Bitcoin was built on the promise that no one can touch your coins without your private key. No government, no banks, no one.
That promise is now, for the first time in Bitcoin’s 16-year history, being challenged by the developer community itself, as part of moves to build defenses against future quantum computers that could compromise Bitcoin’s blockchain and steal your coins.
The proposal
Jameson Loop, one of Bitcoin’s vocal contributors, and other cryptographers have proposed a measure that could force Bitcoin holders to migrate their coins to new quantum-resistant addresses or risk having their coins permanently frozen by the network itself. In this scenario, holders would technically still “own” the coins, but would lose the ability to move them.
It’s called Bitcoin Improvement Proposal (BIP)-361 and was updated on Tuesday in the official Bitcoin proposal repository with the title “Post Quantum Migration and Legacy Signature Sunset.”
This comes as a recently released report from Google warned that a sufficiently powerful quantum machine could require far less firepower to compromise the Bitcoin blockchain than initially estimated. This has prompted some observers to cite 2029 as the quantum deadline for Bitcoin.
To understand the need to freeze parts, you need to know what they protect against.
Every Bitcoin wallet is secured by a form of cryptography called ECDSA, or Elliptic Curve Digital Signature algorithm. Think of it as a lock on your wallet. When you set up a wallet, two keys are generated: The private key, which is a unique password used to prove that you own the coins you spend. Then there is a public key derived from the private key. This public key allows funds to be received, transaction signatures to be verified, and security to be provided without revealing the owner’s private key.
Here’s the problem: your public key is revealed on the blockchain, permanently for anyone to see when you send funds. A sufficiently powerful quantum machine can use this to reverse engineer your private key and drain your funds.
In March, according to Google’s study, the sum of all BTC in vulnerable addresses was around 6.7 million BTC.
BIP-361 builds on the proposal presented in February as part of BIP-360, which introduced a soft fork (a network upgrade) designed to enable a new type of transaction called pay-to-Merkle-root (P2MR). The approach borrows from Bitcoin’s Taproot (P2TR) framework, but removes the key-based spending path, thereby removing an element widely seen as exposed to potential risks of the quantum age.
Three phases
The BIP 361 proposal structures the migration in three phases. Phase A begins three years after potential activation, preventing anyone from sending new bitcoins to old, quantum-vulnerable addresses. You can still spend from these addresses, but you cannot receive anything.
Phase B, which will begin five years after activation, will render the old signatures (ECDSA and Schnorr) completely invalid, such that spending attempts from quantum-vulnerable wallets will be rejected by the network. Essentially, your coins will be frozen.
Finally, Phase C is a rescue proposal, still under research, in which the holder whose wallets are frozen could potentially prove ownership using a zero-knowledge proof, a way to prove knowledge of a secret without revealing the secret itself. If it works, the parts frozen by phase B could be recovered.
Community reaction
The idea of freezing coins as a defense against quantum threats goes directly against one of Bitcoin’s most fundamental promises: sovereign, permissionless control over funds.
At its core, Bitcoin is designed to ensure that whoever holds the private keys controls the coins – no exceptions. The introduction of a mechanism to freeze coins, even in extraordinary circumstances such as a quantum attack, implies that this principle can be circumvented.
The community is therefore not satisfied with the proposal.
“This quantum proposal is highly authoritarian and confiscatory, but of course it comes from Lopp. There is no good reason to force the upgrade and make old expenses invalid. The upgrade should be 100% voluntary,” said one X user.
“This smacks of centralized planning with deadlines, behavioral coercion and forced migration,” another user said.
The developers, however, called it a defensive measure.
“This is not an offensive attack, but rather a defensive one: our thesis is that the Bitcoin ecosystem wishes to defend itself and its interests against those who would prefer to do nothing and allow a malicious actor to destroy both value and trust,” they said.
