Quantum computing cannot break Bitcoin today. That much is not in dispute. What is in dispute is whether the network should wait until the threat is imminent before doing anything about it — and Adam Back, the cryptographer and CEO of Blockstream, says the answer is clearly no.
Back is pushing a formal proposal — BIP-361 — that would give Bitcoin users a structured, optional path toward quantum-resistant security without forcing an abrupt, network-wide overhaul. The proposal is gaining attention precisely because it tries to thread a needle that has divided Bitcoin developers for years: act early enough to matter, without triggering the kind of mandatory protocol change that the Bitcoin community resists on principle.
What BIP-361 Actually Proposes
The mechanics are relatively straightforward. BIP-361 would begin phasing out quantum-vulnerable address types over a five-year period. Users who migrate their holdings to quantum-safe addresses during that window would complete the process voluntarily. Coins that remain in old, vulnerable addresses after the deadline would be frozen — not destroyed, but rendered immovable until their owners complete the migration.
That "freeze, don't burn" framing matters politically inside the Bitcoin ecosystem. Any proposal that could result in coins being permanently lost — or seized by the protocol — faces immediate resistance. Freezing rather than confiscating is a deliberate design choice intended to make the proposal more palatable to Bitcoin's conservative upgrade culture.
The key tension is between the "optional" framing and the hard deadline. It's optional in the sense that no one is forced to move on day one. It's not optional in the sense that failure to migrate within five years has real consequences for coin accessibility.
Why the Urgency Argument Is Harder to Dismiss Than It Used to Be
Until recently, quantum computing as a Bitcoin threat was largely theoretical — something developers could table for later. That framing has become harder to defend.
Research published earlier this year from Google and from Caltech-linked startup Oratomic suggested that cracking elliptic curve cryptography — the foundation of Bitcoin's address security — may require fewer quantum resources than prior estimates assumed. Neither paper announces an imminent breakthrough, but they shift the goalposts. The question is no longer whether quantum computers will eventually reach the necessary threshold, but how far away that threshold actually is.
Back's public position, reiterated recently, is that waiting for quantum computers to be a demonstrated threat before building defenses is categorically too late. Bitcoin consensus changes move slowly. A contested soft fork can take years to activate even when developers broadly agree. If quantum hardware advances faster than expected, and the network hasn't already built migration infrastructure, the response window could close before the community finishes arguing about it.
That's the core argument for acting now, even if "now" means a five-year runway rather than immediate mandatory migration.
Where the Developer Community Splits
Not everyone accepts that framing. A vocal segment of Bitcoin developers and researchers argues that BIP-361 — or any mandatory endpoint — introduces unnecessary complexity and governance risk into a system where conservative inaction is often the correct choice.
Their objection isn't that quantum computing isn't a real long-term concern. It's that Bitcoin's upgrade track record favors incremental, reversible changes, and that any proposal with a hard freeze deadline has coercive elements regardless of how it's packaged. There's also a legitimate technical debate about which post-quantum cryptographic algorithms are mature enough to be worth standardizing into Bitcoin's base layer.
The alternative camp prefers building quantum-resistant signing schemes as genuinely optional extensions — available to users who want early protection — without any protocol-enforced migration deadline. Users who want to move to post-quantum addresses can do so at any time. Those who don't face no consequences. The network evolves at its own pace.
The problem with that approach, Back and others argue, is that it leaves a long tail of vulnerable addresses holding significant Bitcoin — potentially Satoshi's own coins among them — with no mechanism to pressure migration before quantum computers make those coins theoretically at risk.
The Satoshi Coin Problem
This is perhaps the most uncomfortable edge of the quantum debate. A meaningful portion of early Bitcoin — including coins widely attributed to Satoshi Nakamoto — sit in legacy Pay-to-Public-Key (P2PK) addresses, where the public key is directly exposed on-chain rather than hidden behind a hash. That exposure makes those coins particularly susceptible to future quantum attacks, since breaking the encryption requires only the public key, which is already visible.
No proposal has cleanly resolved what to do about those coins. Freezing them under BIP-361's logic would, at minimum, prevent a hypothetical quantum attacker from sweeping them — but it would also mean locking out any claim Satoshi or their heirs might theoretically exercise. It's a problem that has no comfortable answer, which is part of why it's easier to defer.
Why This Is Fundamentally an Infrastructure Question
Strip away the cryptographic jargon and BIP-361 is a network infrastructure proposal. It's asking whether Bitcoin should proactively harden its core security layer before an attacker has the tools to exploit the existing one — the same logic behind any responsible system upgrade cycle.
Traditional financial infrastructure doesn't wait for a breach to modernize its encryption standards. The NIST post-quantum cryptography standardization process — which finalized its first algorithms in 2024 — exists precisely because the cryptographic community understands that migration takes time and cannot happen on short notice.
Bitcoin's decentralized governance makes this harder, not easier. There's no entity that can simply push an update. Any change requires broad consensus, extended activation periods, and significant developer coordination. That reality is exactly why Back's argument for a five-year migration window — beginning now — deserves serious engagement rather than dismissal as premature.
The Grounded Takeaway
BIP-361 is not a solution to the quantum threat. It's a proposed schedule for dealing with it, and that schedule is already contentious. The debate it has surfaced — forced migration versus genuinely optional upgrades — reflects a real and unresolved tension in how Bitcoin manages infrastructure risk.
What's worth noting is that this conversation is happening at a meaningful level. A formal BIP, a credible proposer, and published research accelerating the underlying threat timeline all suggest the quantum question has graduated from "theoretical" to "on the agenda." Whether it moves to "on the roadmap" depends on whether the Bitcoin developer community can find enough consensus to act before the window of comfortable lead time starts closing.
For holders, the practical near-term implication is simple: wallets using modern SegWit or Taproot address formats are in better shape than older P2PK addresses. That migration has been advisable for years for performance reasons. Quantum risk is one more item on that list.
---