The Bitcoin discussion on quantum computers released a draft proposal with real political implications on April 14th.
Bitcoin Improvement Proposal 361 (BIP 361), titled “Post-Quantum Transition and Legacy Signature Sunset,” has been posted to Bitcoin’s official proposal repository with a three-step plan to completely phase out ECDSA and Schnorr signature spending once quantum-resistant output types exist on the network.
This proposal is directly based on BIP 360, which was published in February. BIP 360 introduces a new address format called Pay-to-Merkle-Root (P2MR) that eliminates Taproot’s quantum-vulnerable key pass spend. This proposal also maintained compatibility with Lightning, BitVM, and multi-signature configurations.
Together, the two drafts constitute the clearest governance posture Bitcoin has taken to date regarding the quantum transition.
What sets this moment apart is that external calendars are hardening around this moment, as NIST finalizes FIPS 203, 204, and 205 in August 2024, urging organizations to begin migrating immediately.
The UK’s NCSC has set immigration milestones for 2028, 2031 and 2035, while the US federal agency faces a quantum transition target of 2035.
Transition deadlines are already set on the calendars of governments, banks, and national cyber agencies, and blockchain is a latecomer to that discussion.
Bitcoin coercion logic
What differentiates BIP 361 from previous Bitcoin post-quantum (PQ) discussions is its intentional coerciveness.
Phase A blocks new submissions to vulnerable address formats three years after activation of a quantum-resistant address type. In Phase B, two years later, ECDSA will be disabled and Schnorr will spend from quantum-fragile UTXOs at the consensus layer. Coins that are not transferred will be frozen.
A possible Phase C would allow frozen coin holders to prove ownership through a zero-knowledge proof linked to a BIP-39 seed phrase and recover their funds through a later recovery mechanism.
The proposal’s authors, including Casa’s Jameson Ropp, frame it as a defense. As of March 1, more than 34% of all Bitcoins resided in addresses whose public keys were already publicly available on-chain, making these coins theoretically readable by quantum machines running Scholl’s algorithm.
Google researchers estimate in a recent study that a sufficiently powerful quantum computer could crack Bitcoin’s private key in about nine minutes, and one analysis cited 2029 as a plausible outer world for cryptographically relevant machines.
Rebuttals quickly reached the mailing list.
Bitcoin developer and Lightning Network co-author Tadge Dreijer said the plan is unfeasible in its current form because it combines the activation of quantum-resistant outputs with the deactivation of elliptic curve outputs.
Dryja argued that the association could pre-emptively destroy a coin and actually depends on the definition of “quantum vulnerable UTXO” which is still being debated.
The BIPs repository only certifies that a proposal meets formal editorial standards, and explicitly states that community approval and activation timing are separate decisions.
BIP 360 is already running on Bitcoin’s quantum testnet and was deployed by BTQ Technologies in early 2026. BIP 361 co-author Ethan Heilman estimates that Bitcoin’s complete transition to quantum resilience will take seven years from the consensus date.
Tron iPad entry
Justin Sun has published his own manifesto on post-quantum resistance.
In a post to
“While Bitcoin debates whether to freeze vulnerable coins and Ethereum establishes a research committee, Tron continues to build,” Sun wrote. He added that a technical roadmap “will be published soon.”
Tron holds approximately $86.7 billion in stablecoins, approximately 97.78% of which is USDT, along with a total of approximately $5.1 billion locked in DeFi.
Post-quantum readiness for chains of this scale becomes a matter of storage and payment infrastructure. The networks, exchanges, and custodians that move dollar liquidity through Tron have operational keys, administrative paths, and bridging mechanisms that are the first priority for quantum attackers targeting high-value addresses.
Tron’s current public stance is a compressed narrative consisting of definitive language and competitive positioning regarding scheme selection, migration models, wallet compatibility plans, and activation paths necessary to validate what “first major public blockchain” actually means.
| category | Bitcoin | tron | Ethereum |
|---|---|---|---|
| governance style | open, adversarial, consensus-driven | Executive-led, founder-led messaging | Open, layered, research-driven |
| Today’s release status | BIP 361 has been published as a draft in the official repository. BIP 360 is already live | An initiative announced by Justin Sun. Roadmap still pending | The official PQ portal is now live. Active roadmap and development net |
| Core migration model | Phasing out legacy signatures after PQ output exists | So far unpublished. Sun announces NIST standardized PQ signatures on mainnet | Gradual migration with account abstraction, precompilation, and subsequent consensus changes |
| Main policy logic | Forced transition with future restrictions and eventual deactivation of vulnerable spending | Insist on speed and decisiveness before explaining all the technical details | Build crypto agility and avoid disruptive flag days |
| What users may encounter | New submissions to vulnerable formats will be blocked and legacy coins will be frozen later if not migrated. | Unclear until roadmap: Optional, hybrid, or mandatory migration not yet specified | Wallet and account upgrades are not a one-time event, but happen over time |
| what has already been officially established | Possible Phase A/Phase B/Phase C. Definitions of vulnerable UTXOs discussed | Narrative arguments, competitive frameworks, and “roadmap coming soon” | Execution layer, consensus layer, and data layer approach. weekly interoperability development net |
| What’s still missing | Final definition of consensus, activation path, and quantum vulnerability output | Scheme selection, migration models, wallet compatibility plans, activation paths | Single fixed transition date or standalone flagship PQ proposal |
| Main risks/trade-offs | Protects the network, but there is a risk that coins may become frozen or stuck | Although operational details have not yet been released, it sends a strong message. | Allows for flexible migration, but reduces pressure to adjust to a fixed schedule |
| Key infrastructure at risk | Legacy UTXO with public key exposed | Stablecoin payment rails, custody, management keys, bridges | EOA, bridges, validator keys, and execution layer migration |
| Best one-line summary | Certainty requires a deadline | Speed is a commodity | Safety requires agility |
Related NIST standards such as ML-DSA, FN-DSA, and SLH-DSA have different trade-offs in signature size, verification speed, and implementation complexity, making choosing between them an important technical decision.
