{"id":72288,"date":"2026-02-13T12:31:33","date_gmt":"2026-02-13T12:31:33","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=72288"},"modified":"2026-02-13T12:31:33","modified_gmt":"2026-02-13T12:31:33","slug":"bitcoin-developers-kick-off-quantum-safety-track-with-bip-360","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=72288","title":{"rendered":"Bitcoin Developers Kick Off Quantum-Safety Track With BIP-360"},"content":{"rendered":"
\n

Bitcoin\u2019s quantum-security discussion<\/a> just gained a concrete new artifact in the code-and-spec pipeline: an updated draft of BIP-360 has been merged into the official Bitcoin Improvement Proposals repository, proposing a Taproot-adjacent output type designed to limit exposure to future quantum key-recovery attacks.<\/p>\n

The change matters less because it \u201csolves\u201d quantum risk today, and more because it formalizes a specific, opt-in path that preserves Taproot\u2019s script-tree functionality while removing the spending route considered most problematic under a quantum-threat model.<\/p>\n

Bitcoin Devs Make First Formal Quantum-Resistance Move<\/h2>\n

Anduro, a research-focused platform incubated by Marathon Digital (MARA), said<\/a> on X that the merged update \u201cintroduces Pay-to-Merkle-Root (P2MR), a proposed new output type that omits Taproot\u2019s quantum-vulnerable key-path spend while preserving compatibility with Tapscript and script trees.\u201d<\/p>\n

In BIP terms, the proposal is scoped as \u201cConsensus (soft fork)\u201d and defines P2MR as a new SegWit v2 output that commits directly to the Merkle root of a script tree, rather than to a tweaked public key as in Pay-to-Taproot (P2TR). The practical implication is straightforward: P2MR outputs can only be spent via script-path logic; the key-path spend is removed entirely.<\/p>\n

The BIP\u2019s abstract frames the goal in terms of minimizing changes while providing an option set for users who want additional protection:<\/p>\n

\u201cThis document proposes a new output type: Pay-to-Merkle-Root (P2MR), via a soft fork. P2MR outputs operate with nearly the same functionality as P2TR (Pay-to-Taproot) outputs, but with the key path spend removed.\u201d
\nIt adds that the intended protection is against \u201clong exposure attacks by Cryptographically Relevant Quantum Computers (CRQCs),\u201d as well as \u201cfuture cryptanalytic approaches that may compromise the elliptic curve cryptography<\/a> (ECC) used by Bitcoin.\u201d<\/p>\n

A key element of the BIP is definitional discipline: it distinguishes \u201clong exposure\u201d attacks (where public keys are available on-chain for extended periods) from \u201cshort exposure\u201d attacks, which would target public keys revealed briefly in the mempool during an unconfirmed spend.<\/p>\n

The document is explicit that P2MR is not a complete quantum shield. \u201cIt is worth noting that proposed P2MR outputs are only resistant to \u2018long exposure attacks\u2019 on elliptic curve cryptography; that is, attacks on keys exposed for time periods longer than needed to confirm a spending transaction,\u201d the BIP states.<\/p>\n

\u201cProtection against more sophisticated quantum attacks<\/a>, including protection against private key recovery from public keys exposed in the mempool while a transaction is waiting to be confirmed (a.k.a. \u2018short exposure attacks\u2019), may require the introduction of post-quantum signatures in Bitcoin.\u201d The authors add they \u201cintend to offer a separate proposal for this purpose upon further research.\u201d<\/p>\n

That split is also why the proposal emphasizes tapscript compatibility. It positions P2MR as a script-tree output type that could, if Bitcoin ever adopts post-quantum signature opcodes, provide a cleaner upgrade runway than older script mechanisms that don\u2019t support tapscript\u2019s evolution path.<\/p>\n

Anduro highlighted that the change is designed as a soft fork and \u201cdoes not affect existing Taproot<\/a> outputs.\u201d P2MR would be a new output type (with bech32m addresses starting with bc1z) rather than a retrofit of existing bc1p Taproot UTXOs.<\/p>\n

The proposal also doesn\u2019t pretend the swap is free. By removing key-path spends, P2MR gives up Taproot\u2019s most compact witness path (a single Schnorr signature). The BIP estimates that a minimal P2MR spend witness is 37 bytes larger than a Taproot key-path spend, though it can be smaller than an equivalent Taproot script-path spend because P2MR\u2019s control block omits an internal public key.<\/p>\n

Privacy shifts too. Because every spend is script-path, P2MR users necessarily reveal they are spending from a script tree\u2014something Taproot key-path spends can avoid signaling.<\/p>\n

Anduro said the update also \u201caddresses criticism about Bitcoin devs not taking the quantum threat seriously,\u201d and noted the addition of Isabel Foxen Duke as co-author to make the BIP clearer \u201cto the general public, not just the Bitcoin developer community.\u201d<\/p>\n

BIP-360 remains in \u201cDraft\u201d status. But its merge into the canonical repository is still a meaningful process marker: it moves the quantum-safety conversation from abstract worry and mailing-list hypotheticals toward a specific consensus change proposal that wallets, libraries, and reviewers can now analyze line-by-line.<\/p>\n

If the debate has a next phase, it\u2019s likely to center on whether \u201cprepared not scared\u201d opt-ins like P2MR are sufficient groundwork or whether Bitcoin will eventually need to grapple directly with post-quantum signatures and the operational realities of migrating value at scale.<\/p>\n

At press time, BTC traded at $66,558.<\/p>\n

\"Bitcoin<\/div>\n","protected":false},"excerpt":{"rendered":"

Bitcoin\u2019s quantum-security discussion just gained a concrete new artifact in the code-and-spec pipeline: an updated draft of BIP-360 has been merged into the official Bitcoin Improvement Proposals repository, proposing a Taproot-adjacent output type designed to limit exposure to future quantum key-recovery attacks. The change matters less because it \u201csolves\u201d quantum risk today, and more because […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-72288","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/72288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=72288"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/72288\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=72288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=72288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=72288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}