Bitcoin weighs post-quantum plan as BIP-360 maps 7-yr window

What to Know:

• Migration framed as coordination challenge, not emergency; seven-year planning midpoint.
• Timeline covers new outputs, wallet defaults, dormant UTXO migration, testing, policy updates.

Bitcoin’s move to quantum‑resilient verification is framed as a multi‑year coordination problem rather than an emergency. Estimates often cluster around a mid‑range horizon, with seven years cited as a workable midpoint for planning.

The timeline reflects how long it could take to activate new output types, shift wallet defaults, and safely migrate dormant UTXOs without disrupting liquidity. It also reflects the need for broad industry testing, network policy updates, and measured deprecation of legacy pathways.

Immediate impact: what BIP‑360 changes and coordination required

The BIP‑360 draft proposes a new output type geared toward quantum resistance, removing the standard key‑path spend and committing only to a Merkle root. Earlier descriptions of the approach refer to a “pay‑to‑quantum‑resistant‑hash” structure and emphasize compatibility via soft‑fork activation rather than a hard fork.

If adopted, the immediate coordination burden would fall on node and mempool policy, wallet and exchange software, and custodial workflows. Network participants would need a staged plan to curtail vulnerable spends, handle fee and bandwidth implications, and communicate safe redemption paths for legacy outputs.

“It would easily take five to 10 years,” said Jameson Lopp, co‑founder at Casa, describing the complexity of rolling out quantum‑resistant signatures and migrating existing funds.

Taproot script‑path vs new signatures: practical steps now

A strand of research argues that constraining Taproot to script‑path spends can mitigate quantum exposure by keeping public keys hidden until spend; according to Blockstream Research, this makes script‑path usage materially harder for quantum adversaries to target. That view treats script‑path discipline as a near‑term guardrail while longer‑term primitives mature.

An alternative is to adopt quantum‑resistant signatures directly in new outputs, trading larger signatures for stronger asymptotic security. According to NIST, post‑quantum signature algorithms were selected in 2024, providing vetted candidates that implementations could hash‑commit to within BIP‑360’s design space.

At the time of this writing, based on data from TradingView, Bitcoin was around $69,197 with very high 12.19% volatility and nine green days in the prior 30 sessions. These figures offer context for risk management discussions but do not alter the engineering cadence required for a safe migration.