BIP-361 Wants to Turn Quantum Security Into a Private Incentive for Bitcoin Holders

lklol

Six contributors from the Bitcoin
BTCUSD
quantum security space, including Casa co-founder Jameson Lopp, have published BIP-361. The proposal seeks to sunset legacy ECDSA/Schnorr signatures.

The draft proposal, titled “Post Quantum Migration and Legacy Signature Sunset,” lays out a three-phase timeline that “turns quantum security into a private incentive.”

What is BIP-361, and What Does it Seek To Do?

BIP-361 builds on BIP-360, which introduced a quantum-resistant output type called Pay-to-Merkle-Root (P2MR). It addresses a key vulnerability in Bitcoin’s security model.

Recent estimates suggest that more than 34% of all Bitcoin is stored in addresses exposed to quantum risk. Because their public keys have already been revealed on-chain, these UTXOs could potentially be compromised by an attacker equipped with a powerful enough quantum computer.

The roughly 1 million BTC held in wallets attributed to Satoshi Nakamoto are among those that are exposed to a quantum threat.

Subscribe to our YouTube channel to watch leaders and journalists provide expert insights

That risk is compounded by a detection problem. The authors warn that Q-Day may only become apparent long after the fact if an attacker withholds broadcasting transactions to conceal their capabilities.

“Prior to a quantum attack, it is impossible to know the motivations of the attacker. An economically motivated attacker will try to remain undetected for as long as possible, while a malicious attacker will attempt to destroy as much value as possible,” the authors wrote.

Recent research reinforces that urgency. A March 2026 paper from Google Quantum AI showed that breaking elliptic curve cryptography may require far fewer resources than previously estimated.

Moreover, a study by Caltech and Oratomic demonstrated that Shor’s algorithm can be executed at a cryptographically relevant scale with 10,000 qubits. That finding has potentially shortened the assumed timeline for a credible quantum threat.

Follow us on X to get the latest news as it happens

Three Phases of the Quantum Migration

The proposal splits the transition into three stages. Phase A, triggered 160,000 blocks (roughly three years) after activation, would block all sends to quantum-vulnerable addresses. This pushes users to adopt post-quantum-safe address types during a defined migration window.

Phase B arrives approximately two years after Phase A. At that point, nodes would reject all transactions that rely on ECDSA and Schnorr signatures, rendering funds on those addresses permanently unspendable.

A potential Phase C would allow users to recover frozen funds through a zero-knowledge proof tied to their BIP-39 seed phrase. However, this phase remains pending further research and community consensus, with no fixed timeline.

The BIP frames its approach as a private incentive for holders to act.

“Fail to upgrade and you will encounter additional friction to access your funds, creating a certainty where none previously existed.”

The authors framed the proposal as a defensive measure to protect the Bitcoin network against potential quantum-enabled threats. They also invoked a remark by Satoshi Nakamoto.

He once noted that lost coins effectively increase the value of remaining holdings, likening it to “a donation to everyone.” Extending that logic, the authors contended that coins recovered through quantum means would have the opposite effect.
source: https://www.tradingview.com/news/beincrypto:ca7a962d6094b:0-bip-361-wants-to-turn-quantum-security-into-a-private-incentive-for-bitcoin-holders/