Bitcoin’s developer community must shift from research to production on a post-quantum signature scheme rather than waiting for certainty about quantum-computing hardware timelines, according to Alex Pruden, CEO of Project Eleven. Speaking at CoinDesk’s Consensus Miami conference on Wednesday, Pruden highlighted the growing urgency of protecting Bitcoin against future quantum threats, warning that the migration will be substantially harder than the Taproot upgrade and needs to start now.

The core of Pruden’s argument rests on what he calls an ‘asymmetry between acting on a post-quantum signature scheme today and waiting for certainty about quantum-computing hardware timelines.’ He pointed out that quantum computers, while not yet capable of breaking elliptic curve cryptography, are advancing rapidly. Bitcoin currently relies on the Elliptic Curve Digital Signature Algorithm (ECDSA), which is vulnerable to Shor’s algorithm. Once a sufficiently powerful quantum computer emerges, funds secured under existing addresses could be stolen instantly. The risk is not hypothetical; researchers at institutions like IBM, Google, and various national labs are making steady progress in qubit stability and error correction. The National Institute of Standards and Technology (NIST) has already selected several post-quantum cryptographic algorithms for standardization, signaling that the cryptographic community expects a transition within the next decade.

Pruden compared the coming migration to the Taproot upgrade, which took roughly five years from proposal to activation and remained entirely opt-in. Taproot brought benefits like improved privacy and lower transaction fees for multi-signature setups, but users who chose not to upgrade continued to operate without issue. The post-quantum transition, by contrast, will require every Bitcoin user, wallet, and exchange to participate in order to stay secure. ‘This is not an opt-in upgrade,’ Pruden said. ‘If you do not move your funds to a post-quantum address, your coins are at risk the moment a quantum computer capable of breaking ECDSA is turned on.’

He elaborated on the technical challenges. Bitcoin’s current address format uses a hash of a public key, which provides some protection because the public key is not revealed until a transaction is made. However, once a user spends from an address, the public key is exposed, and a quantum adversary could reverse-engineer the private key. That means all unspent transaction outputs (UTXOs) whose public keys are revealed—essentially any address that has ever been used to send or receive—become vulnerable. The only exception might be addresses that have never been spent from (i.e., unused public keys), but even those could be targeted if the quantum computer can break the hash function itself. Pruden noted that Bitcoin’s security model assumes that hash functions like SHA-256 are quantum-resilient to some degree, but the elliptic curve component remains the primary concern.

The scope of the migration is staggering. There are currently over 48 million UTXOs on the Bitcoin blockchain, each representing a potential risk. Every wallet software, hardware wallet, and exchange infrastructure must be updated to support new signature schemes, such as those based on hash-based cryptography, lattice-based cryptography, or multivariate cryptography. Achieving backwards compatibility without fracturing the network is a delicate engineering problem. Pruden stressed that the Bitcoin Improvement Proposal (BIP) process must begin now to define the new address formats, signature verification rules, and upgrade pathways. ‘Taproot was hard, but this is orders of magnitude more complex,’ he said.

Historical context underscores the difficulty. Bitcoin has undergone several major protocol upgrades: the introduction of Pay-to-Script-Hash (P2SH) in 2012, the segregated witness (SegWit) activation in 2017, and Taproot in 2021. Each required broad consensus among miners, developers, and users. SegWit faced a contentious fork resulting in Bitcoin Cash. Taproot achieved near-unanimous support because it was opt-in and backward-compatible. A post-quantum upgrade, however, may require a mandatory transition period where old addresses become unspendable after a certain block height, or a soft fork that retroactively requires all new transactions to use post-quantum signatures. Such a move could split the community, especially among those who prize immutability and individual choice over enforced security upgrades.

Pruden also addressed a controversial question: what to do with bitcoin held in quantum-vulnerable addresses if owners lose their keys or fail to migrate in time? Asked for his personal view, he said that recycling those dormant coins back into Bitcoin’s supply curve would put him ‘overall’ on the confiscation side, though he stressed the community and market would ultimately decide. This issue is not merely theoretical. A significant portion of Bitcoin’s total supply is believed to be inaccessible due to lost private keys. If quantum computers become capable of extracting keys from those addresses, the coins could be claimed by anyone running the attack. The debate between ‘confiscation’—where the network invalidates such coins—versus ‘bounty’—where finders keep the coins—mirrors earlier discussions about Bitcoin’s response to cryptographic breakthroughs. Some argue that confiscation protects the integrity of the supply cap; others contend that it violates the principle of censorship-resistance. Pruden’s comments suggest that the community must grapple with this dilemma sooner rather than later, as the longer it waits, the more coins become exposed.

The timeline for quantum computers remains uncertain. Optimistic projections from companies like IBM and Google suggest that fault-tolerant quantum computers with thousands of logical qubits could appear within 10 to 15 years. However, most cryptographers advise preparing for the eventuality rather than betting on delays. Bitcoin’s slower upgrade process means that lead times of 5 to 10 years are necessary to design, test, and deploy new signature schemes. Pruden argued that waiting for a ‘proven’ quantum threat is akin to building a flood wall only after the water rises. He called for immediate action: a working group focused on post-quantum cryptography, a set of BIPs for new address formats (e.g., using the Lamport signature or a hash-based scheme like SPHINCS+), and a roadmap for mandatory migration within the next cycle.

Other industry voices echo this urgency. Researchers from the Quantum Computing Institute at the University of Texas have proposed a hybrid approach where transactions include both ECDSA and post-quantum signatures during a transition period. This would allow gradual adoption while maintaining compatibility. However, such hybrid modes increase transaction size and computational load, which could raise fees and slow block propagation. Bitcoin’s block size limit of 1 MB (or 4 MB in weight units with SegWit) would need careful engineering to accommodate larger signatures. For instance, a single SPHINCS+ signature can be several kilobytes, compared to 64 bytes for ECDSA. Simple multiplication suggests that post-quantum transactions could consume 10 times more block space, leading to higher fees during peak demand.

Pruden also addressed the role of hardware wallets. Companies like Ledger, Trezor, and Coldcard would need to update their firmware to generate post-quantum addresses and sign transactions using new algorithms. This is not trivial; secure elements and microcontrollers have limited memory and processing power. Some hardware wallets may not support the new algorithms at all, forcing users to upgrade their devices. The same applies to mobile wallets and desktop clients. Pruden emphasized that the user experience must be seamless to avoid widespread confusion and mistakes. He pointed to the success of SegWit adoption, which was facilitated by wallet updates that made the transition near-invisible to end users.

The conversation at Consensus Miami also touched on the broader implications for cryptocurrency regulation. If quantum computers become a credible threat, governments might mandate that exchanges and custodians move funds to post-quantum addresses to protect consumer assets. That could accelerate adoption but also raise centralization concerns. Pruden noted that Bitcoin’s decentralized nature makes forced upgrades challenging, but not impossible. He pointed to the example of the 2016 Ethereum DAO hard fork, which showed that a contentious fork can succeed when security is paramount. ‘The market will ultimately decide what is acceptable,’ he said. ‘But if we wait too long, the decision may be made for us by an adversary who breaks into coins before we can protect them.’

In summary, the key facts from Pruden’s address are clear: Bitcoin faces an existential risk from quantum computing that requires immediate preparation. The migration will be harder than any previous upgrade because participation is not optional. The debate over dormant coins is unresolved and needs community input. The time for research is over; production-ready code must be developed and tested. As Pruden concluded, ‘We have the opportunity to do this right, but only if we start now.’

Source: Coindesk News