A leading Bitcoin developer says he’s built something the community has debated for years but never produced: a way to save regular wallets if the network is ever forced to defend against a quantum computer.
in the face of a quantum adversary, a commonly discussed emergency soft fork for Bitcoin would be to disable the Taproot keypath (thus transforming it into something resembling BIP-360).
assuming an existing precautionary soft-fork to add a pq…
-Olaoluwa Osuntokun (@roasbeef) April 8, 2026
Olaoluwa “Roasbeef” Osuntokun, chief technology officer at Lightning Labs, revealed the working prototype in an April 8 post on the Bitcoin Developer Mailing List. The tool targets a specific and uncomfortable flaw in Bitcoin’s long-term defense plan, a widely discussed “emergency brake” upgrade designed to protect the network from quantum attacks could also deprive millions of users of their own funds. Osuntokun’s proposal is a cop-out.
Bitcoin relies on a form of encryption that could, in theory, be broken by sufficiently powerful quantum computers. If this happens, public data already visible on the blockchain could be transformed into private keys, allowing attackers to seize funds.
One of the main proposals, known as BIP-360, was merged into the Bitcoin Improvement Proposal repository in February as a draft. This would give users a new type of quantum-resistant wallet to migrate their funds into before any threats.
But migration takes time, and not everyone will move over time. This is why the developers also discussed a more drastic safety feature: the “emergency brake”.
Today, every Bitcoin transaction is authorized by a digital signature, a cryptographic piece of mathematics that proves the sender owns the coins. These signatures correspond exactly to what a quantum computer would be able to forge.
The emergency brake would disable Bitcoin’s current signature system network-wide, before an attacker could begin emptying wallets. Think of it as powering out the locks when you realize the keys have been copied.
The problem is what happens to everyone still inside. Most modern wallets – particularly the single-user Taproot wallets introduced to Bitcoin in 2021 and now common across the ecosystem – rely on this signature system and little else to authorize spending. If disabled, these wallets have no other way to prove ownership.
The rooms inside would be blocked off, untouchable even by their rightful owners. The same upgrade designed to protect users could also freeze them permanently.
Osuntokun’s prototype is designed to give these wallets a second path. Instead of proving ownership with a digital signature – the very mechanism that a quantum attack would break and the emergency upgrade would disable – its system allows a user to mathematically prove that they are the one who originally created the wallet, using the secret “seed” from which each Bitcoin wallet is generated.
Importantly, the proof does not require revealing the seed itself, so using it to save a wallet does not compromise other derivatives of the same seed. Indeed, it replaces “I can sign this transaction” with “I can prove that this wallet comes from me”.
The prototype is already functional. Running on a high-end consumer MacBook, generating the proof took about 55 seconds, while verifying took less than two seconds. The resulting proof file was approximately 1.7MB, about the size of a high-resolution image. Osuntokun said the system was built as a side project and was still not optimized.
Currently, there are no formal proposals to add it to the Bitcoin blockchain, nor any timetable for deployment, and developers remain divided on the real urgency of the quantum threat.
Academic researchers note that many widely cited quantum “breakthroughs” rely on simplified testing conditions, and that large-scale attacks on Bitcoin’s mining system would face strict physical limits. But the risk to exposed wallets has been considered real enough that developers have been considering defensive upgrades for years.
Markets reflect this uncertainty. On Polymarket, traders currently assign around a 28% chance that BIP-360 will be implemented by 2027.
But the prototype fills a gap that persisted in theory: how to protect Bitcoin against a future threat without the collateral damage of locking users out of their wallets.
