Bitcoin's fundamental cryptographic security faces a looming theoretical threat from quantum computing, prompting a new proposal known as Bitcoin Improvement Proposal 361 (BIP-361). Introduced by a group of researchers including Jameson Lopp, BIP-361 outlines a strategic, phased migration plan to transition the network away from its current, legacy signature schemes towards more quantum-resistant alternatives. The core aim of this proposal is to proactively mitigate Bitcoin's vulnerability to a future scenario where advanced quantum computers could potentially compromise its underlying elliptic curve cryptography.

Currently, Bitcoin relies on ECDSA and Schnorr signatures for transaction security. While these remain robust against classical computing attacks, they are theoretically susceptible to Shor’s algorithm. This quantum algorithm could allow an attacker to derive private keys from exposed public keys, posing a significant risk to the network's integrity. The vulnerability is not uniformly distributed across the network; older address types, particularly those involving pay-to-public-key outputs and reused addresses, are considered the most exposed because they reveal public keys onchain. Estimates cited in the proposal indicate that over one-third of all Bitcoin in circulation, including the early holdings attributed to Satoshi Nakamoto, falls into this vulnerable category. A successful quantum attack could lead to the compromise of these funds, potentially destabilizing the entire network and redistributing wealth to technologically advanced malicious actors.

To preempt such an outcome, BIP-361 introduces a comprehensive three-phase transition plan. Phase A is projected to commence approximately three years after the proposal's activation. This phase would strictly prohibit new transactions from sending funds to legacy address types. While users would still retain the ability to move funds *out* of existing vulnerable addresses, this restriction is designed to compel wallets and services to adopt quantum-resistant formats. Phase B, anticipated to begin roughly two years after Phase A, would significantly escalate the transition by invalidating all legacy signatures at the consensus level. At this juncture, any Bitcoin that has not been migrated to a quantum-resistant format would become effectively frozen and unspendable under the network's rules.

A proposed Phase C, which is still undergoing research, aims to offer a limited recovery mechanism for frozen funds. This mechanism would likely rely on zero-knowledge proofs tied to users' seed phrases, enabling them to demonstrate ownership of their frozen Bitcoin without needing to expose their private keys. The feasibility and precise timeline for the implementation of Phase C remain uncertain. The authors of BIP-361 frame this forced migration not as a punitive measure but rather as a crucial defensive strategy. They contend that by effectively freezing coins that fail to upgrade, the network can eliminate a major attack surface well before quantum capabilities emerge. Furthermore, they note that any permanently inaccessible coins would inherently reduce the effective supply of Bitcoin, a dynamic that has long been a point of discussion within Bitcoin's economic framework. As of now, BIP-361 remains in draft form, and no activation timeline has been set.