic curve discrete logarithm problem — a mathematical problem that classical computers cannot solve efficiently.
Quantum computers change the equation. Shor’s algorithm, running on a sufficiently powerful quantum computer, can solve this problem in polynomial time. The result: a quantum computer could derive your private key from your public key.
The Public Key Exposure Problem
| Address Type | Public Key Exposure | Quantum Vulnerability |
|---|---|---|
| Never spent from | Public key hidden (only hash visible) | Safe — quantum computer can’t get public key |
| Has sent transaction | Public key revealed on blockchain | Vulnerable — quantum computer can derive private key |
| Legacy addresses (P2PK) | Public key always visible | Highly vulnerable |
The 34% figure: Represents bitcoin in addresses that have revealed their public keys — either through spending or by using older address formats that expose public keys directly.
Post-Quantum Alternatives
BIP 361 doesn’t specify which post-quantum signature scheme to use — that would be defined in a separate BIP. However, NIST’s 2024 selections provide the candidates:
- CRYSTALS-Dilithium — Lattice-based digital signatures
- FALCON — Lattice-based signatures (smaller signatures)
- SPHINCS+ — Hash-based signatures (stateless)
Each has trade-offs in signature size, verification speed, and security assumptions. Bitcoin’s conservative approach would likely favor thorough review before selection.
What This Means for Bitcoin Holders
If You Self-Custody
- Check your address types — Are you using legacy formats (P2PK, P2PKH) or modern ones (P2WPKH, P2TR)?
- Avoid address reuse — Each spend exposes your public key
- Monitor BIP 361 progress — If activated, you’ll have 3-5 years to migrate
- Consider hardware wallet updates — Will your device support post-quantum signatures?
If You Use Exchanges
- Exchanges will likely handle migration automatically
- But: “not your keys, not your coins” applies doubly here
- Exchange custody means trusting their migration strategy
If You’ve Lost Access
This is the hardest case. BIP 361’s critics argue it punishes those who’ve lost keys — their coins would become permanently unspendable rather than merely inaccessible. Proponents counter that these coins are already “lost” and protecting the network outweighs this concern.
The Broader Implications
For Bitcoin’s Narrative
Bitcoin has always marketed itself as immutable and unconfiscatable. BIP 361 challenges both:
- Immutability: The protocol rules would change significantly
- Unconfiscatability: Coins could be rendered permanently unspendable
The counter-narrative: adaptation is necessary for survival. Bitcoin has changed before (SegWit, Taproot). Quantum resistance is just another upgrade — albeit a more contentious one.
For Crypto Regulation
If BIP 361 passes, it may influence how regulators view cryptocurrency:
- Demonstrates ability to coordinate network-wide changes
- Shows responsiveness to existential threats
- But also shows vulnerability to technical obsolescence
For Other Blockchains
Bitcoin’s approach will likely set the standard. Ethereum and other chains face the same quantum threat. If BIP 361 succeeds, expect similar proposals elsewhere. If it fails, the industry may need alternative solutions (layer-2 quantum resistance, hybrid signatures, etc.).
What’s Next?
Current Status
- Status: Draft (not yet proposed for activation)
- Authors: Jameson Lopp + 5 co-authors
- Assignment Date: February 11, 2026
- Requires: Separate BIP defining post-quantum signature scheme
Path to Activation
For BIP 361 to become reality:
- Community Review — Technical analysis, security review
- Post-Quantum Signature BIP — Define the actual cryptographic upgrade
- Reference Implementation — Code the changes
- Miner Signaling — Soft fork activation (requires majority hash power)
- User Adoption — Wallets, exchanges, services upgrade
Timeline estimate: Even if fast-tracked, 12-18 months before potential activation. Then 3-5 years of migration period.
The Uncertainties
- Will the community accept such a radical change?
- Which post-quantum signature scheme will be chosen?
- Is the 5-year timeline sufficient for global migration?
- What happens to Satoshi’s coins (early mined bitcoin with exposed public keys)?
Conclusion: The Choice Ahead
BIP 361 represents Bitcoin’s first truly existential crisis. Previous debates (block size, SegWit) were about scaling and governance. This is about fundamental security assumptions.
The proposal forces an uncomfortable truth: Bitcoin’s cryptography is not eternal. The mathematical foundations that secure $1+ trillion in value have an expiration date — and that date may be closer than we thought.
The choice is stark:
- Adapt and risk violating core principles
- Don’t adapt and risk catastrophic theft
There is no perfect answer. But as quantum computing advances, doing nothing is itself a choice — and potentially the riskiest one.
For Bitcoin holders, the message is clear: stay informed, monitor developments, and be prepared to migrate when the time comes. The quantum future is approaching. Whether Bitcoin is ready for it remains to be seen.
Related Reading
- BIP 361 Draft — Official proposal
- NIST Post-Quantum Cryptography Standards — Technical background
- McKinsey Quantum Technology Monitor 2025 — Quantum timeline analysis
Disclaimer: This article is for informational purposes only. BIP 361 is currently a draft proposal and may change significantly or not be implemented at all. Always do your own research before making decisions about your bitcoin custody.
Published on tsnmedia.org | April 23, 2026
