BIP-360 Explained: How Bitcoin is Gradually Addressing the Threat of Quantum Computing

Bitcoin has formally incorporated quantum resistance into its long-term technology roadmap for the first time, a development officially established through Bitcoin Improvement Proposal 360 (BIP-360). Unlike the 'disruptive change' hyped by some media outlets, BIP-360 adopts a cautious, gradual upgrade path aimed at minimizing the impact on existing protocols. The core threat of quantum computing to Bitcoin does not come from the SHA-256 hashing algorithm—which only faces a quadratic speedup under Grover's algorithm, and its security remains relatively robust. The real risk lies in the fact that once a public key is exposed on the chain, an attacker can use Shor's algorithm to derive the private key from the public key, thereby stealing funds. Therefore, the focus of BIP-360 is clear: to reduce the likelihood of public key exposure. To this end, the proposal introduces the 'Pay-to-Merkle-Root' (P2MR) mechanism, completely removing the key path spending option in Taproot and forcing all transactions to be completed through the script path. This means that any expenditure of funds must be verified through a Merkle tree constructed by Tapscript, thereby avoiding premature exposure of the public key to the blockchain before the transaction is confirmed. It is worth noting that this change does not sacrifice the flexibility of smart contracts. P2MR still fully supports multi-signature, time locks, and complex escrow structures. All complex logic can be implemented through Tapscript's Merkle tree. While improving security, users can still enjoy the same script functions as before.

As of March 2026, some address types in the Bitcoin network still face quantum risks, especially older addresses that have used publicly exposed public key spending. However, newly adopted P2MR addresses will significantly reduce the exposure window, building a more robust defense layer for the overall network. BIP-360 is not the ultimate solution, nor does it mean that Bitcoin has achieved 'complete quantum resistance.' It is more like a critical preventive reinforcement: optimizing the protocol design in advance before quantum computing poses an actual threat, buying time for future transitions.

This upgrade demonstrates the Bitcoin ecosystem's proactive response to long-term technological risks. Even in the face of emerging quantum threats, its consensus mechanism and upgrade path remain robust, decentralized, and engineering-rational.