TLDR
- BIP-361 targets P2PK and other Bitcoin outputs with public keys already exposed on-chain.
- Phase A would stop new sends to quantum-vulnerable addresses about 160,000 blocks after activation.
- Phase B would reject ECDSA and Schnorr spends at a fixed height about five years after activation.
- The draft says over 34% of bitcoin had revealed a public key on-chain by March 1, 2026.
- A later Phase C may offer quantum-safe recovery for some frozen legacy UTXOs through a separate BIP.
Bitcoin developers and researchers have proposed BIP-361, a draft that would freeze exposed-key addresses in stages. The plan aims to curb quantum risks by moving funds toward future post-quantum scripts. It would start only after a post-quantum output type enters Bitcoin. The proposal gives users years to move funds before older signature spends stop working.
What BIP-361 would change
BIP-361 focuses on addresses whose public keys are already visible on-chain. The draft names P2PK outputs and other exposed-key UTXOs as quantum-vulnerable. The authors say a strong quantum computer could derive private keys from exposed public data.
Phase A would block any new sends to those vulnerable address types. Users could still move coins, but only into post-quantum outputs. The draft places that step about 160,000 blocks, or roughly three years, after activation.
Phase B would follow two years later at a fixed block height. Nodes would reject spends that rely on ECDSA or Schnorr keys. That would freeze exposed-key UTXOs that were not moved before the deadline.
Why the proposal cites quantum risk
The proposal says waiting for an emergency response would leave little time for wallets and exchanges. It argues that Bitcoin upgrades often take years across the network. A fixed timetable, the authors say, would reduce delay and push earlier migration.
The draft points to recent work outside Bitcoin. It says NIST ratified three production-grade post-quantum signature schemes in 2024. It also cites estimates that a relevant quantum computer could appear between 2027 and 2030.
The authors add that attack methods may improve even before hardware fully matures. They warn that attackers could derive keys quietly and spend later. That means chain watchers may not spot a live attack at its start.
Recovery ideas and wallet migration
The draft says more than 34% of bitcoin had revealed a public key on-chain by March 1, 2026. That includes older outputs and coins linked to address reuse. Those funds could face theft once quantum capability reaches the needed level.
Phase C remains open and would need a separate BIP. One option would allow some frozen legacy funds to be recovered with a quantum-safe proof. The draft points to zero-knowledge proof linked to a matching BIP-39 seed phrase.
The authors describe the plan as defensive and not punitive. They cite Satoshi Nakamoto, writing, “Lost coins only make everyone else’s coins worth slightly more.” They add that non-upgraded wallets would face tighter limits after Phase A and Phase B.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
