Whats the Plan For a Post-Quantum Soft-Fork? | Bitcoin 2026

TL;DR

Experts warn quantum computing could threaten Bitcoin within years, prompting urgent debate over upgrades, timelines, and how to handle vulnerable coins.

KEY POINTS

Quantum threat timelines remain uncertain

Estimates for when quantum computers could break Bitcoin’s elliptic curve cryptography vary widely, from a few years to decades. Several companies target 2027–2028 for machines capable of breaking 256-bit elliptic curves, though delays are considered likely. Despite uncertainty, the growing number of firms and rapid investment suggest risk is increasing rather than hypothetical.

Industry and government signals raise concern

The U.S. National Institute of Standards and Technology (NIST) requires quantum-resistant systems by 2029 and full transition by 2035. Government standards and classified research raise the possibility that state actors may already be ahead of public capabilities. Some experts compare the race to a “Manhattan Project” for computing power.

Bitcoin’s vulnerabilities are already mapped

Roughly 7 million BTC, about one-third of supply, are considered vulnerable. This includes early P2PK addresses with exposed public keys, reused addresses, and Taproot outputs that reveal keys during spending. If quantum systems emerge, attackers could potentially derive private keys and move funds without detection.

Attacks could be invisible until too late

A quantum attack would appear on-chain as ordinary transactions. Observers would only see coins moving, with no way to distinguish legitimate owners from attackers. This creates a risk of sudden, large-scale fund movements without warning.

Proposed upgrades aim to add quantum resistance

A leading proposal, BIP 360 (Pay-to-Merkle-Root), would remove key exposure risks and prepare Bitcoin for post-quantum signatures. It preserves some functionality of Taproot but sacrifices certain privacy features. Additional upgrades would be needed to introduce fully quantum-safe signature schemes.

Post-quantum cryptography trade-offs remain unresolved

Two main approaches are debated: hash-based signatures, which are well-tested but large and state-dependent, and lattice-based schemes, which are faster but less battle-tested. No consensus exists yet on which should be adopted for Bitcoin.

Migration strategy could take years

A proposed roadmap includes multiple phases: first discouraging use of vulnerable addresses, then restricting them, and eventually requiring quantum-safe outputs. Critics argue these timelines may be too slow if quantum breakthroughs arrive sooner than expected.

Debate intensifies over “freezing” vulnerable coins

One controversial idea is preventing old, vulnerable coins from being spent after a deadline. Critics argue this could unfairly lock funds, including Satoshi-era holdings, while supporters say it protects the network from mass theft.

Alternative proposal seeks middle ground

The “Hourglass” proposal would limit vulnerable coins to 1 BTC per block withdrawal, stretching potential exploitation over decades instead of hours. This approach aims to reduce systemic shock while preserving access for legitimate owners.

Consensus, not technology, is the main barrier

Experts broadly agree that quantum-safe solutions already exist in theory or practice. The key challenge lies in achieving agreement within the Bitcoin community and deploying upgrades in time to mitigate risk.

CONCLUSION

Quantum computing presents a credible long-term threat to Bitcoin, but uncertainty over timelines complicates action. The outcome will depend less on technical feasibility than on whether the network can coordinate upgrades before the risk materializes.

More from BTC

• →What Insulin Is to a Diabetic, Bitcoin Is to an African· Jun 18
• →Calle on Bitchat: Messaging When The Internet is Shut Down· Jun 18
• →Spotlight Series Ep. 2: Rep. Nick Begich· Jun 17