Author: Lanhu; Source: X, @lanhubiji

First of all, let me explain that the content mentioned here does not have any intention to create traffic or attack BTC, and if there is a problem with BTC, it will be a problem for the entire industry.

The following is just a purely discussion, Facing the threat of future quantum computing, what should BTC do?

There is currently a concept in the encryption community called Q-DAY, which specifically refers to the day when quantum computers can use the "Shor algorithm" to crack the ECDSA signature algorithm currently used by BTC and ETH.

This means that the private key is no longer safe and the wallet lock is no longer secure.

If quantum attacks were a fantasy before, now this threat does not exist.

According to the current opinions of quantum experts, the approximate range is between 2031 and 2038, which means that the threat will become actual and visible in 5-6 years at the fastest and 12-13 years at the slowest.

This is related to the rapid progress of quantum hardware + algorithms. According to quantum experts, in the past, millions or even tens of millions of physical qubits were needed to crack ECDSA.

In the past two years, algorithm optimization + new error correction codes will reduce it by 10 times +. According to the exponential growth of the current algorithm + hardware, there is a probability of actual threats in 5-6 years at the fastest.

Therefore, before Q-Day comes, both BTC and ETH need to be replaced with a "new lock" (post-quantum signature).

Ethereum currently has a clear roadmap and expected completion time (the post-quantum upgrade is expected to be completed around 2029).

The roadmap of the BTC community has not yet been finalized.

Due to historical reasons, the style of the BTC community has always been "don't move if you can", supporting the principles of non-tampering and backward compatibility. Any upgrade is difficult in BTC.

It was not until last month that BTC included quantum protection in its roadmap for the first time.

On February 11, BIP 360 (Pay-to-Merkle-Root) officially joined the BIP warehouse.

The core is to remove part of Taproot's "key path" and only retain Script-paht to significantly reduce quantum exposure. In the future, it will support signature schemes that are easier to plug into quantum security.

However, it does not force anyone to upgrade, it just paves the way for future soft forks.

The complete migration plan (post-quantum migration BIP) is still in the discussion stage and has not been officially adopted. It will take about 5-10 years:

• The first phase encourages migration: prohibiting new funds from flowing to old addresses and encouraging the community to transfer coins to new quantum-safe addresses;

• The second phase of new currency enforcement: Old addresses can still be spent, but new coins must be locked with new locks;

• The last stage is the most controversial because it involves the handling of the old address funds: Should the old address funds be frozen or burned?

This involves the processing of a larger proportion of BTC: About 25-33% of BTC (approximately 6-7 million BTC are in a quantum exposure state, including 1 million of Satoshi Nakamoto, and other BTC that are permanently lost). Doing so violates the long-standing principle of the BTC community: no interference.

There are also opinions that there is no need to freeze these BTC, whoever takes it is the one who gets it.

If this is the case, 6 to 7 million BTC will be taken away. If BTC has risen to US$300,000 per coin at that time, this means that the total value of this part is between US$1.8 trillion and US$2.1 trillion.

With such a large amount of BTC flowing into the market, it is hard to imagine what the final market will look like.

In short,the biggest difficulty in BTC’s quantum protection route now is not the technology, but the governance dilemma: how to coordinate the community.

How to deal with BTC from old addresses is the biggest obstacle in the future BTC quantum security roadmap.

Perhaps in the next 1-2 years, the community will gradually move from quarrels to consensus. After all, time waits for no one.