Bitcoin was built on a promise that no one can touch your coins without your private key. No government, no bank, no one.
That promise is now, for the first time in Bitcoin’s 16-year history, being challenged by the developer community itself, as part of efforts to build defenses against future quantum computers that could compromise Bitcoin’s blockchain and steal your coins.
The proposal
Jameson Loop, one of the outspoken bitcoin contributors, and other cryptographers have proposed a move that could force bitcoin holders to migrate their coins to new quantum-resistant addresses or face having their coins permanently frozen by the network itself. In that scenario, holders would technically still “own” the coins, but lose the ability to move them.
It’s called Bitcoin Improvement Proposal (BIP)-361 and was updated in Bitcoin’s official proposal archive on Tuesday with the title “Post Quantum Migration and Legacy Signature Sunset.”
This comes as a recently released Google report warned that a sufficiently powerful quantum machine could require significantly less firepower to compromise the Bitcoin blockchain than originally estimated. This led some observers to cite 2029 as the quantum deadline for bitcoin.
To understand the need to freeze coins, you need to know what it protects against.
Each Bitcoin wallet is secured by a form of cryptography called ECDSA or Elliptic Curve Digital Signature Algorithm. Think of it as a lock on your wallet. When you create a wallet, two keys are generated: Private key, which is a unique password used to prove that you own the coins you use. Then there is a public key derived from the private key. This public key helps to receive funds, verify transaction signatures, and ensure security without revealing the owner’s private key.
Here’s the problem: your public key is revealed on the blockchain, permanently for anyone to see, when you send money. A sufficiently powerful quantum machine can use it to reverse engineer your private key and drain your money.
In March, the sum of all BTC in vulnerable addresses was approximately 6.7 million BTC, according to the Google study.
BIP-361 builds on the proposal made in February under BIP-360, which introduced a soft fork – a network upgrade – designed to enable a new transaction type called pay-to-Merkle-root (P2MR). The approach borrows from Bitcoin’s Taproot (P2TR) framework, but removes the key-based spending path, removing an element widely considered to be exposed to potential quantum-era risks.
Three phases
The BIP 361 proposal structures the migration in three phases. Phase A starts three years after potential activation and blocks anyone from sending new bitcoin to old-fashioned, quantum-vulnerable addresses. You can still spend from these addresses, but can’t receive anything.
Phase B, starting five years after activation, will render old style signatures (ECDSA and Schnorr) completely invalid, so attempts to spend money from quantum vulnerable wallets will be rejected by the network. Essentially, your coins will be frozen.
Finally, Phase C is a proposed rescue, still under research, where the holder of frozen wallets could potentially prove ownership using a zero-knowledge proof, a way to prove knowledge of a secret without revealing the secret itself. If it works, coins frozen by phase B can be recovered.
Community backlash
The idea of freezing coins as a defense against quantum threats cuts directly against one of Bitcoin’s most fundamental promises: sovereign, permissionless control of funds.
At its core, Bitcoin is designed to ensure that whoever has the private keys controls the coins – without exception. Introducing a mechanism that allows coins to be frozen, even in exceptional circumstances such as a quantum attack, implies that this principle can be overridden.
The municipality is therefore not satisfied with the proposal.
“This quantum proposal is very authoritarian and confiscatory, but of course it is from Lopp. There is no good reason to force the upgrade and invalidate old spending. Upgrade should be 100% voluntary,” said one X user.
“This reeks of central planning with deadlines, coercion and forced migration,” said another user.
However, developers called it a defensive measure.
“This is not an offensive attack, rather it is defensive: our thesis is that the Bitcoin ecosystem wants to defend itself and its interests against those who prefer to do nothing and allow a malicious actor to destroy both value and trust,” they said.
