BIP 360, co-authored by Hunter Beast, Ethan Heilman, and Isabel Foxen Duke, proposes a new Bitcoin output type called "Pay to Merkle Root" (P2MR). This proposal aims to address a significant security vulnerability that has long plagued Bitcoin: the exposure of elliptic curve public keys under quantum computing attacks. In the current Bitcoin architecture, certain transaction types, particularly P2PK outputs and Taproot (P2TR) addresses, expose public keys on the blockchain. Theoretically, a powerful quantum computer utilizing Shor's algorithm could derive the corresponding private keys, thereby stealing the associated funds. It is estimated that 6.26 million BTC, worth approximately $44 billion at recent prices, are stored in address types vulnerable to quantum attacks.
The operation of P2MR is nearly identical to Bitcoin's existing Taproot output types, with one key modification: it removes the key path spending mechanism introduced by Taproot, which allows transactions to be authorized through a single public key signature. Under P2MR, all unspent transaction outputs (UTXOs) must be spent via a script path, specifically the Tapscript Merkle tree, relying on hash-based commitments rather than elliptic curve public keys. Since hash functions are considered to have stronger resistance to quantum attacks, this eliminates the primary attack surface for long-term quantum threats.
Notably, P2MR is fully compatible with Bitcoin's existing smart contract functionalities, including multi-signatures, time locks, and complex custody structures. The authors of BIP 360 also confirmed compatibility with the Lightning Network, BitVM, and Ark, all of which rely on the Taproot architecture for Bitcoin scalability and programmability, making this upgrade a benefit to the ecosystem rather than a disruption.