A concrete step in Bitcoin’s quantum-safety debate just landed: an updated draft of BIP-360 was merged into the official Bitcoin Improvement Proposals repository, putting a specific, opt-in technical path on the table for limiting exposure to future quantum key‑recovery attacks. What changed - BIP-360 introduces Pay-to-Merkle-Root (P2MR), a Taproot-adjacent output type that removes Taproot’s “key‑path” spend (the single-signature Schnorr spend) and forces script‑path spending only. The BIP was merged as a Draft and scoped as a “Consensus (soft fork).” - Technically, P2MR is specified as a new SegWit v2 output that commits directly to the Merkle root of a script tree rather than to a tweaked public key as Pay‑to‑Taproot (P2TR) does. P2MR addresses would use bech32m and start with bc1z, separate from existing bc1p Taproot UTXOs. - The goal is minimal change: preserve Tapscript and script‑tree functionality (so future script upgrades can be supported) while removing the Taproot spending route considered most vulnerable under quantum-threat models. Why it matters (and what it doesn’t) - P2MR aims to reduce the risk from “long exposure” attacks by Cryptographically Relevant Quantum Computers (CRQCs)—attacks that could recover private keys from public keys left on‑chain for long periods. By eliminating key‑path spends, those public keys would not be committed on‑chain in the same way. - The BIP is explicit that P2MR is not a full quantum cure. It does not protect against “short exposure” attacks that recover keys from public keys briefly exposed in the mempool while transactions await confirmation. Defending against those scenarios likely requires post‑quantum signature schemes, which the authors say they will address in a separate proposal after more research. - Because every P2MR spend must use the script path, P2MR sacrifices Taproot’s most compact witness (a single Schnorr signature). The BIP estimates the minimal P2MR witness is about 37 bytes larger than a Taproot key‑path spend. However, P2MR can be smaller than a Taproot script‑path spend because its control block omits an internal public key. - Privacy is affected: P2MR users will always reveal they spent from a script tree, whereas Taproot key‑path spends can blend in as single‑signature spends. Context and process - Anduro, a research platform incubated by Marathon Digital, announced the merge and highlighted P2MR’s tapscript compatibility and opt‑in design. The update also added Isabel Foxen Duke as a co‑author to make the BIP clearer to the general public, the announcement said. - Importantly, the change is additive and non‑retroactive: it does not modify existing Taproot outputs; it creates a new output type that wallets and services can choose to support. - Merging the draft into the canonical BIPs repository is a meaningful step: it moves the quantum‑safety debate from theory and mailing‑list hypotheticals to a concrete proposal that developers, wallet authors, and reviewers can examine line‑by‑line. What’s next - The likely next phase of the discussion is whether “prepared, not scared” opt‑ins like P2MR are adequate groundwork or whether Bitcoin must eventually adopt post‑quantum signatures and grapple with the operational challenges of migrating large amounts of value. - For now, P2MR offers a conservative, compatibility‑minded option for users and custodians who want to limit one class of quantum risk without waiting for full post‑quantum cryptography to land in Bitcoin. Market note - At press time, BTC traded at $66,558. Read more AI-generated news on: undefined/news

#BTC