The threat of quantum computing is gaining traction within the Bitcoin community. A few high profile investors have even cited it as a reason to reduce exposure.
In response, Bitcoin developers are discussing new proposals aimed at strengthening the network against a future where quantum machines are powerful enough to challenge today’s cryptography. So what is the real risk, and what is being done about it?
The mechanics of the threat
Quantum computers are not just faster versions of classical machines. They operate differently. Instead of using bits that are either 0 or 1, they use qubits, which can represent multiple states at once. That allows certain mathematical problems to be solved far more efficiently, but only specific ones. Most everyday computing tasks gain little to no benefit from quantum hardware.
For Bitcoin, two quantum algorithms matter. Grover's algorithm affects mining, but only gives a square root speedup. That is helpful, without being a catastrophic menace. Shor's algorithm is the bigger concern. Bitcoin relies on digital signatures to prove ownership of coins. Today, it is practically impossible to reverse engineer a private key from a public key using classical computers. A powerful enough quantum computer could change that. The real risk is not that quantum computers will hack Bitcoin overnight. The real risk is that they could eventually steal coins by deriving private keys from exposed public keys.
Mining and the threat of monopoly
Bitcoin mining is basically finding a number by brute force until a valid block hash is found. A quantum miner with access to Grover’s algorithm could search for valid hashes faster than a classical miner. In simple terms, a quantum miner would gain an edge, but not an instant monopoly.
Bitcoin’s difficulty adjusts roughly every two weeks. If one participant suddenly finds blocks more quickly, the protocol raises the difficulty and restores the ten minute average. The network remains functional. The bigger concern would be centralization if only one or two players had access to advanced quantum hardware. Still, mining is not where the existential risk lies.
The wallet vulnerability
The more serious issue is signature security. Bitcoin ownership rests on private keys, which are mathematically linked to public keys using elliptic curve cryptography. Under normal conditions, deriving a private key from a public key is practically impossible. A sufficiently advanced quantum computer running Shor's algorithm could change that. If that day ever comes, any coins whose public keys are visible would become vulnerable.
However, not all public keys are exposed all the time. Most modern Bitcoin addresses store only a hash of the public key onchain. The actual public key is revealed only when you use the coins and broadcast a transaction. That means there is typically just a short window, between broadcast and confirmation, where the public key is visible. In a world with powerful quantum machines, that window could become a race, where an attacker tries to derive the private key and redirect the funds before the transaction confirms.
Older Bitcoin outputs are different. Some early transactions placed the full public key directly onchain. In those cases, the key has been visible for years. If large scale quantum computing ever becomes practical, those coins would be at higher risk because their public keys are already exposed and have been for a long time.
BIP 360 and the road to resistance
This is where Bitcoin Improvement Proposal 360 enters the discussion. BIP 360 introduces a new type of Bitcoin address designed to reduce how much permanent key information sits out in the open. Instead of tying coins directly to a single public key, it locks them behind a more flexible script structure. That means there is no one static public key permanently embedded in the output from day one.
This connects directly to the earlier point about exposure. Some older Bitcoin outputs revealed full public keys onchain, and those keys remain visible today. A large portion of Satoshi era coins fall into this category, with publicly visible keys that, in a sufficiently advanced quantum world, would effectively be fair game. BIP 360 is meant to reduce that kind of long term exposure going forward. By avoiding permanently visible key paths in new outputs, it lowers the risk that dormant coins could be quietly compromised years down the line.
It is important to understand what this proposal does not do. It does not replace Bitcoin’s current signature scheme, and it does not introduce full post quantum cryptography. When coins are eventually used, public keys are still revealed as part of the transaction process. So the short exposure window, the brief period between broadcast and confirmation, still exists.
Implementing the soft fork
If BIP 360 were approved, it would be introduced as a soft fork. A soft fork is a backward compatible change to Bitcoin’s consensus rules. Rather than loosening the rules, it tightens them. Developers first implement the proposal in Bitcoin Core and other node software. The code is reviewed, trialed on test networks, and debated by the community. Once there is broad technical confidence, an activation mechanism is chosen, typically involving miner signalling over a defined period.
When activated, upgraded nodes begin enforcing the new, stricter validation rules. Older nodes that do not upgrade can continue operating because the new rules are structured as a subset of the old ones. They still see new blocks as valid, even if they do not fully understand the new features.
Miners, however, face stronger incentives. If they fail to upgrade and produce a block that violates the new rules after activation, upgraded nodes will reject that block. That means the miner loses the block reward. This financial risk is what drives coordination. As long as the economic majority, including exchanges, businesses, and users, run upgraded software, the stricter rule set becomes the effective definition of the valid chain.
The future of the network
BIP 360 is a risk reduction step. It limits unnecessary long term public key exposure now, buying time and shrinking the pool of coins that could be passively targeted in a distant quantum future. A fully quantum resistant Bitcoin would require a deeper upgrade, most likely a transition to entirely new signature schemes.
Quantum computing may one day become powerful enough to threaten today’s signature schemes. The open question is not whether the technology will advance, but whether Bitcoin will adapt before that threshold is crossed. If its history is any guide, the network will not stand still.
