Insights from the Quantum Bitcoin Summit
Timelines, Threat Models, and Migration Strategies for a Quantum-Resilient Bitcoin
On July 17 - 18, 2025, the Quantum Bitcoin Summit convened at Presidio Bitcoin’s restored post‑armory hall overlooking the Golden Gate. Eighty handpicked attendees - researchers, developers, industry leaders, and policy analysts - gathered for 36 hours of presentations and discussion. Their shared objective: map the realistic timeline, threat surface, and mitigation pathways for quantum computing’s impact on Bitcoin.
This challenge stems from Bitcoin’s reliance on ECDSA and Schnorr signatures, both of which become vulnerable as quantum computing advances toward fault-tolerant quantum computing (FTQC). In particular, algorithms like Shor’s could render these signature schemes obsolete by making private keys easily derivable from exposed public keys. To preserve its cryptographic integrity and economic assurances in a post-quantum future, Bitcoin must define migration strategies well in advance of any real-world threat. This summit marked one of the first sustained, multidisciplinary efforts to assess Bitcoin’s resilience and readiness for an era of cryptographically relevant quantum computers (CRQCs).
Rather than converging on a single roadmap, the summit surfaced a constellation of proposals, some incremental, others radical, but contending with the same underlying tension: whether, and how, to adapt Bitcoin’s architecture in anticipation of an uncertain quantum threat.
The following synthesis distills the summit’s most salient themes, surfacing presenters’ ideas, shared questions, and strategies that define Bitcoin’s quantum horizon.
Mapping the Quantum Risk
The summit opened with an assessment of quantum computing timelines. The next five years are expected to be foundational in progress towards fault-tolerant quantum computing (FTQC). Under aggressive timelines, a cryptographically relevant quantum computer (CRQC) threatening ECDSA could emerge within 5 - 10 years. And when FTQC arrives, it’ll come fast, like a phase transition. Sho Sugiura (BlocQ) and Terry Rudolph (PsiQuantum) highlighted that superconducting and photonic systems remain frontrunners, though significant engineering challenges persist, particularly around error rates and qubit connectivity.
There was consensus around one observation: quantum computers do not threaten Bitcoin uniformly. Mining remains comparatively safe, as Grover's algorithm provides only modest quadratic speedups and suffers from poor parallelizability. However, as mentioned, the true fault line lies in digital signatures. Bitcoin’s current use of ECDSA and Schnorr signatures, both breakable by Shor’s algorithm, renders any exposed public key vulnerable. The scope of this exposure is considerable.
Forensic analysis by Dr. Anthony Milton, co-author of Chaincode Labs’ seminal Bitcoin and Quantum Computing report, estimates that 6.51 million BTC, roughly one-third of the supply, is already at risk. Reuse of addresses, Taproot key-path spends, and legacy script types (especially P2PK) constitute the majority of these vulnerabilities.
Address reuse in particular requires urgent attention to operational hygiene within Bitcoin custodial practices, as institutional custodians frequently reuse addresses for accounting convenience.
While long-range attacks target persistently exposed public keys, such as those reused or stored on-chain, there is a second class of threat: short-range attacks, which exploit the brief window between transaction broadcast and block confirmation to steal funds from newly revealed keys. To address this, Lightning Network co-inventor Tadge Dryja introduced ‘Lifeboat,’ a practical commit–reveal soft fork designed to mitigate short-range quantum theft without requiring new cryptographic primitives or a wholesale cryptographic overhaul.
Paths to Quantum-Safe Signatures
Participants broadly agreed on the necessity of quantum-resistant cryptography in a post-quantum world, though most favored conservative, incremental approaches. Olaoluwa Osuntokun (Lightning Labs) detailed the advantages of stateless hash-based signature scheme SPHINCS+. While SPHINCS+ entails large signatures (2 - 8 KB depending on parameters), its conservative security assumptions and compatibility with Bitcoin’s existing infrastructure make it uniquely promising.
Still, integration challenges abound. Larger signature sizes reduce transaction throughput and stress block space. Proposals such as BitZip attempt to mitigate this by aggregating post-quantum signatures into a single STARK proof per block, increasing TPS from ~1.69 to ~87 under optimistic assumptions. Across these proposals, there’s a shared theme: migration should preserve not just technical validity, but also usability, fee economics, and decentralization incentives.
Migration With Soft Forks & Sidechains as Staging Grounds
Migration is not only a technical question; it is also a coordination problem spanning users, miners, developers, and businesses. Jameson Lopp (Casa) proposed a three-phase soft-fork strategy that introduces post-quantum script types, deprecates legacy paths, and provides recovery mechanisms for stragglers. Importantly, this pathway avoids hard forks and preserves Bitcoin’s conservative upgrade culture, consensus stability, and minimizes disruption.
