04-08-2026Price:

The Frontier

Your signal. Your price.

BITCOIN

Bitcoin devs debate quantum fixes as research narrows migration window

Wednesday, April 8, 2026 · from 4 podcasts
Ungovernable MisfitsBitcoin OptechBanklessStacker News Live
  • New research drastically lowers the quantum computing power needed to break Bitcoin signatures mid-transaction.
  • Developers are split between stateful Shrimps signatures and slower isogeny cryptography to preserve key features.
  • Bitcoin's governance is unprepared for the coordinated, rapid protocol upgrade a quantum migration demands.

Recent research from Google and Caltech shows breaking Bitcoin's encryption may require far fewer quantum resources than previously modeled, narrowing the window for a defensive protocol upgrade. On *Bankless*, Nic Carter framed this not as a distant threat, but as an imminent risk to funds mid-transaction - a so-called 'on-spend' attack where a quantum computer could crack a private key and replace a transaction within minutes.

Nic Carter, Bankless:

- If a quantum computer can reverse-engineer a private key while a transaction sits in the mempool, the attacker simply replaces your transaction with their own.

- This breaks the fundamental assumption that knowing a key equals owning the money.

The technical debate is already underway, centered on trade-offs between data size and network performance. The *Bitcoin Optech* newsletter detailed two primary paths. Blockstream researcher Jonas Nick is pushing "Shrimps," a stateful signature scheme that keeps data bloat to 350 bytes but requires wallets to track an incrementing integer - lose that state, and a signature balloons to 8 kilobytes. The alternative, isogeny-based cryptography, preserves Bitcoin's key-tweaking features but verifies roughly 50 times slower than current Schnorr signatures, creating a node performance bottleneck.

Bitcoin's real vulnerability may be social, not cryptographic. Carter argues Bitcoin's governance - optimized for stability and resistance to change - now constitutes a "suicide pact" for the quantum era. The protocol lacks a mechanism for the "total mobilization" a post-quantum migration requires. This vacuum, compounded by a culture of dismissing quantum threats as FUD, risks leaving the initiative to large custodians like BlackRock or Coinbase, who could force a fork to burn vulnerable coins and protect client assets.

The clock is ticking, and the migration is a race against both physics and politics.

ProtocolBTC MarketsAdoptionMining

By the Numbers

  • BIP 440VAR Ops budget proposallegislation
  • BIP 441Script opcode restoration proposallegislation
  • BIP 2130Wallet backup metadata format proposallegislation
  • 350 bytesShrimps signature size on primary devicemetric
  • 2.5 kilobytesShrimps signature size on imported devicemetric
  • 8 kilobytesShrimps worst-case fallback signature sizemetric

Entities Mentioned

EclairTool
Ethereum FoundationCompany
FBIConcept
Google AntigravityProduct
Jonas NickPerson
Lightning Dev KitTool
LNDTool
MoneroProtocol
MuSigConcept
New York TimesCompany
OpenAItrending
PayjoinStandard
Samurai WalletConcept
SchnorrConcept
ShrimpsProduct
Stacker NewsProduct
TaprootConcept
TBPNCompany
WhirlpoolConcept

Source Intelligence

What each podcast actually said

Ungovernable Misfits
Ungovernable Misfits

The Code Lives On | THE UNBOUNDED SERIES: Dojo CoderApr 8

  • Pavel first used Bitcoin in 2015 at Paral Polis, a Prague café that only accepted Bitcoin, which framed the technology for him as a tool for freedom, not investment.
  • Pavel began contributing to Samurai's Dojo software in 2019 because it was written in JavaScript, a language he knew, allowing him to add features to the open-source node software.
  • Ronin Dojo remains active despite setbacks, with Pavel finishing a UI update that will reintegrate a transaction privacy analysis tool, similar to the defunct kycp.org site.
  • The Samurai team's arrest was a sudden escalation, moving directly to prosecution without prior cease-and-desist orders or app store removals.
  • Pavel says a key lesson from the Samurai case is to not publicly announce plans, as the team's open discussion of decentralizing Whirlpool likely triggered the swift FBI action.
  • Pavel believes the Bitcoin privacy movement lacks clear direction post-Samurai, with many users moving to Monero or giving up, though projects like Ashigaru continue the work.
  • Ashigaru is a fork of Samurai Wallet that demonstrates open-source code cannot be stopped by arrests; its team recently relaunched Whirlpool as an act of defiance.
  • Pavel notes Ashigaru's team communicates only via email, making public trust reliant on their transparency in documenting code changes and their rationale.
  • A recent Dojo update includes Soroban, a peer-to-peer network that routes transactions through random nodes to obfuscate their origin before broadcasting to Bitcoin.
  • Pavel recommends following Frank Corva, Econo Alchemist, and Max Tannehill for accurate information on the Samurai case and Bitcoin privacy.
  • Support for the arrested Samurai developers can be directed to ptprights.org, which accepts Bitcoin and fiat donations for their legal defense.
BTC MarketsPrivacyRegulationBanking
Bitcoin Optech
Bitcoin Optech

