The potential impact of quantum computing on asymmetric cryptography has long been a central concern for the crypto industry, yet a clear roadmap for mitigation has remained elusive. On April 15, 2026, six leading researchers in Bitcoin quantum security, including renowned cypherpunk Jameson Lopp, jointly drafted Bitcoin Improvement Proposal BIP-361 and released it as a draft on GitHub. This proposal outlines a definitive three-phase migration plan, transforming quantum-safe upgrades from abstract community discussions into tangible "private incentives" for every holder. According to Gate market data, as of April 15, 2026, Bitcoin was trading at $73,953.8, with a circulating supply of approximately 20.01 million coins. Against this backdrop, BIP-361 is not just a technical proposal—it strikes at the heart of Bitcoin’s governance philosophy: To what extent should the network proactively drive security upgrades, and how should collective interests be balanced against individual autonomy?
Why a Technical Draft Has Captured the Entire Network’s Attention
BIP-361, officially titled "Post-Quantum Migration and Legacy Signature Deprecation," was co-authored by Jameson Lopp and five collaborators and submitted as a draft to Bitcoin’s official proposal repository on April 15, 2026. The proposal builds directly on BIP-360, formally registered in February of the same year, which introduced the quantum-resistant output type Pay-to-Merkle-Root (P2MR) to protect newly issued Bitcoin from quantum attacks.
BIP-361’s core objective is to address the problem of legacy assets. Estimates suggest that roughly 34% of circulating Bitcoin has had its public key exposed on-chain, making it a direct target for quantum attacks. Of these, about 1.7 million BTC are stored in high-risk P2PK addresses—including approximately 1 million coins widely believed to belong to Satoshi Nakamoto. The proposal lays out a gradual migration roadmap: First, prohibit new funds from being sent to legacy addresses; then, progressively deprecate ECDSA and Schnorr signatures at the consensus layer; and ultimately, render un-migrated assets unspendable.
The authors frame this approach as a "private incentive"—holders who do not proactively upgrade will face increasing friction in asset usage, rather than passively waiting for quantum threats to materialize. They argue that, prior to Q-Day, the Bitcoin network cannot distinguish between holders who are deliberately waiting and those who have permanently lost their private keys, creating systemic security uncertainty. BIP-361 seeks to eliminate this uncertainty through clear deadlines and consequences.
Why the Quantum Threat Timeline Has Accelerated Suddenly
Bitcoin’s security model is based on the computational infeasibility of the Elliptic Curve Digital Signature Algorithm (ECDSA). However, the existence of Shor’s algorithm fundamentally changes this assumption, reducing the complexity of solving discrete logarithm problems from exponential to polynomial time. For years, mainstream estimates for the quantum resources required to break ECDSA remained optimistic, suggesting the threat was decades away. Recent research, however, has significantly shortened this timeline.
On March 30, 2026, a white paper from Google’s Quantum AI team became the key catalyst for the accelerated release of BIP-361. The paper showed that breaking a 256-bit elliptic curve discrete logarithm would require about 1,200 logical quantum bits and fewer than 500,000 physical quantum bits, with computations completed in minutes—a 20-fold reduction in required physical qubits compared to earlier estimates.
That same year, research from Caltech and Oratomic further demonstrated that Shor’s algorithm could run at cryptographically relevant levels with just 10,000 quantum bits. Based on these findings, Google’s team recommended that the crypto community migrate blockchains to post-quantum cryptography standards by 2029, and urged users to avoid exposing or reusing vulnerable wallet addresses during this period.
In February 2026, BIP-360 was formally registered, introducing the P2MR output type. In March, BTQ Technologies deployed the first operational implementation of BIP-360 on Bitcoin’s quantum testnet, marking the transition from theory to engineering validation. The testnet has operated over 50 miner nodes and processed more than 100,000 blocks. However, BIP-360’s limitations are clear: it only protects newly issued Bitcoin using the P2MR format, leaving the roughly 34% of assets with exposed public keys vulnerable. BIP-361 was conceived as a necessary complement to BIP-360.
Jameson Lopp previously stated in industry discussions that migrating Bitcoin to post-quantum standards would "require at least 5 to 10 years." Blockstream CEO Adam Back also commented in early April 2026 that, regardless of disagreements over the quantum threat timeline, the prudent approach is to start preparations immediately and grant holders "about a decade" for migration. Bernstein, an analytics firm, offered a more aggressive estimate: developers have a 3- to 5-year window to launch post-quantum migration paths.
Structural Breakdown of the Three-Phase Migration Plan
BIP-361’s three-phase architecture reflects the authors’ balancing act between "urgency of security upgrades" and "community acceptance." The following table presents the core parameters and logic for each phase.
| Phase | Trigger Condition | Core Rule | Design Logic |
|---|---|---|---|
| Phase A | About three years after activation (160,000 blocks) | Prohibit sending new BTC to ECDSA/Schnorr legacy addresses; spending allowed, receiving prohibited | Creates gentle "outflow-only" pressure, using market mechanisms to encourage holders to migrate |
| Phase B | About five years after activation | Consensus layer fully rejects legacy signatures; un-migrated assets become permanently unspendable | Provides a clear security endpoint for the network, eliminating systemic quantum attack risk for legacy assets |
| Phase C | TBD (requires separate proposal) | Zero-knowledge recovery mechanism based on BIP-39 seed phrases | Offers a final rescue channel for holders who missed the migration window but still possess their private keys |
Phase A embodies the "private incentive" logic. Sending new funds to legacy addresses is prohibited, but outgoing transactions remain possible. This gives holders a three-year window to proactively migrate assets without immediate loss. Inactive addresses will gradually face reduced liquidity.
