Bitcoin developers have advanced a proposal to safeguard the network against future quantum computers. BIP 360, merged into the official GitHub repository, introduces a new output type called Pay-to-Merkle-Root (P2MR) that disables a quantum-vulnerable feature in the existing Taproot upgrade. The move comes as experts debate the timeline for cryptographically relevant quantum machines, with estimates ranging from five years to several decades.
Bitcoin developers have merged a post-quantum framework known as BIP 360 into the network’s official improvement proposal repository. The design introduces a Pay-to-Merkle-Root output to address a specific vulnerability in the Taproot upgrade.
The proposal disables key-path spending, which exposes public keys. Co-author Ethan Heilman stated this removes “the quantum-vulnerable key path spend” while preserving upgrade capability.
The action addresses the risk posed by Shor’s algorithm, which could derive private keys if run on a powerful, fault-tolerant quantum computer. In a recent public discussion, Caltech President Thomas Rosenbaum said he expects such systems within five to seven years.
Recent advancements include Caltech researchers maintaining over 6,000 qubits with high accuracy. IBM also reported creating a 120-qubit entangled state, described as the largest and most stable of its kind.
Despite progress, Heilman noted precise long-term forecasting is unreliable. “There’s no good, concrete way of actually predicting it on a timescale of more than one or two or three years out,” he said.
The U.S. National Institute of Standards and Technology has set migration targets into the mid-2030s. Jameson Lopp, co-founder of Casa, suggested cryptographically relevant quantum computers may be decades away.
Lopp added that network ossification could be a greater concern than the hardware itself. He explained that reaching consensus in a decentralized network becomes increasingly difficult over time.
Activating BIP 360 would require rough consensus across the ecosystem followed by a separate activation client. Some in the industry view the quantum risk as speculative, arguing centralized infrastructure would be targeted first.
Heilman acknowledged physical limits could prevent quantum computers from ever threatening Bitcoin. “But I treat it very much like something which is uncertain,” he stated, emphasizing the importance of taking existential risks seriously.