Bitcoin Optech: Newsletter #399 RecapApr 7

  • Jonas Nick details Shrimps, a post-quantum hash-based signature scheme where signatures are 350 bytes on a primary stateful device. If that device is lost, imported devices produce 2.5 kilobyte signatures, with a final 8 kilobyte fallback for catastrophic failure.
  • Shrimps and its predecessor Shrinks require wallets to be stateful, tracking an incrementing integer for each public key to count signatures. If this state is lost or corrupted, security breaks and the wallet must use a large fallback signature.
  • Conduition highlights isogeny-based cryptography as a promising post-quantum candidate because its structure allows key re-randomization. This enables BIP32-like hierarchical key derivation and Taproot-like key tweaking, features hash-based and lattice-based schemes struggle to replicate.
  • SkiSign, an isogeny-based signature scheme, has 65-byte public keys and 148-byte signatures. Verification is about 50 times slower than Schnorr or Dilithium, posing a potential bottleneck for full block validation.
  • Conduition notes isogeny cryptography relies on the supersingular isogeny path problem, a newer but well-studied assumption. He cautions that schemes like SkiSign and PRISM have complementary security proofs, making it hard to prove both secure simultaneously.
  • Armin describes how wallet fingerprints - artifacts like signature grinding, SIGHASH flags, and nSequence values - can break PayJoin privacy. Analysts can partition transaction inputs between sender and receiver by spotting inconsistent behaviors between collaborating wallets.
  • Explicitly stating SIGHASH_ALL in Taproot signatures is a wasteful bug that creates a fingerprint. Since Taproot defaults to SIGHASH_ALL, including the byte adds unnecessary transaction weight and identifies non-compliant wallets.
  • BIPs 440 and 441, part of the "script restoration" effort, are now published. BIP 440 proposes a VAR Ops budget for limiting script complexity, while BIP 441 proposes re-enabling disabled opcodes like OP_CAT within a new Tapscript version.
  • Pais proposes BIP 2130, a standard for wallet backup metadata formats. It aims to create an interoperable way to export and import not just descriptors, but full wallet state including labels, transaction history, and coin data.
  • Eclair 3269 adds automatic liquidity reclamation, closing idle redundant channels. It reduces relay fees over time and closes a channel if, after five days at minimum fee, payment volume stays below 5% of capacity and the local balance is over 25%.
  • LDK adds support for zero-channel-reserve channels, primarily for LSP-user relationships. This lets users commit their full on-chain balance to a channel, shifting the trust and risk onto the service provider.
  • LND implements proper MuSig2 nonce handling and RBF support for cooperatively closing simple Taproot channels. The update hardens the protocol against nonce reuse, which could expose private keys.
ProtocolPrivacy
Bankless
Bankless

Bitcoin Has 3 Years to Survive | Nic Carter on Bitcoin’s Quantum VulnerabilityApr 6

