Bitcoin Has Five Years to Secure Its Network Against Quantum Threats Before 'Q-Day'

Bitcoin is encountering a growing risk from

computing, prompting developers to unite in a push for post-quantum cryptography solutions. A recently introduced Improvement Proposal (BIP), co-written by Jameson Lopp and Christian Papathanasiou, details a staged approach for transitioning the network away from traditional elliptic curve digital signature algorithm (ECDSA) and Schnorr signatures, both of which are susceptible to quantum decryption. This proposal stresses the need for prompt action, highlighting that roughly a quarter of Bitcoin’s unspent transaction outputs (UTXOs) have already disclosed their public keys, making them targets for theft if quantum computers reach necessary capabilities.

The suggested BIP includes a migration path in three stages. In Phase A, which would start three years after adoption, sending coins to legacy ECDSA/Schnorr addresses would be blocked, prompting users to switch to quantum-resistant P2QRH (Pay-to-Quantum-Resistant-Hash) addresses. Phase B, projected to begin two years after Phase A, would invalidate all legacy signatures at the consensus layer, thereby locking up funds in at-risk addresses. An optional third step, Phase C, could introduce recovery methods using zero-knowledge proofs based on BIP-39 seed phrases, though this requires more research. The document warns that postponing this migration will make coordination harder, as stakeholders may be reluctant to adopt urgent changes during a crisis.

Some specialists believe that quantum computers capable of cracking Bitcoin’s encryption could become available between 2027 and 2030. David Carvalho from Naoris Protocol noted that 30% of Bitcoin’s coins reside in addresses that are already exposed to quantum threats, with attackers potentially using a “harvest now, decrypt later” tactic to compromise inactive wallets.

co-founder Anatoly Yakovenko echoed these concerns, urging Bitcoin developers to act within five years to avoid a 50% likelihood of a quantum advance. He pointed out that improvements in quantum hardware, such as Microsoft’s Majorana chip, have sped up the timeline for effective quantum computation.

The exposure of older wallets has put the spotlight on Satoshi-era addresses, some containing 1.1 million BTC. If quantum hackers derive private keys from already revealed public keys, they could gradually siphon off funds without immediate detection. This potential “Q-Day” event—where quantum technology is exploited quietly—could threaten Bitcoin’s security and destabilize its value.

Shifting to post-quantum encryption techniques is complex for Bitcoin’s decentralized system. Unlike centralized platforms, any upgrade requires agreement from miners, node operators, and wallet holders. The National Institute of Standards and Technology (NIST) has approved post-quantum algorithms like CRYSTALS-Dilithium and SPHINCS+, but deploying them on Bitcoin would involve hard forks, which are challenging to organize. Carvalho suggests hybrid solutions, such as using both ECDSA and post-quantum proofs in dual-signature transactions, to smooth the transition and maintain compatibility.

With quantum computing progressing, the cryptocurrency sector is proactively seeking safeguards. El Salvador has split its 6,284 BTC across 14 different wallets to reduce single-point failures, and organizations like

have recognized quantum computing risks in official disclosures. As artificial intelligence and quantum research increasingly intersect, the time frame for technological breakthroughs is narrowing. Companies like and PsiQuantum are aiming to develop million-qubit computers by 2030.