Phase B is the most controversial element. About five years after activation, the consensus layer will reject all transactions based on ECDSA and Schnorr signatures. Any Bitcoin not migrated to quantum-resistant addresses will become technically unspendable—UTXOs remain on the ledger and ownership is unchanged, but the coins cannot be spent. Quantitatively, if adopted, the plan could affect approximately 34% of circulating supply exposed to quantum risk, including 1.7 million BTC in high-risk P2PK addresses, with Satoshi Nakamoto’s estimated 1 million coins among them.
Phase C is the most ambiguous. The proposal describes it as an "optional rescue mechanism," recommending a separate BIP for implementation. The idea is to allow holders to use BIP-39 seed phrases as zero-knowledge proof inputs to demonstrate ownership to the network without exposing their private keys. Phase C remains "under further research," with no clear timeline or technical details.
Support and Opposition: Core Divisions Within the Community
Following BIP-361’s release, the global Bitcoin community has responded with sharp divisions.
Supporters argue for the proposal’s necessity from three angles: First, the migration window is closing rapidly, with Google’s Quantum AI white paper reducing the resources needed to break elliptic curve cryptography by about 20-fold. Second, the Bitcoin network cannot distinguish between "deliberate non-migration" and "lost private keys," meaning attackers could covertly crack and transfer assets once quantum capabilities mature, especially without a clear deadline. Third, migration essentially turns quantum security into a "private incentive"—Bitcoin frozen due to non-migration slightly increases the scarcity of remaining coins, while coins stolen via quantum attacks would create selling pressure in the market.
Critics are equally vocal: First, BIP-361 fundamentally challenges Bitcoin’s principles of "censorship resistance" and "permissionlessness," with several community members describing it as "authoritarian" and "predatory." Second, the five-year freeze in Phase B unfairly burdens holders who are dormant but have not lost their keys. Third, post-quantum signatures are about 100 times larger than ECDSA and Schnorr, and widespread adoption could significantly increase blockchain storage and bandwidth demands, potentially reigniting the "block size debate."
Additionally, the fact that Satoshi Nakamoto’s estimated 1 million BTC are included in high-risk addresses has sparked further discussion. Some observers worry the proposal could be seen as a "targeted cleanup" of specific historical holders, while others believe Satoshi’s coins have become part of Bitcoin’s narrative, and their freezing carries deep symbolic meaning.
Far-Reaching Impacts on Exchanges, Layer 2 Networks, and Governance Paradigms
BIP-361’s influence extends far beyond a single protocol upgrade.
If BIP-361 is activated, all exchanges and custodians will face clear operational deadlines. The first phase requires institutions to migrate all client assets to new address types within three years, including updating hot wallet architectures, redesigning cold storage solutions, and verifying withdrawal address formats with users. Any delays could prevent clients from sending or receiving assets normally.
The signature system migration driven by BIP-360 and BIP-361 could profoundly affect the operating logic of layer 2 protocols like the Lightning Network. Opening, updating, and closing Lightning channels rely on on-chain signature mechanisms, and changes to the underlying signature format will require protocol upgrades for compatibility. In the long term, building quantum-resistant infrastructure at the base layer will enhance the security and sustainability of layer 2 networks.
BIP-361 may mark a watershed in Bitcoin governance history. Previous soft fork upgrades—such as SegWit and Taproot—never directly affected the spendability of existing UTXOs. BIP-361’s distinction lies in explicitly writing the consequence of "no upgrade, no usage" into the proposal logic. If adopted, it could set a new precedent for future security upgrade governance decisions.
From the perspective of institutional investors, progress on quantum security migration could have dual effects. On one hand, the community’s proactive response to quantum threats sends a positive signal to institutional markets that "the Bitcoin ecosystem is capable of self-repair and evolution." On the other hand, uncertainty and potential divisions during migration may prompt short-term caution. As of April 15, 2026, the Bitcoin price stands at $73,953.8, with a 24-hour trading volume of $558 million. Market sentiment indicators are neutral, suggesting BIP-361 has not yet caused significant short-term volatility.
Conclusion
BIP-361 marks a clear turning point in the discussion of Bitcoin quantum security: shifting from "should we prepare for the quantum era" to "how should upgrade incentives be designed." The proposal transforms quantum security from an abstract community consensus issue into a "private incentive" for every holder, and this innovative framework is valuable for Bitcoin’s governance evolution.
Nevertheless, the controversies sparked by the proposal cannot be ignored. BIP-361 touches on a fundamental tension in Bitcoin governance: When the network faces foreseeable but uncertain external threats, how much authority should the community grant for proactive intervention to protect collective interests, and to what extent should it uphold the principles of "holder autonomy and network censorship resistance"? The answer will not come from any single proposal, but will gradually emerge through ongoing community discussion, debate, and consensus-building.
Regardless of whether BIP-361 is ultimately adopted or shelved, Bitcoin’s migration toward quantum resistance is now irreversible. Google’s Quantum AI team’s March 2026 recommendation clearly sets 2029 as the suggested migration deadline, and BIP-360’s P2MR output type is already undergoing real-world testing on the testnet. For exchanges, custodians, and holders alike, monitoring the progress of quantum security proposals and assessing their potential impact on asset management has become a critical long-term topic in digital asset risk management.
