Summary:
– Blockstream CEO Adam Back favors optional, opt-in quantum-resistant upgrades and rejects protocol-enforced freezes of vulnerable wallets.
– His position clashes with BIP-361, a staged proposal that would phase out legacy signatures and ultimately immobilize unmigrated coins.
– The dispute highlights a tension between protecting future users from quantum attacks and preserving property rights, censorship resistance, and decentralization.
The argument over how Bitcoin should respond to the potential threat from quantum computers resurfaced after Adam Back spoke at Paris Blockchain Week. He urged the ecosystem to build migration paths to quantum-resistant cryptography now, but to keep adoption voluntary rather than using protocol rules to lock down old addresses. Back warned against panic-driven measures and said measured preparation beats rushed interventions during a crisis.
Back described current quantum hardware as largely experimental, noting steady but incremental progress over decades. That said, he emphasized the need to prepare before a practical attack appears. Crucially, he argued that forcibly invalidating legacy signatures or freezing coins by protocol fiat would violate users’ property rights and the censorship-resistant ethos that underpins Bitcoin. Instead, Back favors providing secure, opt-in alternatives plus education and incentives so users migrate willingly.
BIP-361, by contrast, would use a multi-phase soft-fork to retire quantum-vulnerable output types. Building on the soft-fork approach in BIP-360, it defines a new quantum-resistant output format while phasing out early schemes such as pay-to-public-key (P2PK), which reveal public keys on-chain and are therefore considered exposed.
Analyses suggest roughly 1.7 million BTC could be sitting in address types that reveal public keys — about a third of the supply and including some of Satoshi Nakamoto’s early coins valued at tens of billions. Under BIP-361’s timeline, Phase A would start three years after activation and prohibit new payments to legacy, vulnerable addresses while still allowing those addresses to be spent from. Five years after activation, Phase B would make old ECDSA and Schnorr signatures invalid, effectively freezing any coins that had not been migrated to the new, quantum-resistant outputs.
Proponents like Jameson Lopp and co-authors argue these steps are necessary to prevent what they call intergenerational theft: a future quantum adversary harvesting value from dormant keys and eroding confidence in Bitcoin’s fixed supply. They see preemptive retirement of exposed schemes as a way to protect long-term holders and the currency’s scarcity.
Opponents counter that intentionally rendering private property inaccessible by protocol change amounts to expropriation and is incompatible with Bitcoin’s censorship-resistance goals. They point to Bitcoin’s history of relying on social coordination and voluntary upgrades to resolve crises, noting the community has quickly patched urgent vulnerabilities in the past without resorting to draconian freezes. These critics prefer a strategy focused on building robust, user-friendly migration tools, outreach, and incentives so migrations happen organically.
The debate recalls earlier governance clashes — from block-size fights to Taproot activation — and frames the quantum question as a significant upcoming test of how much the community is willing to trade core principles for security. At stake is whether the network opts for top-down protections that could lock coins to prevent a speculative future attack, or for bottom-up, opt-in solutions that preserve user sovereignty but may leave some value exposed in the interim.