BIP 360
to enable Pay-To-Tapscript-Hash: a proposed first step in advancing Bitcoin quantum resistance
BIP 360 proposes a new tapscript-supportive output type for Bitcoin: Pay-To-Tapscript-Hash (P2TSH), which is nearly identical to Taproot addresses but with the quantum-vulnerable keypath spend removed.
This proposal has been put forth by co-authors Hunter Beast, Ethan Heilman, and Isabel Foxen Duke to address Bitcoin's most pressing quantum vulnerability: quantum-vulnerable addresses. At present, P2PK and Taproot addresses remain the most vulnerable address types on the network.
Given the critical role of Taproot addresses in Bitcoin scaling (including Lightning, BitVM, Ark, and other key technologies), we believe it's prudent to ensure that Bitcoin has a tapscript-native address output type that is protected from long-exposure quantum attacks.
The team additionally intends to introduce post-quantum signature schemes to protect Bitcoin addresses from potential short-exposure quantum attacks in future proposals. That said, we see the introduction of a quantum-resistant tapscript-native output type as a critical and relatively unobtrusive "first step" in making Bitcoin quantum-resistant.
At present, Bitcoin addresses, especially, but not limited to, Taproot & Satoshi's coins, are not quantum resistant, and are vulnerable to attack in the event of sufficient advancement in quantum computing.
The development of Google's "Willow" quantum chip, as well as Microsoft's Majorana 1 chip, has shed light on this vulnerability in recent news, and has called into question our time left until "Q Day."
Want to stay informed about BIP 360 and quantum computing? Sign up for updates.
MAKE BITCOIN QUANTUM RESISTANT
Industry roadmaps—led by companies including IBM, Google, Microsoft, Amazon, and Intel—suggest that quantum computers may be able to decrypt ECDSA cryptography used for Bitcoin's public/private key encryption in as little as 2-5 years. The US federal government, additionally, has issued a mandate to phase out use of ECDSA cryptography entirely by 2035.
While the amount of time we have to prepare for a quantum event is uncertain, it seems reasonable to ensure that Bitcoin is prepared for a range of possible outcomes. Additionally, we must consider the total time needed for an effective transition—at the BIP level, the software level, the infrastructure level, and the user-transition level.
A smooth and effective QR transition plan for Bitcoin could take several years to execute—with more prep time inevitably leading to better security outcomes for all.
For updates on the state of quantum computing, potential impacts on Bitcoin, and proposals for impact mitigation (including BIP 360), subscribe below.
Updated:
December 2025
All content is owned and licensed by the respective author(s).