Charts
DataOn-chain
VIP
Market Cap
API
Rankings
CoinOSNew
CoinClaw🦞
Language
  • 简体中文
  • 繁体中文
  • English
Leader in global market data applications, committed to providing valuable information more efficiently.

Features

  • Real-time Data
  • Special Features
  • AI Grid

Services

  • News
  • Open Data(API)
  • Institutional Services

Downloads

  • Desktop
  • Android
  • iOS

Contact Us

  • Chat Room
  • Business Email
  • Official Email
  • Official Verification

Join Community

  • Telegram
  • Twitter
  • Discord

© Copyright 2013-2026. All rights reserved.

简体繁體English
|Legacy

BIP-360 Interpretation: The First Step Toward the Post-Quantum Era

CN
Odaily星球日报
Follow
1 hour ago
AI summarizes in 5 seconds.

Original Author: @Cointelegraph

Original Translation: AididiaoJP, Foresight News

This article explains how BIP-360 reshapes Bitcoin's quantum defense strategy, analyzes its improvements, and discusses why it has not yet achieved comprehensive post-quantum security.

Key Points

  • BIP-360 formally incorporates quantum resistance into Bitcoin's development roadmap for the first time, marking a cautious and incremental technological evolution rather than a dramatic overhaul of the cryptographic system.
  • Quantum risks primarily threaten exposed public keys rather than the SHA-256 hash algorithm used by Bitcoin. Therefore, reducing public key exposure has become the core security issue that developers are focused on solving.
  • BIP-360 introduces Payment to Merkle Root (P2MR) scripts by removing the key path spending options in the Taproot upgrade, mandating that all UTXO spending must occur via script paths, thereby minimizing the exposure risk of the elliptic curve public key.
  • P2MR retains the flexibility of smart contracts, still supporting multi-signature, time locks, and complex custodial structures through Tapscript Merkle trees.

Bitcoin's design philosophy enables it to withstand severe economic, political, and technological challenges. As of March 10, 2026, its development team is working to address an emerging technological threat: quantum computing.

The recently released Bitcoin Improvement Proposal 360 (BIP-360) formally includes quantum resistance in Bitcoin's long-term technical roadmap for the first time. Although some media reports tend to describe it as a major transformation, the actual situation is more cautious and gradual.

This article will deeply explore how BIP-360 reduces Bitcoin's quantum risk exposure by introducing Payment to Merkle Root (P2MR) scripts and removing the key path spending functionality from Taproot. It aims to clarify the improvements of the proposal, the trade-offs involved, and why it has not yet enabled Bitcoin to achieve complete post-quantum security.

Sources of Threat from Quantum Computing to Bitcoin

The security of Bitcoin is based on cryptographic principles, primarily including the Elliptic Curve Digital Signature Algorithm (ECDSA) and Schnorr signatures introduced through the Taproot upgrade. Traditional computers cannot feasibly derive private keys from public keys within a practical timeframe. However, a sufficiently capable quantum computer running Shor's algorithm could potentially break the elliptic curve discrete logarithm problem, thus endangering the security of private keys.

The key distinctions are as follows:

  • Quantum attacks primarily threaten public key cryptosystems rather than hash functions. The SHA-256 algorithm used by Bitcoin is relatively robust against quantum computing. Grover's algorithm can only provide quadratic speedup, not exponential.
  • The real risk lies in the moment when public keys are exposed on the blockchain.

Based on this, the community generally views public key exposure as the main source of quantum risk.

Potential Vulnerabilities of Bitcoin in 2026

The various types of addresses in the Bitcoin network face different levels of future quantum threats:

  • Reused addresses: When funds from this address are spent, its public key becomes exposed on-chain, and once a cryptographically relevant quantum computer (CRQC) emerges, that public key will be at risk.
  • Legacy payments to public keys (P2PK) outputs: Early Bitcoin transactions directly embedded public keys into transaction outputs.
  • Taproot key path spending: The Taproot upgrade (2021) provided two types of spending paths: one is a simple key path (which exposes an adjusted public key when spent), and the other is a script path (which exposes the specific script through Merkle proof). Among these, the key path is the most significant theoretical weakness under quantum attack.

BIP-360 is directly designed to address the issue of key path exposure.