  • Bitcoin's governance is spectacularly unsuited to the quantum threat, which requires total mobilization for core infrastructural change under an uncertain timeline.
  • The Google and Oratomic papers published improved resource estimates for breaking Bitcoin's ECDSA cryptography, indicating the threat is closer than previously thought. The hardware does not yet exist.
  • A short-range 'on-spend' attack could intercept a Bitcoin transaction in as little as nine minutes using the improved algorithms, forcing the entire network to be post-quantum before the computer is built.
  • The authors of the Google paper suggest a fast takeoff model for quantum computing, where significant prior notice before a cryptographically relevant quantum computer exists is unlikely.
  • Google has accelerated its internal post-quantum transition timeline to 2029, while the U.S. government targets 2030-2035 for critical functions.
  • Transitioning Bitcoin to post-quantum cryptography is complex, requiring consensus on a signature scheme, a coordinated migration of all addresses, and a decision on dormant coins.
  • Post-quantum signature schemes are much larger than current ones, requiring a likely uncontroversial block size increase to accommodate the 10x to 1000x increase in transaction data.
  • The Google paper estimates 6.9 million Bitcoin are vulnerable to long-range quantum attacks, with 2.3 million considered permanently unmovable Satoshi or lost coins.
  • Nic Carter predicts Bitcoin's largest custodians and exchanges will eventually demand a fork where the unmovable Satoshi coins are burned, establishing that as the canonical BTC.
  • Ethereum is seen as more proactive on the quantum threat, having a published roadmap and an advantage as it has not hyper-optimized around small signatures like some high-performance chains.

Also from this episode:

Regulation (1)
  • Carter's preferred solution uses salvage law, where a trusted entity recovers vulnerable coins and holds them in trust for their original owners, with a finder's fee, rather than protocol-level burning.
ProtocolCustodyETFs
Stacker News Live
Stacker News Live

SNL #218: Where you sitting...Good FridayApr 6

  • Stacker News, a Bitcoin front page platform, features `txrush.com` and `truckyard.live` which visualize Bitcoin mempool transactions as highway traffic or spacecraft, pulling data from the mempool. Carl suggested these could be useful as phone widgets.
  • The Unboiled family, who live nomadically and attempt to transact predominantly in Bitcoin, tracks 'SATs inflation' based on their spending on essentials in South Africa. They reported a period of 'SATs deflation' where costs were lower by 11% for electricity, 8% for fuel, and 5% for milk.
  • Siru's Bitcoin data project investigated Foundry's 7-consecutive-block streak, which occurred alongside a two-block reorg. The analysis, using data from the BOK project and Wumbo's node archives, suggests consecutive blocks happen more frequently than expected due to block latency, where co-located miners receive block headers faster.
  • Bitprojects.io demonstrated that Bitcoin node count can be easily 'sybillable' by simulating over 3,000 nodes using minimal hardware. The project aimed to show that node count is an unreliable metric for social consensus or soft fork signaling, with its shutdown causing a 'huge uptick' in incoming connections for other nodes.
  • Recent quantum computing breakthroughs, including Caltech's advancements in quantum operations and Google's implementation of Shor's algorithm with an order of magnitude fewer qubits, do not fundamentally alter the timeline for breaking elliptic curve cryptography. Scott Aaronson, an independent expert, suggests they might slightly shorten the indeterminate timeline, which could still be 5-10 years or longer.
  • Supratic outlined several privacy attacks on Lightning, emphasizing that blinded paths improve privacy but are not a 'magic shield' against tracing. These attacks include CLTV correlation, graph analysis on small nodes, payment probing, introduction, and node visibility.

Also from this episode:

AI & Tech (4)
  • The New York Times is blocking the Internet Archive from archiving its articles, citing protection against AI scraping. Keon argues this strategy, while aiming for short-term subscriber growth, will harm the NYT's long-term relevance by excluding its content from AI training data and future search results.
  • OpenAI acquired the popular podcast network TBPN, with CEO Sam Altman stating it was due to liking the show and not for promotional purposes. Keon speculates the acquisition might instead aim to subtly shape tech narratives favorable to OpenAI, similar to the Bezos-Washington Post acquisition.
  • Japanese and US companies formed the Portsmouth Consortium under a strategic trade agreement to develop AI infrastructure and power generation in Piketon, Ohio. The project plans to invest $500 billion to build a data center with a 9.2 GW capacity, leading Blockchain Boo to predict potential government bailouts given the scale of the AI race.
  • Carl and Keon debate the implications of free and abundant intelligence, with Keon suggesting it will only shift humanity's bottlenecks rather than solving all problems. Carl argues that with intelligence addressed, humanity's focus would shift to virtues, love, and internal well-being, aspects that artificial intelligence cannot fulfill.
BTC MarketsProtocolBig TechEnergyMacro

Related Stories