Bitcoin’s post-quantum security debate has entered a decisive phase with the publication of Bitcoin Improvement Proposal 361 (BIP 361) on Apr. 14, a draft that lays out a three-stage path to retire ECDSA and Schnorr signature spends once a quantum‑resistant output type exists—sharpening a governance fight that now stretches across Bitcoin, Ethereum, and Tron.

Technology Overview

BIP 361, titled “Post Quantum Migration and Legacy Signature Sunset,” lands as the clearest articulation of how Bitcoin might handle a coordinated shift to quantum‑safe cryptography. It directly extends BIP 360, introduced in February, which proposed a new address format called Pay‑to‑Merkle‑Root (P2MR) that removes Taproot’s quantum‑vulnerable key‑path spend while preserving compatibility with Lightning, BitVM, and multi‑signature arrangements. Together, the two drafts amount to Bitcoin’s most explicit posture to date on migrating away from elliptic‑curve signatures.

The timing is framed by a maturing external standards calendar. In August 2024, NIST finalized FIPS 203, 204, and 205 and urged organizations to begin migrating. The UK’s NCSC has set post‑quantum migration milestones for 2028, 2031, and 2035, and US federal agencies face a 2035 transition target. That schedule places blockchains amid institutions already plotting multi‑year cutovers and underscores the urgency of choosing both cryptographic schemes and governance mechanisms.

A broader industry timeline now runs from NIST’s 2024 standards through Bitcoin’s BIP 361, Ethereum’s anticipated 2029 Layer‑1 window, and the 2035 UK/US transition targets, mapping how protocol decisions intersect with public sector timelines.

How It Works

What distinguishes BIP 361 is its deliberate coercive design. Phase A would begin three years after activation of a quantum‑resistant address type by preventing new sends to formats deemed vulnerable. Phase B, two years after that, would invalidate ECDSA and Schnorr spends from quantum‑vulnerable UTXOs at the consensus layer—freezing coins that have not migrated. A possible Phase C contemplates a recovery path: holders of frozen coins could prove ownership using zero‑knowledge proofs tied to a BIP‑39 seed phrase, enabling later fund recovery.

The proposal’s authors, including Jameson Lopp of Casa, cast the plan as a defensive measure given on‑chain exposure. As of Mar. 1, more than 34% of all Bitcoin resided at addresses with public keys already revealed on‑chain—assets that a sufficiently powerful machine running Shor’s algorithm could theoretically target. Separate research has estimated that a capable quantum computer might derive a Bitcoin private key in minutes, with one analysis placing 2029 as a plausible outer bound for a cryptographically relevant device.

Pushback surfaced quickly. Tadge Dryja, a Bitcoin developer and Lightning Network co‑author, argued on the mailing list that the draft’s link between enabling quantum‑resistant outputs and disabling elliptic‑curve outputs is not viable as written. He warned that the approach could preemptively strand funds and hinges on contested definitions of what constitutes a “quantum‑vulnerable UTXO.” The BIPs repository itself cautions that inclusion signals only editorial acceptance; community endorsement and activation timing remain separate questions.

BIP 360 is already live on a Bitcoin quantum testnet deployed by BTQ Technologies in early 2026. BIP 361 co‑author Ethan Heilman estimates that, from the moment consensus forms, a full Bitcoin migration to quantum resilience would require roughly seven years—underscoring how far in advance any activation logic must be decided.

Industry Impact

Tron has moved to frame the moment as an execution race. In a post on X, founder Justin Sun announced a post‑quantum upgrade initiative that aims to make Tron the first major public blockchain to implement NIST‑standardized post‑quantum signatures on mainnet, with a technical roadmap “coming soon.” The network’s role as a large stablecoin rail—about $86.7 billion in stablecoins, approximately 97.78% of which is USDT—alongside roughly $5.1 billion in DeFi total value locked, concentrates attention on custody and settlement infrastructure. Keys for networks, exchanges, custodians, admin paths, and bridges represent the practical first targets a quantum‑enabled attacker would prioritize against high‑value addresses.

Tron’s current stance is narrative compression: assertive claims and competitive positioning ahead of detailed disclosures on scheme selection, migration mechanics, wallet compatibility, and activation. The choice among NIST’s schemes—such as ML‑DSA, FN‑DSA, and SLH‑DSA—will carry real trade‑offs in signature size, verification speed, and implementation complexity, and clarifying that selection will be central to validating the “first major public blockchain” claim in production.

Ethereum, by contrast, is pursuing a layered, research‑led course designed to avoid a disruptive cutover. The Ethereum Foundation launched pq.ethereum.org in March 2026 as a coordination hub, and more than 10 client teams are running weekly post‑quantum interoperability devnets. The roadmap spans three layers. At the execution layer, native account abstraction—via EIP‑7701 and EIP‑8141—creates a built‑in path away from ECDSA by letting users rotate to quantum‑safe authentication with smart accounts, without a single network‑wide switch. At the consensus layer, BLS signatures are expected to give way to hash‑based alternatives under the leanSig scheme, which combines XMSS‑style quantum resistance with STARK‑based aggregation to mitigate size and performance penalties. The Foundation’s own assessment places core L1 upgrades around 2029, with execution‑layer migration extending beyond that date. An official roadmap is active—Glamsterdam is targeted for the first half of 2026—though there is no standalone quantum proposal anchoring a fixed migration date.

Future Implications

Two futures dominate planning. In the bull case, the threat horizon remains distant, consistent with guidance that full integration of new standards can span 10 to 20 years. Under that runway, chains migrate without emergency powers. Bitcoin’s sunset approach could narrow to unambiguously exposed outputs or evolve into softer incentives. Tron could publish a concrete runbook—naming its scheme and migration model—and translate executive speed into operational execution across wallets, exchanges, and stablecoin infrastructure. Ethereum’s account abstraction, precompiles, and staged upgrades would make migration gradual and uneventful for users through smart accounts, key rotation, and routine wallet updates.

The bear case begins where Ethereum’s own portal draws the boundary: early, selective quantum attacks targeting a small set of high‑value keys. Bitcoin would face its sharpest political test if pressure lands on Satoshi‑era or P2PK coins, since BIP 361’s logic touches a large share of on‑chain‑exposed holdings before consensus is settled on definitions and timelines. Ethereum’s exposure would concentrate in externally owned accounts, bridges, and validator keys—the natural focal points for a well‑resourced attacker. Tron’s concentration as a USDT settlement rail would bring custody keys, admin paths, and bridges under immediate scrutiny, and a narrative initiative without a published technical roadmap would offer no operational protection in that scenario.

Governance at the Core

What began as a cryptography discussion is now a governance contest. Bitcoin argues that certainty requires deadlines, accepting the risk that some coins may be left behind if owners cannot be reached in time. Ethereum emphasizes safety through agility, spreading migration work across layers and years but forgoing a single forcing date to align wallets, custodians, and exchanges. Tron asserts that speed is the product, staking its position on the timely delivery of NIST‑standardized signatures and the operational details that must follow.

None of these positions is inherently wrong; each optimizes for a different failure mode. With standards set and public milestones looming, success likely belongs to the chain that can present a credible runbook—scheme choice, migration model, wallet compatibility, and activation plan—before the window narrows. BIP 361’s publication, Tron’s initiative, and Ethereum’s layered track collectively mark a turning point: post‑quantum migration is now less about if and more about who decides when and how to move billions in assets before the weakest link is chosen for them.