The Core of BIP-360: Introducing P2MR

The BIP-360 proposal introduces a new output type called Payment to Merkle Root (P2MR). This type structurally draws on Taproot but makes a critical change: it completely removes the key path spending option.

Unlike Taproot, which promises an internal public key, P2MR only commits to the Merkle root of the script tree. The process of spending a P2MR output is as follows:

Reveal a leaf script in the script tree.

Provide a Merkle proof to confirm that the leaf script belongs to the committed Merkle root.

Throughout this process, there is no public key-based spending path.

The direct impacts of removing the key path spending include:

  • Avoiding the exposure of public keys through direct signature verification.
  • All spending paths rely on hash-based commitments that offer stronger quantum resistance.
  • The number of elliptic curve public keys permanently residing on-chain will significantly decrease.
  • Compared to solutions relying on elliptic curve assumptions, hash-based methods demonstrate significant advantages in resisting quantum attacks, thus greatly reducing the potential attack surface.

Functions Retained by BIP-360

A common misconception is that abandoning key path spending would weaken Bitcoin's smart contract or script functionality. In fact, P2MR fully supports the following features:

  • Multi-signature configurations
  • Time locks
  • Conditional payments
  • Asset inheritance schemes
  • Advanced custodial arrangements

BIP-360 achieves all these functions through Tapscript Merkle trees. This scheme preserves full scripting capabilities while discarding the convenient but potentially risky direct signature path.

Background knowledge: Satoshi briefly mentioned quantum computing in early forum discussions, suggesting that if it became a reality, Bitcoin could migrate to stronger signature schemes. This indicates that reserving flexibility for future upgrades is part of its initial design philosophy.

The Practical Impact of BIP-360

While BIP-360 may seem like a purely technical improvement, its impact will broadly affect wallets, exchanges, and custodial services. If the proposal is adopted, it will gradually reshape the creation, spending, and storage of new Bitcoin outputs, particularly having a profound impact on users who prioritize long-term quantum resistance.

  • Wallet support: Wallet applications may offer optional P2MR addresses (possibly starting with "bc1z") as a "quantum-hardened" option for users to receive new coins or store long-term holdings.
  • Transaction fees: Because using script paths will introduce more witness data, P2MR transactions may incur slightly higher fees compared to Taproot key path spending, reflecting the trade-offs made between security and transaction compactness.
  • Ecological collaboration: Full deployment of P2MR will require relevant updates from wallets, exchanges, custodians, and hardware wallets. Related planning and coordination work should start several years in advance.

Background knowledge: Governments worldwide have begun to pay attention to the risks of "collecting first, decrypting later," i.e., collecting and storing vast amounts of encrypted data now to crack it once quantum computers become available in the future. This strategy echoes concerns regarding the exposure of Bitcoin's public keys.

Certain Limitations of BIP-360

Although BIP-360 enhances Bitcoin's defensive capability against future quantum threats, it does not represent a complete reconstruction of the cryptographic system. Understanding its limitations is equally crucial:

  • Existing assets do not automatically upgrade: All old unspent transaction outputs (UTXO) remain vulnerable until users actively transfer funds to P2MR outputs. Thus, the migration process entirely depends on individual user behavior.
  • No introduction of new post-quantum signatures: BIP-360 does not adopt lattice-based signature schemes (like Dilithium or ML-DSA) or hash-based signature schemes (like SPHINCS+) to replace existing ECDSA or Schnorr signatures. It only removes the exposure pattern introduced by Taproot key paths. Transitioning to post-quantum signatures at the foundational layer will require much larger-scale protocol changes.
  • No absolute quantum immunity can be provided: Even if a practical CRQC suddenly emerges in the future, resisting its impact will still necessitate large-scale and high-intensity collaborations among miners, nodes, exchanges, and custodial institutions. Long-dormant "sleeping coins" may pose complex governance challenges and exert immense pressure on the network.

Motivations Behind Developers' Proactive Layout

The technological development path of quantum computing is rife with uncertainty. Some viewpoints suggest that its practical application is still decades away, while others point to advances like IBM's fault-tolerant quantum computer goals by the late 2020s, Google's breakthroughs in quantum chips, Microsoft's research on topological quantum computing, and the U.S. government establishing a transition deadline for cryptographic systems between 2030-2035, indicating that relevant progress is accelerating.

