In short
Developers merge BIP 360 with the Bitcoin’s GitHub improvement repository, promoting a post-quantum framework. Caltech President Thomas Rosenbaum said fault-tolerant quantum systems could arrive within five to seven years. Other researchers and NIST guidance suggest that cryptographically relevant machines may be years or decades away.
Bitcoin developers have taken another step to address the risk posed by future quantum computers by merging BIP 360 into the Bitcoin Improvement Proposals GitHub repository as the long-running debate over the timeline heats up.
BIP 360 introduces a new output type called Pay-to-Merkle-Root, or P2MR. The design disables a technical feature called keypath spending, which exposes public keys when coins are spent, and lays the groundwork for the addition of post-quantum signature schemes in future soft forks. The merger does not trigger the change, but instead moves the proposal to formal review.
Ethan Heilman, a cryptographic researcher and BIP 360 co-author, told Decrypt that the proposal addresses a specific weakness in Taproot, an upgrade added to the Bitcoin network in 2021.
“The key spend is not quantum secure because it exposes the public key,” he said, “which means a quantum attacker could attack the key spend and steal your funds, even if the script spend was completely secure.”
Pay-to-Merkle-Root removes the vulnerable portion of Taproot, while preserving its ability to upgrade.
“This is important,” he said, “because it removes the quantum-vulnerable key-path spend.”
The debate over how best to address a future quantum threat stems from Shor’s algorithm, which can derive private keys from public keys if run on a sufficiently powerful, fault-tolerant quantum computer.
In a recent public discussion, Caltech President Thomas Rosenbaum said he expects fault-tolerant quantum systems to emerge within years.
“We will, I believe, create a functioning, fault-tolerant quantum computer in five to seven years,” he told the audience, adding that the United States needs to rethink how it protects sensitive information. Recent developments in quantum computing support Rosenbaum’s claims.
In September, Caltech said researchers had kept more than 6,000 qubits—the basic units of quantum information—coherent, meaning stable in their quantum state, with 99.98% accuracy. One month later, IBM reported that a 120-qubit entangled state had been created, connecting 120 qubits so that they functioned as a single system, describing it as the largest and most stable demonstration of its kind to date.
Despite recent progress, Heilman said precise predictions for quantum computing progress are unreliable.
“There’s no good, concrete way to actually predict this on a time scale of more than one or two or three years,” he said. “I would be really surprised if that happens within the next five years. I think of it as uncertainty and as a risk that increases over time.”
The US National Institute of Standards and Technology has set post-quantum migration targets that extend to the mid-2030s. At the same time, cypherpunk and co-founder and chief security officer of Bitcoin wallet developer Casa Jameson Lopp suggested that quantum machines that could threaten modern cryptography could be decades away.
“Right now, we’re several orders of magnitude away from having a cryptographically relevant quantum computer, at least as far as we know,” Loop told Decrypt. “If innovation in quantum computing continues at a similar, fairly linear rate, it’s going to take many years—probably more than a decade, maybe even a few decades—before we get to that point.”
Loop said the bigger concern may not be quantum hardware, but the Bitcoin community’s growing resistance to change.
“It’s the nature of network protocols to petrify over time,” he said, referring to the process of turning to bone. “What this really means is that it becomes harder and harder to reach consensus in a decentralized network made up of many different nodes.”
According to Heilman, activating a proposal requires “rough consensus” across miners, node operators, businesses and users, followed by the release of a separate activation client that typically requires around 95% support over a sustained period before the change embeds.
Still, some in the blockchain industry view quantum risk as speculative or driven by fear, arguing that if large-scale quantum systems arrive, they are likely to target centralized infrastructure before individual wallets.
Heilman acknowledged that there is a small but real chance that physical limits could prevent quantum computers from ever scaling to the point where they threaten Bitcoin.
“But I treat it very much as something that’s uncertain,” he said. “It is important for Bitcoin to be valuable, useful and take existential risks seriously, even if there is some uncertainty about how dangerous it really is.”
Daily Debrief Newsletter
Start each day with the best news stories of the moment, plus original features, a podcast, videos and more.
While we love diving into the exciting world of crypto here at Uncirculars, remember that this post, and all our content, is purely for your information and exploration. Think of it as your crypto compass, pointing you in the right direction to do your own research and make informed decisions.
No legal, tax, investment, or financial advice should be inferred from these pixels. We’re not fortune tellers or stockbrokers, just passionate crypto enthusiasts sharing our knowledge.
And just like that rollercoaster ride in your favorite DeFi protocol, past performance isn’t a guarantee of future thrills. The value of crypto assets can be as unpredictable as a moon landing, so buckle up and do your due diligence before taking the plunge.
Ultimately, any crypto adventure you embark on is yours alone. We’re just happy to be your crypto companion, cheering you on from the sidelines (and maybe sharing some snacks along the way). So research, explore, and remember, with a little knowledge and a lot of curiosity, you can navigate the crypto cosmos like a pro!
