Leading Cryptographers Urge Bitcoin Planning for Post-Quantum Signatures Amid Disagreement Over Vulnerable Coins
Table of Contents
You might want to know
1. How immediate is the quantum threat to Bitcoin, and which coins are most exposed?
2. If some bitcoins are at risk, should the community render them permanently unspendable or preserve absolute ownership rights?
Main Topic
A Coinbase-convened advisory council of prominent cryptographers has published guidance on how the Bitcoin community should prepare for the possibility of quantum computers that can break current signature schemes. The council's membership includes well-known researchers from academia and the industry. Their principal conclusion is that quantum computers are not an immediate threat to Bitcoin today, and there is no reliable timeline for when capable quantum machines will exist. Nevertheless, they emphasize that planning and engineering work to support post-quantum signatures should begin now rather than waiting for a predicted arrival date.
The council highlights that the risk is concentrated: a nontrivial portion of Bitcoin's supply is particularly vulnerable because of how those coins are stored. Roughly 1.7 million BTC are locked in early addresses that publish public keys directly on-chain (pay-to-public-key formats). These addresses are believed to include coins associated with Bitcoin's pseudonymous creator and other early holders who likely lost access to their keys. Because those keys are lost, those coins cannot be migrated preemptively to quantum-resistant addresses. In addition, research groups estimate several million more bitcoin are exposed due to address reuse, a common operational practice in custodial wallets and exchanges.
The technical migration to quantum-resistant signature schemes is relatively straightforward in concept: new signature algorithms that are believed to resist quantum attacks can be introduced and supported in Bitcoin's software and wallets. The council stresses that the engineering effort to implement and test post-quantum signature support is an independent task from any political decision about how to treat unmigrated, potentially abandoned coins. In short, the technology work should start now regardless of how the governance debate plays out.
The most contentious issue is what to do about coins that cannot be moved today. One viewpoint argues for a hard cutoff or deadline after which current signature schemes like ECDSA and Schnorr would no longer be accepted. Under that approach, any coins left unmigrated by the deadline would become unspendable, preventing a future powerful adversary from sweeping those outputs and destabilizing the network or its market. Proponents of this view frame it as protecting the overall system from catastrophic exploitation.
Opposing this position are those who view any forced disabling of spending as tantamount to confiscation. They contend it violates the fundamental Bitcoin principle of strong property rights and financial sovereignty. That side warns that establishing a mechanism to freeze or invalidate certain outputs could set a precedent for future coercive actions, including state-ordered seizures or restrictions on funds.
Between these poles multiple technical and governance proposals have been advanced. Examples include proposals that limit how many vulnerable coins can be spent per block to avoid a sudden flood of supply, schemes to allow post-deadline proofs of prior ownership without revealing private keys, and timestamped commitments enabling later migration without exposing secrets today. The council notes these proposals are not mutually exclusive and could be combined into a layered strategy that balances safety, fairness, and decentralization.
The council explicitly declines to pick a winner among governance options. It states there is no single correct answer to the abandoned-coins question and that resolution belongs to the Bitcoin community through its usual processes. The council commits to two clear recommendations: first, begin the technical engineering and migration planning for post-quantum signatures immediately; second, communicate clearly with users so uncertainty does not compound risk. Clear guidance and visible technical progress, they argue, reduce the chance that ambiguity itself becomes a security and trust problem.
The council's approach reflects an attempt to separate technical readiness from the normative governance decision about ownership and policy. By urging engineers, wallet providers, and node implementers to work on upgrade paths now, they aim to ensure the network has robust options available when the community is ready to decide the political questions. Meanwhile, the council emphasizes transparency and timely communication so users and custodians can make informed choices and reduce exposure where possible.
Key Insights Table
| Aspect | Description |
|---|---|
| Key Fact 1 | Quantum computers are not an immediate threat, but planning for post-quantum signatures should start now. |
| Key Fact 2 | About 1.7 million BTC in early addresses are especially vulnerable; several million more are exposed via address reuse. |
Afterwards...
Looking forward, the community and industry should pursue three interconnected tracks. First, accelerate engineering and interoperability work to implement and test post-quantum signature algorithms across wallets, exchanges, and client software. This includes well-documented migration paths, extensive testing on testnets, and clear wallet UX so users can migrate safely.
Second, continue rigorous cryptographic research and conservative algorithm selection. Post-quantum cryptography is an active field; standardization and careful benchmarking against realistic threat models will reduce the risk of adopting immature or broken schemes. Collaboration with standards bodies and open peer review remain essential.
Third, develop governance frameworks and community processes to address the normative question of abandoned or unmigrated coins. This means broad, transparent dialogue among developers, miners, exchanges, custodians, and users so any chosen approach aligns with Bitcoin's values while managing systemic risk. Subtle emphasis on clear communication will be crucial: uncertainty increases both technical and social risk.
In sum, while top cryptographers disagree on the governance answer, they converge on an urgent technical message: start preparing now. That dual pathway — timely engineering action together with thoughtful community deliberation — offers the best chance to preserve Bitcoin's security and trust in a future where quantum capabilities may change the threat landscape.