The migration of critical infrastructure requires lengthy time cycles. Bitcoin developers emphasize the necessity of systematic planning across all aspects from BIP design, software implementation, infrastructure adaptation to user adoption. Waiting until the quantum threat approaches could leave them reactive due to insufficient time.

If the community reaches a broad consensus, BIP-360 may advance through phased soft forks:

  • Activate the new P2MR output type.
  • Wallets, exchanges, and custodians gradually increase support for it.
  • Users progressively migrate assets to new addresses over several years.

This process is similar to the path experienced by SegWit and Taproot upgrades, transitioning from optional to widespread application.

Extensive Discussions Surrounding BIP-360

There are ongoing discussions within the community regarding the urgency of implementing BIP-360 and its potential costs. Core issues include:

  • Is the slight fee increase acceptable for long-term holders?
  • Should institutional users lead the asset migration to set an example?
  • How should "sleeping" bitcoins, which will never be moved, be properly handled?
  • How should wallet applications accurately convey the concept of "quantum safety" to users without inducing unnecessary panic while providing effective information?

These discussions are still ongoing. The introduction of BIP-360 has significantly propelled deeper exploration of these related topics, but it is far from resolving all issues.

Background knowledge: The theoretical notion that quantum computers could break current cryptography traces back to 1994 when mathematician Peter Shor proposed Shor's algorithm, which predates the emergence of Bitcoin. Therefore, Bitcoin's planning against future quantum threats essentially responds to a theoretical breakthrough already over three decades old.

Measures Users Can Currently Take

Currently, the quantum threat is not imminent, and users need not overly worry. However, taking some prudent measures is beneficial:

  • Adhere to the principle of not reusing addresses.
  • Always use the latest version of wallet software.
  • Stay informed about updates related to Bitcoin protocol enhancements.
  • Observe when wallet applications begin to support P2MR address types.
  • Users holding substantial amounts of Bitcoin should quietly assess their risk exposure and consider developing corresponding contingency plans.

BIP-360: The First Step Toward the Post-Quantum Era

BIP-360 marks the first concrete step towards reducing quantum risk exposure at the protocol level for Bitcoin. It redefines the creation method of new outputs, minimizing the accidental leakage of public keys and laying the groundwork for future long-term migration planning.

It will not automatically upgrade existing Bitcoins, retains the current signature system, and highlights the fact that achieving true quantum resistance requires a cautious, coordinated, and ongoing effort across the entire ecosystem. This relies on long-term engineering practice and phased community adoption rather than a single BIP proposal achieving it all at once.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

原油波动这么大,现在交易竟然0手续费
广告
|
|
APP
Windows
Mac
Share To

X

Telegram

Facebook

Reddit

CopyLink

|
|
APP
Windows
Mac
Share To

X

Telegram

Facebook

Reddit

CopyLink

Selected Articles by Odaily星球日报

7 hours ago
Kyle Samani is back again: This time, we are going to eliminate CEX in terms of efficiency!
7 hours ago
Trading all things, never stopping: RWA perpetual contracts - DeFi devours the last piece of the Wall Street puzzle (Part Two)
7 hours ago
After law enforcement agencies in the UK and the US seize cryptocurrency assets, the return rate to the original owner is approximately 0.
View More

Table of Contents

|
|
APP
Windows
Mac
Share To

X

Telegram

Facebook

Reddit

CopyLink

Related Articles

avatar
avatarTechub News
59 minutes ago
Why do real large-scale cryptocurrency payments ultimately move towards multi-license collaboration?
avatar
avatarTechub News
1 hour ago
Why is cryptocurrency said to be the bank of artificial intelligence agents?
avatar
avatarTechub News
1 hour ago
Developer Harbor: New Opportunities for Hong Kong in the AI Era (Beijing Station) Successfully Concludes · Together We Start the New Journey of Alpha Builders
avatar
avatarTechub News
2 hours ago
Circle after 9 months of going public: from a cryptocurrency company to financial infrastructure.
APP
Windows
Mac

X

Telegram

Facebook

Reddit

CopyLink