Key Highlights
- The addition of BIP 360 does not activate any changes, but officially includes quantum resistance on Bitcoin’s technical roadmap.
- The proposal introduces a new output structure called Pay-to-Merkle-Root (P2MR).
Bitcoin’s long-term security planning has made progress with the addition of BIP 360 to the official Bitcoin Improvement Proposal (BIP) repository. This move does not activate any changes but officially includes quantum resistance on Bitcoin’s technical roadmap.
The proposal outlines a new output structure called Pay-to-Merkle-Root (P2MR). This structure aims to lower the risk of quantum attacks while staying compatible with Bitcoin’s current Tapscript framework.
By entering the repository, the idea is now part of the review process. It can be discussed, refined, or rejected.
Building a protective layer
Quantum computing is still largely experimental, but its potential impact on cryptography has led security researchers to prepare in advance. Since Bitcoin relies on cryptography to secure funds, it is part of this discussion.
The main concern is whether a sufficiently advanced quantum computer could reverse-engineer private keys from public keys. If so, coins tied to exposed public keys could be at risk. BIP 360 intends to reduce that risk in future output designs by changing how spending conditions are committed on-chain.
What P2MR changes
P2MR closely resembles Taproot in design but removes one key feature: the key-path spending option.
Under Taproot, users can spend funds either through a key-path (which reveals a public key) or through a script-path (which reveals only the relevant script branch). This flexibility improves privacy and efficiency, but may increase theoretical exposure in a post-quantum scenario.
P2MR removes the key-path route. It commits only to a Merkle root representing script conditions. By doing so, it reduces instances where public keys are directly exposed on-chain, narrowing the attack surface should quantum decryption capabilities emerge in the future.
Preparing for post-quantum signatures
The authors of BIP 360 describe the proposal as foundational. Its architecture could allow Bitcoin to later adopt post-quantum signature schemes through additional soft forks.
Algorithms such as ML-DSA (Dilithium) and SLH-DSA (SPHINCS+), both part of wider post-quantum cryptographic research, are referenced as possible candidates for future integration.
Hunter Beast, co-author of the proposal and senior protocol engineer at MARA, described BIP 360 as one piece of a larger effort to strengthen Bitcoin against emerging computational threats. He noted that discussions are ongoing about how to tackle older coins that may already be exposed, including long-dormant holdings, which are unlikely to move.
Bitcoin in shifting security landscape
The timing of BIP 360 shows a larger global shift toward quantum-safe standards. The U.S. National Security Agency’s CNSA 2.0 framework calls for quantum-resistant systems by 2030, and the National Institute of Standards and Technology has begun transitioning federal systems away from cryptography in the next decade.
By placing BIP 360 into the formal proposal process, developers are signaling that quantum resilience is no longer a distant hypothetical.
Also Read: Binance Completes $1B Bitcoin Acquisition for SAFU Fund
