What should BTC do in the face of the future threat of quantum computing?

Article by Blue Fox

First, let me clarify that the content here is not intended to generate traffic or attack BTC, and if BTC truly encounters problems, it would be an issue for the entire industry.

What follows is purely a discussion: how should BTC respond to the future threat of quantum computing?

Currently, the crypto community has a concept called Q-DAY, which refers to the day when quantum computers can break the ECDSA signature algorithm used by BTC and ETH using the “Shor Algorithm.”

This means private keys will no longer be secure, and wallets’ locks will no longer be reliable.

In the past, quantum attacks were considered science fiction, but now this threat is no longer nonexistent.

According to current quantum experts, the estimated timeframe is between 2031 and 2038—that is, in about 5-6 years at the earliest, or 12-13 years at the latest, the threat will become practically visible.

This is related to the rapid progress in quantum hardware and algorithms. Experts say that previously, cracking ECDSA would require several million or even tens of millions of physical qubits.

However, recent two years have seen algorithm optimizations and new error-correcting codes that could reduce this requirement by more than tenfold. Given the exponential growth in current algorithms and hardware, there is a probability that actual threats could emerge within 5-6 years.

Therefore, before Q-Day arrives, both BTC and ETH need to adopt “new locks” (post-quantum signatures).

Ethereum has a clear roadmap and expected completion time—around 2029 for its post-quantum upgrade.

The BTC community’s roadmap is not yet finalized.

Due to historical reasons, BTC’s community style has always been “prefer not to change if possible,” supporting principles of immutability and backward compatibility, making any upgrade very difficult.

It wasn’t until last month that BTC first included quantum resistance in its roadmap.

On February 11, BIP 360 (Pay-to-Merkle-Root) was officially added to the BIP repository.

The core idea is to remove part of Taproot’s “key path,” only retaining the Script-path, significantly reducing quantum exposure. This will support easier integration of quantum-secure signature schemes in the future.

However, it does not force anyone to upgrade; it simply lays the groundwork for future soft forks.

The complete migration plan (post-quantum migration BIP) is still under discussion and has not been officially adopted, with an estimated timeline of 5-10 years:

• Phase 1: Encourage migration—ban new funds from flowing into old addresses, and encourage the community to transfer coins to new, quantum-secure addresses.

• Phase 2: Mandatory for new coins—old addresses can still spend, but new coins must use the new lock.

• Final phase: The most controversial, involving the handling of funds in old addresses—should they be frozen or burned?

This involves a significant portion of BTC: approximately 25-33% (around 6-7 million coins) are in a state vulnerable to quantum attacks, including Satoshi’s 1 million BTC and other permanently lost coins. Doing so would violate BTC’s long-standing principle of non-interference.

Some argue there’s no need to freeze these BTC; whoever has them can do as they wish.

If so, 6-7 million BTC could be taken, and if BTC’s price reaches $300,000 per coin, this would mean a total value of about $1.8 trillion to $2.1 trillion.

Such a massive influx of BTC into the market would be unimaginable, and the final market state is uncertain.

In summary, the biggest challenge in BTC’s quantum protection route is not technical but governance-related: how to coordinate the community.

How to handle BTC in old addresses is the biggest obstacle in BTC’s future quantum-safe roadmap.

Perhaps in the next 1-2 years, the community will gradually move from disputes to consensus. After all, time waits for no one.