![[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6vJpO9kksCQDpSksNkqDFNUCbXD70dMGYqI6P9S_XPMY5d8BR8PVdrsVQP1ZJO_-nzL6eQShM3Cap9heQ5kAglsPjfxwIcXPSsf_cfgUVnGQ2XzIWVOuo7JhxMjnHYDN6r9KlQ6LqZJisRZkjatnWChuzUkSlXRa1hFseUPq28PZ5gjGR7L2WzTFdZ3fM/s1600/ghost.jpg?#)
Bitcoin’s quantum migration plan forces the network to choose between frozen and stolen coins
Bitcoin's debate about quantum computers produced a published draft with real political consequences on Apr. 14.
Bitcoin Improvement Proposal 361 (BIP 361), titled “Post Quantum Migration and Legacy Signature Sunset,” landed in Bitcoin's official proposal repository with a three-phase plan to phase out ECDSA and Schnorr signature spends entirely once a quantum-resistant output type exists on the network.
The proposal builds directly on BIP 360, published in February, which introduced a new address format that strips Taproot's quantum-vulnerable key-path spend, called Pay-to-Merkle-Root (P2MR). The proposal also preserved compatibility with Lightning, BitVM, and multi-signature setups.
Together, the two drafts constitute the most explicit governance posture Bitcoin has adopted regarding quantum migration to date.
What makes this moment sharp is the external calendar hardening around it, as NIST finalized FIPS 203, 204, and 205 in August 2024 and urged organizations to begin migrating immediately.
The UK's NCSC has set migration milestones for 2028, 2031, and 2035, while US federal agencies face a 2035 quantum-transition target.
Governments, banks, and national cyber agencies already have migration deadlines on their calendars, making blockchains late arrivals to that debate.
Bitcoin's coercive logic
What separates BIP 361 from prior Bitcoin post-quantum (PQ) discussions is its deliberate coerciveness.
Phase A, three years past the activation of a quantum-resistant address type, blocks new sends to vulnerable address formats. Phase B, two years later, invalidates ECDSA and Schnorr spends from quantum-vulnerable UTXOs at the consensus layer. Coins that have not migrated get frozen.
A possible Phase C would allow frozen coin holders to prove ownership via zero-knowledge proofs linked to a BIP-39 seed phrase and to recover their funds via a later recovery mechanism.
The proposal's authors, including Jameson Lopp of Casa, frame this as a defense. As of Mar. 1, over 34% of all Bitcoin sat in addresses whose public keys had already been exposed on-chain, making those coins theoretically readable by a quantum machine running Shor's algorithm.
Google researchers estimated in recent work that a sufficiently powerful quantum computer could crack a Bitcoin private key in roughly nine minutes, with one analysis citing 2029 as a plausible outer bound for a cryptographically relevant machine.
The counterargument arrived on the mailing list immediately.
Tadge Dryja, a Bitcoin developer and Lightning Network co-author, said that the plan is not viable in its current form because it ties the activation of quantum-resistant outputs to the deactivation of elliptic-curve outputs.
That link, Dryja argued, could destroy coins preemptively and relies on definitions of “quantum-vulnerable UTXO” still contested in practice.
The BIPs repository explicitly states that inclusion certifies only that a proposal met formal editorial criteria, with community endorsement and activation timing being separate determinations.
BIP 360 is already running on Bitcoin's quantum testnet, deployed by BTQ Technologies in early 2026. BIP 361 co-author Ethan Heilman has estimated that a full Bitcoin migration to quantum resilience would take seven years from the day consensus forms.
Tron's calculated entry
Justin Sun published his own declaration on post-quantum resistance.
In a post on X, the Tron founder announced that the network is officially launching a post-quantum upgrade initiative to become the first major public blockchain to deploy NIST-standardized post-quantum cryptographic signatures on mainnet.
Sun wrote that “while Bitcoin debates whether to freeze vulnerable coins and Ethereum forms research committees, Tron is building.” He added that a technical roadmap is “coming soon.”
Tron holds roughly $86.7 billion in stablecoins, about 97.78% of which is USDT, alongside approximately $5.1 billion in total value locked in DeFi.
Post-quantum readiness on a chain of that scale becomes a question of custody and settlement infrastructure. The networks, exchanges, and custodians moving dollar liquidity through Tron have operational keys, admin paths, and bridge mechanisms that a quantum attacker targeting high-value addresses would prioritize first.
Tron's current public posture is narrative compression, consisting of decisive language and competitive positioning of the scheme selection, migration model, wallet compatibility plan, and activation path needed to verify what “first major public blockchain” actually means in practice.
