Bitcoin’s Quantum Problem Is Really a Governance Crisis in Disguise: UTXO

Bitcoin Magazine

Bitcoin developers have a solution to quantum computing threats. The harder question is whether the network can agree on one in time. The quantum computing threat to Bitcoin is not primarily a technical problem — it is a political one.

Those are the central arguments of a new commentary published by Guillaume Girard, a venture associate at UTXO Management, the Bitcoin-focused investment firm and subsidiary of Nakamoto Inc. In a piece titled “Bitcoin and the Quantum Threat: A Non-Technical Guide,” Girard argues that while a cryptographically relevant quantum computer (CRQC) does not yet exist and may never reach the threshold required to break Bitcoin’s encryption, the community must act now — because the governance process that governs any protocol change moves at the pace of a state legislature.

Bitcoin’s security rests on elliptic curve cryptography, which protects the private keys that control wallet access. A sufficiently powerful quantum computer running Shor’s algorithm could derive a private key from an exposed public key, enabling theft at scale. Google’s Quantum AI team published research in March indicating that a machine with fewer than 500,000 physical qubits — far below earlier estimates of 10 million — could potentially break this encryption, with Google’s own internal target for post-quantum readiness set at 2029. Approximately 1.7 million BTC currently sit in legacy Pay-to-Public-Key (P2PK) addresses where public keys are permanently exposed on-chain, making them the most vulnerable targets.

A quantum solution is on the table for Bitcoin

Bitcoin Improvement Proposal 360 (BIP-360), authored by developer Hunter Beast, introduces a new output type called Pay-to-Merkle-Root (P2MR) that removes public key exposure from standard transactions. The proposal has been merged into Bitcoin’s development repository and is under active review.

A companion proposal, BIP-361, authored by Jameson Lopp, maps a three-phase migration away from vulnerable signature schemes, though Phase B of that plan could freeze coins in wallets that fail to migrate within a five-year window.

A separate proposal called Hourglass would allow quantum attackers to move stolen coins only in limited batches — potentially one BTC per block — throttling the economic damage and transferring fee revenue to miners.

The harder problem involves coins that cannot migrate: lost wallets, inactive holders, and an estimated 1.1 million BTC attributed to Satoshi Nakamoto. Girard identifies two candidate solutions, each with serious drawbacks.

The first would burn coins in quantum-vulnerable addresses after a deadline — an effective fix that critics say sets a dangerous censorship precedent for a protocol built on neutrality. The second, Hourglass, accepts that theft will occur but restricts the flow of stolen coins to dampen th