Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 24 from 12 users
Topic OP
J. Lopp's Post-Quantum Migration BIP
by
Pmalek
on 16/07/2025, 07:55:57 UTC
⭐ Merited by nutildah (4) ,vapourminer (4) ,LoyceV (4) ,ABCbits (2) ,d5000 (2) ,dkbit98 (2) ,stwenhao (1) ,DireWolfM14 (1) ,Charles-Tim (1) ,WhyFhy (1) ,Lucius (1) ,Medusah (1)
Several authors have submitted a BIP draft, suggesting a future consensus upgrade in the Bitcoin network and switch to a quantum-resistant cryptographic standard. I will write a short summary of the paper below.

Authors:
Jameson Lopp
Christian Papathanasiou
Ian Smith
Joe Ross
Steve Vaile
Pierre-Luc Dallaire-Demers


This is a three-phase plan to migrate Bitcoin to a new post-quantum cryptographic standard. In it, the authors suggest adopting the already proposed P2QRH output types and abandoning ECDSA/Schnorr signatures. The BIP requests a mandatory switch of cryptographic signatures due to concerns of ECDSA/Schnorr being vulnerable to future quantum computers.

As mentioned, three phases are suggested.

Phase A is a soft fork.
- At this stage, Bitcoin is supposed to stop creating new outputs using existing public key formats.
- Sending Bitcoin should only be possible to the new quantum-resistant P2QRH outputs.
- Users must start migrating their funds to the new proposed standard.
- This activation is proposed as soon as P2QRH outputs become available on the network.

Phase B
- A deadline will be announced after which it won't be possible to spend and sign using legacy ECDSA/Schnorr signatures.
- This requires a consensus rule change, where nodes will reject the old signature formats.
- Quantum-vulnerable UTXOs become unspendable.
- The recommended deadline is around 5 years after the activation of Phase A.

Phase C (Optional)
- A feature could be introduced to recover old legacy UTXOs that were not migrated in time.
- Users in possession of private keys and seeds of old legacy inputs could then still recover their coins.


The BIP requires a change to Bitcoin's consensus and prior activation of BIP-360, introducing P2QRH (quantum-resistant) outputs. The authors encourage an earlier adoption of quantum-resistant standards and prevention of future hard forks and chain splits if/when quantum computers become a real threat.

What does everyone think about this BIP?


If you want to read it in its entirety, you can do so here:
bip-post-quantum-migration.mediawiki