6 massive challenges Bitcoin faces on the road to quantum security

Bitcoin’s biggest challenge may lie in making the blockchain post-quantum.

Experts in the field believe a quantum computer could emerge in the next decade. With BIP-360 co-author Ethan Heilman estimating the rollout of post-quantum could take seven years, time is running out to reach a consensus on the way ahead

Here are the biggest issues and obstacles Bitcoiners face:

1: Gaining agreement
2. Doing nothing has risks too
3. Post-quantum signature sizes are massive
4. Signature size solutions are radical for Bitcoin
5. Migrating coins to post-quantum addresses will take forever
6. What to do with coins that can’t upgrade?

Bitcoin’s quantum problem #1: Gaining agreement

There’s a high degree of confidence that the technical problems can be solved. But it’s more doubtful that Bitcoiners will be able to agree on the changes required in time. Bitcoiners have gone to war over increasing the block size, which led to the creation of Bitcoin Cash, and are still fighting over the downstream effects of the Taproot upgrade in November 2021.

“The main hurdle is the decentralized nature of Bitcoin and getting consensus,” Charles Edwards, founder of Capriole Investments, tells Magazine. He says prominent quantum skeptics are blocking momentum for action. “Like you have people — Adam Back — saying we’re 40 years away, which is just complete nonsense, like fantasy land commentary.”

Another advocate for change, Castle Island founder Nic Carter, claims that nine out of the top ten most influential Bitcoin devs have downplayed the threat, failed to express a view, or suggested there’s no urgency.

Bitcoin Core contributor James O’Beirne summed up the attitude of many in the Bitcoin community on the Stephan Livera Podcast this week.

“I would say there are way better uses of our time as developers. There’s kind of an infinite list of things that we could be working on and for me, you know, quantum doesn’t even breach the top 100 things when it comes to Bitcoin.”

Like many skeptics, he suspects proponents of change may have ulterior motives. “Quantum is being used as a sort of, um, wedge, I think, to potentially drive the adoption of a bunch of new cryptography,” he said. 

The minimal BIP-360 soft fork, which hides the public keys of Taproot outputs, appears to be palatable to O’Beirne. However, it also leaves most of the really difficult decisions for another day.

Bitcoin’s quantum problem #2: Doing nothing has risks too

Even if the skeptics are 100% correct and a quantum computer is decades away, the potential risk is already weighing on Bitcoin’s claim to be an immutable store of value.

Onchain analyst Willy Woo believes the market is already pricing in the possibility of up to four million BTC being stolen by quantum attackers and dumped back on the market.

Jefferies strategist Christopher Wood cuta 5% to 10% allocation to Bitcoin from the firm’s model portfolio due to quantum computing concerns, and UBS CEO Sergio Ermottisaidat Davos that Bitcoin needs to address the issue. Kevin O’Leary told Fox Business that “until that gets resolved, there’ll be some resistance at the institutional level to go past 3% ”.

JUST IN: Kevin O’Leary aka Mr. Wonderful says that institutions do not want to own more than 3% of Bitcoin in their portfolios because of the risk of quantum computing. pic.twitter.com/xJYLZlCvvb

— The ₿itcoin Therapist (@TheBTCTherapist) February 17, 2026

Project 11 backer Nic Carter claims that if Bitcoin doesn’t change, change may be forced upon it.

“If you’re BlackRock and you have billions of dollars of client assets in this thing and its problems aren’t being addressed, what choice do you have?” he asked. While BlackRock can’t “fire the devs,” they can switch their holdings or put their support behind a contentious fork.

Other chains are already working on the problem, with Ethereum on track to become post-quantum by 2029. Project 11 deployed a working post-quantum signature system on the Solana testnet, claiming it is practical and scalable.

Capriole also believes quantum computing fears are affecting Bitcoin’s price, which may be why Back has started to take the topic seriously.

“I think he’s getting in the picture now that if we don’t solve this, even if it doesn’t happen for longer than expected, the risk of it happening is too great, and it’s discounting the value of Bitcoin.”

Bitcoin’s quantum problem #3: Post-quantum signature sizes are massive

The current crop of post-quantum signature schemes is 10 to 100 times larger than Bitcoin’s existing elliptic curve Schnorr signatures.

“The issue with large quantum signatures is that it reduces the number of transactions that can be fit in a block,” says Heilman. “If we go from 300-byte transactions to 3000-byte transactions, transaction volume per block, transaction throughput, will decrease by ten.”

That would mean Bitcoin would be processing at a fraction of 1 transaction per second.

Heilman says that, among the public keys and signatures under consideration, SQLsign (Supersingular isogeny) would be only 213 bytes, compared with Schnorr at 96 bytes (which is what Bitcoin currently uses). But he adds that it’s too computationally expensive to use at present unless researchers make a breakthrough that makes it faster and cheaper.

The lattice-based ML_DSA (Dilithium) would come in at 3,732 bytes, and the hash-based SLH_DSA (Sphincs+) would be around 7,888 bytes.

In general, the lattice-based signatures are smaller but less proven, while hash-based signatures are larger and more battle-tested. Ethereum is using hash-based signatures for the consensus layer of its PQ overhaul, and may offer users a choice of signatures on the execution layer. Ethereum Foundation researcher Justin Drake explained:

“There’s uncompromising security. One of the goals of blockchains is that there’s going to be securing hundreds of trillions of dollars over centuries. And hash based cryptography is believed to stand the test of time and is by far the most conservative and minimal assumption that you could hope for.”

