BIP-361 Is Not A Minor Bitcoin Cleanup Proposal
Some Bitcoin proposals tweak around the edges.
This one doesn’t.
BIP-361, published in the Bitcoin BIPs repository as a draft informational proposal, lays out a staged plan for Bitcoin to migrate away from legacy ECDSA and Schnorr signatures after a future post-quantum output type exists. Its title says exactly what it is trying to do: “Post Quantum Migration and Legacy Signature Sunset.”
That wording matters. This is not a note about abstract future research. It is a proposal built around deadlines, invalidation, and a forced migration path.
The Core Idea Is Simple, Even If The Consequences Are Not
The proposal breaks the process into phases.
Phase A would block sending funds to quantum-vulnerable address types. Phase B would go much further and reject spends that rely on ECDSA or Schnorr keys entirely, with that cutoff triggered by a public flag day five years after activation. Phase C is still undefined, but the draft says further research could explore a quantum-safe recovery path for frozen legacy UTXOs, possibly using a zero-knowledge proof tied to a BIP-39 seed phrase.
That is the part people will focus on immediately, and for good reason. Under this framework, failing to migrate would not just mean higher risk. It could eventually mean losing the ability to spend certain coins at all.
Why The Authors Think A Hard Deadline Matters
The argument behind BIP-361 is blunt.
Its authors say Bitcoin cannot afford to wait for an emergency because coordinated upgrades across wallets, exchanges, miners, hardware vendors, and custodians historically take years. They frame a time-boxed migration path as the only credible defense against a threat that may arrive before the ecosystem is ready to respond.
The draft also argues that the threat is broader than price. It says a successful quantum attack could damage trust across the ecosystem and even affect miners’ ability to secure the network. It points to accelerating post-quantum progress, notes that NIST ratified three production-grade post-quantum signature schemes in 2024, and cites estimates that a cryptographically relevant quantum computer could emerge as early as 2027 to 2030.
In other words, the proposal is not trying to solve “quantum someday.” It is trying to force Bitcoin to behave as if the coordination window may already be shorter than the industry wants to admit.
The Most Explosive Part Is What Happens To Old Coins
This is where the proposal stops being a technical migration discussion and turns into a Bitcoin governance fight.
BIP-361 openly argues that abandoned keys that never migrate would remain unspendable, reducing supply over time. It also says the goal should be to allow no one to steal vulnerable coins, rather than letting early quantum-capable actors capture them. That sounds clean in theory. In practice, it means a social and economic decision about the status of untouched legacy coins, reused addresses, and exposed public keys.
That debate is going to sound familiar to anyone who has followed earlier discussions around whether Bitcoin should ever intervene at the protocol level to protect or reclaim vulnerable coins. We already touched that nerve in Bitcoin Core PR Proposes One-Time Hard Fork To Recover 79,956 BTC From Mt. Gox Hack Address, where the bigger issue was never just the coins themselves. It was the precedent.
BIP-361 goes even deeper into that same philosophical minefield.
The Timing Of This Proposal Is Not Random
Bitcoin’s quantum debate has clearly moved out of the fringe.
In recent months, the topic has been pushed harder into the mainstream by renewed attention to exposed public keys, future proofing, and what a forced migration would actually look like if the ecosystem ever believed the threat window was real. That’s why BIP-361 lands into a conversation that is already warming up, not a cold one.
We have been writing around the edges of that shift for a while. In Google Warns Quantum Computers Could Break Crypto Sooner Than Expected, the core question was whether the timeline is getting compressed faster than the market wants to price in. In Bitcoin And Quantum Computing: Manageable Long-Term Risk, Not Immediate Threat, the emphasis was restraint. Not panic, but not denial either.
BIP-361 pushes the conversation out of theory and into policy. That is a very different stage of the debate.
This Is Also A Supply Story, Not Just A Security Story
One of the more underappreciated parts of the draft is what it implies about Bitcoin supply.
If legacy coins that never migrate become permanently unspendable, then quantum defense starts doubling as supply discipline. The proposal says that outright.
That means the migration debate is not only about cryptography. It is also about who gets protected, which coins effectively fall out of circulation, and how the market reprices scarcity once “lost” and “frozen” start to overlap. We have explored related supply-side tensions before in 11 Million Bitcoin By 2036? AI, Deflation, And The Monetary Expansion Thesis Explained.
That is why BIP-361 is bigger than a security patch concept. It quietly reaches into Bitcoin’s monetary narrative too.
The Proposal Is Clear About One Thing: Existing Ideas Are Not Enough
BIP-361 argues that current quantum-related ideas still leave major holes open. The draft says existing proposals do not adequately protect against short-range attacks, long-range attacks driven by address reuse, or attacks against already exposed public keys in P2PK or P2TR outputs. It also rejects models that would allow vulnerable coins to be stolen, even gradually, because those approaches would still create redistribution problems and incentive distortions.
That is a strong claim, and one that will not go unanswered. But it explains why this proposal is framed as a sunset rather than a soft encouragement to upgrade. The authors are effectively saying that optional migration is not serious defense.
What BIP-361 Really Does To The Conversation
The most important thing about BIP-361 is not whether it passes.
It won’t, at least not in this form and not anytime soon. It is still a draft informational BIP and it explicitly depends on a future post-quantum signature proposal that does not yet exist.
But that does not make it unimportant.
What it does is drag the quantum debate into a harder zone. No more comfortable middle ground. No more talking about post-quantum readiness like it is a distant hygiene task. BIP-361 forces a more uncomfortable question: if Bitcoin ever takes the threat seriously enough, would the network choose continuity over backward compatibility?
That is the real story here.
BTCUSA Insight
BIP-361 is radical by Bitcoin standards, and that is exactly why it matters.
Not because it is likely to become policy tomorrow. Not because the ecosystem has suddenly agreed that a legacy signature sunset is the answer. But because it reveals where the debate goes once people stop treating quantum risk as a background topic.
The second Bitcoin begins discussing deadlines, frozen coins, and invalid legacy spends, the argument is no longer about cryptography alone. It becomes a fight over property, precedent, and what kind of social contract Bitcoin is willing to defend when the old assumptions stop feeling permanent.