Sidechains, such as Anduro and qBTC, are also viable staging grounds for experimentation. These merge-mined environments offer safe terrain to test BIP360 (a proposal which aims to gradually transition Bitcoin towards quantum-safe scripts without hard forks), simulate user migration flows, and deploy post-quantum bridges. Their role is not to replace Bitcoin but to serve as fallback infrastructure in case consensus upgrades stall or fragment.
A more radical proposal, Lifted FawkesCoin, employs hash commitments and zero-knowledge proofs to enable post-quantum migration without on-chain signatures. Although complex and operationally demanding, such proposals highlight the breadth of design space being explored.
The summit spent a lot of time grappling with the philosophical and ethical considerations inherent in potential mitigation paths. A contentious topic was the fate of quantum-vulnerable, unmigrated coins, whether to "burn" (invalidate) them or allow them to be "stolen" by quantum attackers. Mike Casey introduced the Hourglass proposal, advocating for a throttled spending mechanism, limiting quantum attackers' immediate capabilities while preserving potential legitimate claims. Specifically, the proposal limits P2PK spends to one per block, stretching a theoretical 3-hour attack window to 8 months. This deters large-scale exploits while preserving a path for legitimate claims. Extensions of Hourglass (v2) broaden this logic to reused and Taproot outputs.
Yet the underlying dilemma remains: should Bitcoin freeze unclaimed vulnerable coins (“burn”) or allow quantum actors to seize them (“steal”)? The burn model preserves integrity but risks violating the principle of immutability. The steal model preserves protocol purity but invites chaos. There is no consensus yet, only recognition that philosophical clarity must accompany technical design.
However, there was consensus on reducing address reuse immediately, bolstering operational security, and preparing contingency plans. Meanwhile, forward-looking solutions like quantum-resistant validity rollups, sidechains such as qBTC and Anduro, and infrastructure projects like Project 11’s yellowpages provide additional migration pathways.
Modeling the Adversary
Beyond engineering, the summit emphasized strategic modeling of adversaries. A quantum computer is not a threat in itself, it must be wielded by an actor with intent and capability. Matthew Pines (Bitcoin Policy Institute) and Alex Pruden (Project 11) outlined scenarios ranging from covert, slow drains of high-value UTXOs to sudden mass-theft blitzes. The mere perception of a quantum breakthrough, they warned, could destabilize markets before any confirmed attack.
This points to a broader insight: Bitcoin’s quantum risk is not just cryptographic. There are psychological, institutional, and geopolitical angles as well. Coordination failures, reputational damage, and investor panic are all plausible consequences of premature or poorly communicated countermeasures.
Insights and Next Steps
The Quantum Bitcoin Summit did not yield a single roadmap, nor was that its aim. Instead, it surfaced a spectrum of viable, sometimes competing approaches ranging from SPHINCS+ integration and soft-fork migration timelines to throttling schemes, sidechain staging grounds, and wallet-layer attestation infrastructure.
What unites these proposals is the recognition that the Bitcoin community should begin preparing now. Migration may take years. Threats may emerge suddenly or not at all. But readiness, like resilience, is not a switch to be flipped, it is a posture to be assumed; technically, socially, and institutionally. Tangibly, this means proactive, coordinated action across the Bitcoin ecosystem, including immediate operational improvements, conservative cryptographic upgrades, and sustained institutional engagement:
Eliminating address reuse (especially for exchanges and custodians).
Prioritizing prudent cryptographic upgrades (e.g., SPHINCS+, Lifeboat).
Exploring throttling mechanisms for quantum-vulnerable coins.
Leveraging sidechains and rollups as testing grounds and fallback infrastructure.
Moving forward, participants emphasized continued collaboration through forums such as the BitDevs mailing list, Delving Bitcoin, and Presidio Bitcoin’s Discord, ensuring preparedness and resilience if quantum computing transitions from threat to reality.
Thank you to everyone who helped make the Quantum Bitcoin Summit a success. At Presidio Bitcoin, we remain committed to supporting ongoing research, coordination, and community engagement.
We look forward to continuing to advance Bitcoin.
— Presidio Bitcoin
July 2025, San Francisco
Further Resources
For those interested in exploring the topics and proposals discussed at our Quantum Bitcoin Summit in greater depth, we invite you to explore the following materials:
Summit talks and panel recordings
Quantum Bitcoin Summit Playlist
Quantum Bitcoin Summit website
pbquantum.org
Presidio Bitcoin
presidiobitcoin.org
Presidio Bitcoin on X
@PresidioBitcoin
Ongoing discussion and collaboration
Presidio Bitcoin Discord