| Category | Bitcoin | TRON | Ethereum |
|---|---|---|---|
| Governance style | Open, adversarial, consensus-driven | Executive-led, founder-driven messaging | Open, layered, research-led |
| Public status today | BIP 361 published as a draft in official repo; BIP 360 already published | Initiative announced by Justin Sun; roadmap still pending | Official PQ portal live; active roadmap and devnets |
| Core migration model | Phased sunset of legacy signatures after a PQ output exists | Undisclosed so far; Sun says NIST-standardized PQ signatures on mainnet | Gradual migration via account abstraction, precompiles, and later consensus changes |
| Main policy logic | Force migration with future restrictions and eventual invalidation of vulnerable spends | Claim speed and decisiveness before full technical detail | Build cryptographic agility and avoid a disruptive flag day |
| What users may face | New sends blocked to vulnerable formats, later frozen legacy coins if not migrated | Unknown until roadmap: optional, hybrid, or mandatory migration not yet specified | Wallet and account upgrades spread over time rather than a single cutoff |
| What is already specified publicly | Phase A / Phase B / possible Phase C; definition of vulnerable UTXOs under debate | Narrative claim, competitive framing, “roadmap coming soon” | Execution-, consensus-, and data-layer approach; weekly interoperability devnets |
| What is still missing | Consensus, activation path, final definition of quantum-vulnerable outputs | Scheme choice, migration model, wallet compatibility plan, activation path | Single fixed migration date or standalone flagship PQ proposal |
| Main risk/trade-off | Protect the network but risk freezing or stranding coins | Strong messaging without yet-published operational detail | Flexible migration but less coordination pressure on a fixed timetable |
| Key infrastructure at stake | Legacy UTXOs with exposed public keys | Stablecoin settlement rail, custody, admin keys, bridges | EOAs, bridges, validator keys, execution-layer migration |
| Best one-line summary | Certainty requires deadlines | Speed is the product | Safety requires agility |
NIST's relevant standards, such as ML-DSA, FN-DSA, and SLH-DSA, carry different trade-offs in signature size, verification speed, and implementation complexity, and choosing among them is a material technical decision.
Ethereum's layered bet
Ethereum takes the structural opposite of Bitcoin's forced deadlines.
The Ethereum Foundation launched pq.ethereum.org in March 2026 as a hub for its post-quantum research, roadmap, and open-source repositories, with more than 10 client teams running weekly post-quantum interoperability devnets.
The roadmap spans three layers. At the execution layer, native account abstraction, as defined by EIP-7701 and EIP-8141, provides a built-in migration path away from ECDSA, allowing users to rotate to quantum-safe authentication via smart accounts without requiring a protocol-wide cutover.
At the consensus layer, BLS signatures would eventually give way to hash-based alternatives under the leanSig scheme, which combines XMSS-style quantum resistance with STARK-based aggregation to offset the size and performance costs of post-quantum primitives.
The Foundation's own assessment places core L1 protocol upgrades around 2029, with full execution layer migration extending beyond that date.
Ethereum's February 2026 protocol priorities post made the intersection explicit, with native account abstraction providing a natural migration path away from ECDSA-based authentication, while developers are working on complementary EIPs to make quantum-resistant signature verification cheaper in the EVM.
Ethereum has an official roadmap and an active engineering track, with Glamsterdam targeted for the first half of 2026, and it is arriving with no standalone quantum proposal introducing a fixed migration date.
Two futures for migration
The bull case runs through cryptographic agility.
If the threat stays far enough out, and NIST's estimate that full integration can take 10 to 20 years from standardization supports that reading, chains can migrate without emergency powers.
Bitcoin's sunset logic narrows to the most clearly exposed outputs or evolves into a softer incentive structure.
Tron eventually publishes a roadmap that names its scheme and migration model, and the market rewards systems that make migration boring: smart accounts, precompiles, key rotation, and wallet updates handled gradually enough that no user wakes up locked out.
Ethereum's own team has said L1 protocol upgrades could be completed around 2029, the cleanest publicly stated timeline among the major chains in this race.
| Scenario | Bitcoin | TRON | Ethereum |
|---|---|---|---|
| Bull case: long runway, orderly migration | Sunset logic softens or narrows to the clearest exposed outputs; migration happens before emergency politics take over | TRON publishes a credible roadmap, names a scheme, and turns executive speed into operational execution | Account abstraction, precompiles, and staged upgrades make migration gradual and boring |
| What wins in this scenario | Clear incentives plus enough time for wallets and custodians to adapt | Fast coordination across wallets, exchanges, and stablecoin infrastructure | Cryptographic agility across layers without a disruptive flag day |
| Bear case: selective attacks arrive early | Pressure lands first on exposed or high-value legacy coins; governance fight over freezes happens before consensus is mature | Stablecoin rail concentration turns custody keys, admin paths, and bridges into prime targets | EOAs, bridges, and validator keys become the first pressure points |
| What breaks in this scenario | Political legitimacy of freezing coins vs letting them be stolen | Narrative advantage collapses if no published runbook exists | Diffuse roadmap looks slow if markets suddenly demand a hard timetable |
| Bottom line | Most direct defense, but also the most coercive | Fastest rhetoric, but proof depends on roadmap details | Most complete migration architecture, but still without a single forcing date |
The bear case begins where Ethereum's own portal draws the boundary, and early quantum machines may target a small number of high-value keys.
Bitcoin faces its hardest political test under that scenario because BIP 361 already exposes more than 34% of BTC on-chain, and any selective attack on Satoshi-era or P2PK coins would force the governance question before consensus has formed.
Ethereum's exposure is concentrated in externally owned accounts, bridges, and validator keys, the exact places a well-resourced attacker would try to exploit first.
Tron's concentration as a USDT rail makes custody and admin-key migration the first thing to scrutinize, and a narrative initiative without a published technical roadmap offers no operational protection under those conditions.
Who decides
Bitcoin says certainty requires deadlines, Ethereum says safety requires agility, and Tron says speed is the product. None of those positions is obviously wrong.
A coercive Bitcoin deadline forces migration but risks leaving coins behind whose owners cannot be reached.
Ethereum's layered approach spreads migration pain over years but lacks a single focal point to coordinate wallets, custodians, and exchanges on the same timetable.
Tron's executive speed may prove real, or it may prove to be another well-timed announcement awaiting a second act.
The actual contest over which governance model can move users, infrastructure, and hundreds of billions in assets before a quantum adversary selects the weakest node belongs to whoever has a runbook when the window closes.
The post Bitcoin’s quantum migration plan forces the network to choose between frozen and stolen coins appeared first on CryptoSlate.