BIP-360 has increased its chances of activation by not implementing a signature scheme.

“There is a lot of work happening on post-quantum signature schemes, we might want to adopt one signature scheme and then later [decide] another scheme is more desirable. Maybe it is more secure, has smaller signatures, or supports some new scaling approach,” says Heilman.

Bitcoin’s quantum problem #4: Signature size solutions are radical for Bitcoin

The proposed solutions to deal with the large signatures are pretty radical in Bitcoin terms.

Heilman proposed Bitzip, which would aggregate PQ signatures and public keys into a single ZK STARK proof per block.

“There are two ways to go about doing it; either add a bunch of general-purpose opcodes to Bitcoin and then build something like a zkRollup in Bitcoin or support STARKs at the consensus layer of Bitcoin,” he says.

Ethereum’s post-quantum team already has a working prototype of a similar hash-based ZK solution; they hope Bitcoin will adopt it to create an industry standard.

An alternative is to offer a discount for verifying larger post-quantum signatures, reducing their effective weight and fee costs. Heilman doesn’t support this as “it could be abused for JPEG storage,” but says it’s better than nothing if agreement can’t be reached on adding ZK.

Heilman is keenly aware that it may not be possible to reach consensus on the required changes.

“In any event, Bitcoin survives, the question is just if we take a transaction volume hit.”

Bitcoin’s quantum problem #5: Migrating coins to post-quantum addresses will take forever

The devs can’t just make Bitcoin quantum-proof in the back end. Every single address needs to voluntarily move its coins to a new address type.

“Actually getting to the point where holders are comfortable doing this will be a significant amount of work,” Heilman says. “The wallet and exchange ecosystem, including hardware wallets, will need to add support. Custodians will need to test and deploy these updates to their infrastructure.”

The Blockspace Podcast recently estimated that it would take six months to migrate everything using 100% of Bitcoin’s available bandwidth.

If 75% of Bitcoin’s capacity is still being utilized for normal trading and transfers, it might take two years.

Drake, meanwhile, has estimated the migration could take between three months and one year.

Many coins will likely be lost to scammers and errors in the process.

Bitcoin’s quantum problem #6: What to do with coins that can’t upgrade?

Around 6.8 million Bitcoin are quantum-vulnerable, with the public keys exposed, and, with luck and good communication, many of the owners of those addresses will upgrade their coins.

But 1.7 million Bitcoin is held in long-dormant addresses with exposed public keys, mined by Satoshi and other OGs. Unless Satoshi returns from the mountain top to move their coins, tens of billions worth of Bitcoin are at risk of being stolen by quantum attackers.

Add to that figure an additional 1.1 million to 2.1 million Bitcoin that Chainalysis estimates has been permanently lost, and around 13.2% to 18% of the total Bitcoin supply is extremely unlikely to migrate to post-quantum, with a question mark over up to 30% of the supply.

The community could decide to make the coins that don’t upgrade non-transferable, effectively burning them and setting their value to 0. Jameson Lopp co-authored the “radically different” QBIP that would follow three years after BIP-360. Phase A would prevent coins from being sent to quantum-vulnerable addresses. Phase B (five years later) would prevent funds in those addresses from ever being spent.

The idea has sparked outrage among those who value Bitcoin’s immutability as a store of value above all else, as an assault on private property rights.

Woo estimates there is a 75% chance the community will be unable to reach an agreement on such a difficult topic and will, by default, allow the coins to be stolen. Edwards agrees.

“If we do nothing, which is probably the default response, probably the most likely because it’s going to be super hard to get consensus on, then regardless of what upgrades and technology changes we do, 20% to 30% of all Bitcoin will be market dumped by a quantum hacker within 5 to 10 years.”

“I would expect at least a few years of, like, horrendous price action,” Capriole adds.

There is a more palatable compromise called Hourglass V2, which would enable the coins to be sold but limit the rate to one per block (roughly 144 per day). This would return the coins to the supply over a long period and minimize the impact.

Ethereum’s post-quantum team is developing a system that would freeze quantum-vulnerable coins and enable the rightful owners to recover them by proving they have the seed phrase via ZK proofs. Bitmex detailed a similar method for Bitcoin, and Lopp’s QBIP adds this as the optional Phase C.

However, this seems unlikely to work for the earliest Bitcoin addresses that predate seed phrases.

So what’s going to happen?

There is a range of practical, achievable options to make Bitcoin post-quantum, but serious efforts to implement them in time are unlikely while many leading Bitcoiners downplay the problem.

The Bitcoin community tends to favor cautious, incremental change, so the most effective solutions may be seen as too radical to implement.

BIP-360 is a cautious, relatively minor change that includes many of the elements required to gather sufficient support to be activated. But the most influential devs are yet to be convinced of its merits, and few have spoken publicly in favor of it.

Gaining consensus on anything more ambitious and far-reaching may require incontrovertible evidence of a quantum computing breakthrough. The danger is that, by then, it may be too late. 

Check out the first part of our Q Day series: Bitcoin may take 7 years to upgrade to post-quantum: BIP-360 co-author