Ethereum multi-tier betting
Ethereum is structurally the opposite of Bitcoin’s forced expiry.
The Ethereum Foundation launched pq.ethereum.org in March 2026 as a hub for post-quantum research, roadmaps, and open source repositories, with over 10 client teams running post-quantum interoperability development nets weekly.
The roadmap spans three tiers. At the execution layer, the native account abstraction defined in EIP-7701 and EIP-8141 includes a migration path from ECDSA, allowing users to switch to quantum-secure authentication via smart accounts without requiring a full protocol cutover.
At the consensus layer, BLS signatures will eventually be replaced by a hash-based alternative based on the leanSig scheme. The leanSig scheme combines XMSS-style quantum resilience with STARK-based aggregation to offset the size and performance costs of post-quantum primitives.
The Foundation’s own assessments place core L1 protocol upgrades around 2029, with full execution layer migration occurring beyond that date.
Ethereum’s February 2026 Protocol Priorities post clarifies the intersection, with native account abstraction providing a natural migration path from ECDSA-based authentication, and developers working on complementary EIPs to make quantum-resistant signature verification on EVM cheaper.
Ethereum has an official roadmap and an active engineering track, with Gramsterdam targeting early 2026, but there is no standalone quantum proposal introducing a fixed transition date.
Two futures for migration
In the case of bulls, it is carried out by cryptographic agility.
If the threat is sufficiently remote and NIST estimates that full integration could take 10 to 20 years after standardization supports that reading, the chain could migrate without emergency powers.
Bitcoin’s sunset logic either narrows down to the most clearly exposed outputs or evolves into a softer incentive structure.
Tron will finally publish a roadmap naming its scheme and migration model, and the market will reward systems that make migration boring. This means that smart accounts, precompilation, key rotation, and wallet updates are gradual enough that no user wakes up locked out.
Ethereum’s own team has stated that the L1 protocol upgrade could be completed around 2029, which is the most clearly publicized schedule of the major chains participating in this race.
| scenario | Bitcoin | tron | Ethereum |
|---|---|---|---|
| Bullish case: long runway, orderly movement | Sunset logic softens or narrows to the clearest exposure output. Immigration will happen before the politics of emergency take over | TRON publishes a reliable roadmap, names the scheme and turns speed of execution into business execution | Account abstraction, precompilation, and gradual upgrades make migration progressively tedious |
| What wins in this scenario? | Clear incentives, plus enough time for wallets and custodians to adapt | Rapid coordination across wallets, exchanges, and stablecoin infrastructure | Achieve encryption agility across layers without disruptive flag days |
| For bears: selective attacks arrive early. | The pressure will fall first on exposed coins and high-value legacy coins. Governance struggles over freezes occur before consensus is formed | Stablecoin Rail Convergence Turns Custodial Keys, Administrative Paths, and Bridges into Primary Targets | EOA, bridge, and validator keys are the first pressure points |
| What breaks in this scenario? | The political legitimacy of freezing and stealing coins | If there is no published runbook, the narrative advantage is lost | Divergent roadmaps look slow when markets suddenly demand tight schedules |
| conclusion | The most direct defense, but also the most intimidating. | Fastest rhetoric, but proof depends on roadmap details | Most complete migration architecture, but no enforcement date yet |
The bearish case begins with Ethereum’s own portal drawing the line, with early quantum machines potentially targeting a small number of high-value keys.
Bitcoin would face its toughest political test under that scenario, as BIP 361 has already exposed more than 34% of on-chain BTC, and a selective attack on Satoshi-era coins or P2PK coins would force governance issues before consensus can be formed.
Ethereum’s exposures center around externally owned accounts, bridges, and validation keys, the very places that well-resourced attackers would first seek to exploit.
The centralization of Tron as a USDT rail means that management and administrative key migration will be the first to be scrutinized, and a narrative effort without a published technology roadmap will not provide operational protection under such conditions.
who decides
Bitcoin argues that certainty requires deadlines, Ethereum argues that security requires agility, and Tron argues that speed is a product. Both of these positions are clearly wrong.
Mandatory Bitcoin deadlines force migration, but there is a risk that coins whose owners cannot be contacted will be left stranded.
Ethereum’s multi-layered approach spreads the pain of migration over years, but lacks a single focus to align wallets, custodians, and exchanges on the same schedule.
Tron’s management’s speed may turn out to be real, or it may turn out to be another well-timed announcement waiting for the second act.
The real race to see which governance model can move users, infrastructure, and hundreds of billions of assets before the quantum adversary picks the weakest node will belong to whoever has the runbook when the window closes.
(Tag translation) Bitcoin
