Dubbed the "Post Quantum Migration and Legacy Signature Sunset," the proposal would stop users from sending Bitcoin to older address types vulnerable to quantum attacks, and ultimately disable the cryptographic methods the network has relied on to verify transactions since its creation.
BIP 361: "Post Quantum Migration and Legacy Signature Sunset" has been published.
Security costsBitcoin has historically treated a valid signature as “sufficient proof of control,” regardless of how old the coin or key is, Leo Fan, founder of decentralized compute network Cysic, told Decrypt.
BIP-361 would change that by treating "timely migration as part of maintaining ownership.”
The new proposal “shifts quantum risk from 'maybe I get robbed later' to 'if I miss the deadline, I may lose access by consensus,'" Fan said, adding that the proposal amounts to "making Bitcoin more interventionist" in order to prevent vulnerable coins from becoming "loot for the first entity with a working quantum computer."
But not everyone agrees the tradeoff is warranted.
Frederic Fosco, co-founder of Bitcoin metaprotocol OP_NET, told Decrypt the proposal appears to turn Bitcoin's founding promise on its head.
A protocol-enforced freeze "is confiscation, full stop," Fosco said, arguing the proposal rewrites "not your keys, not your coins" into "your keys, but we froze your coins anyway."
"The second you cross that line, you've built a system that can freeze any coins for any reason deemed important enough by whoever controls the next soft fork," he said. "Today it's quantum. Tomorrow it's sanctions compliance."
If adopted, BIP-361 would effectively mean that any coins still secured solely by ECDSA signatures, the default method Bitcoin uses to prove a transaction was authorized by the rightful owner, would be "forfeited," Chris Peikert, core researcher at cryptography firm Fhenix Research, told Decrypt.
"For Bitcoin there is no option other than a protocol hard change/fork in order to stop funds from being withdrawn from accounts with exposed public ECDSA keys," Peikert noted.
Still, a contested upgrade could also fracture the network.
An unprotected chain's price “collapses the moment someone demonstrates a single quantum theft, because it proves every exposed address is now fair game," Enrico Rubboli, founder of layer-2 sidechain Mintlayer, told Decrypt.
Bitcoin's decentralized governance is “a strength in normal times and a weakness when you're racing a clock," Rubboli said, adding that voluntary migration without a hard deadline "only works if you assume the threat arrives on a schedule. It won't.”
