Headline: MIT’s Neha Narula urges a practical, low-risk roadmap to make Bitcoin post‑quantum safe — and to start migrating coins now
MIT Digital Currency Initiative director Neha Narula on April 20 published a pragmatic plan for protecting Bitcoin against the eventual threat of a cryptographically relevant quantum computer (CRQC). Her central argument: the network should prioritize immediate, low‑risk mitigations that let users secure their coins today, rather than waiting for perfect answers to politically fraught questions like what to do with unmoved or “lost” coins.
What she proposes is staged and achievable. First, push a soft fork that introduces a post‑quantum‑safe output type and a new post‑quantum signature opcode, along with cryptographic agility so the system can evolve. Coordinate wallets and apps to support that output, and nudge users to migrate funds into it well before any quantum emergency arrives. The aim is to give users a simple, reliable option to move funds into outputs that remain safe even if a powerful CRQC emerges — provided users avoid address reuse and don’t reveal legacy public keys.
Narula’s preferred technical path centers on P2MR (Pay‑to‑Merkle‑Root, BIP‑360) combined with a PQ signature opcode. In her view, that combo would let people move coins into a quantum‑resistant output type immediately and with low operational friction, without having to resolve longer‑term governance battles first.
She is careful to note this isn’t a silver bullet. Narula draws a key distinction between protecting individual users who migrate early and defending the system if a large share of bitcoins remains exposed — a share she labels X. The severity of the risk depends on X: if only a vanishing fraction of coins stay vulnerable, the network could likely absorb a CRQC event; if a large percentage (she cites an illustrative 20%) remains exposed, the consequences could be chaotic.
That uncertainty, she argues, shouldn’t be a reason to stall. Early deployment and migration would produce on‑chain evidence of adoption and reduce the vulnerable pool, buying time and clarity for tougher decisions — such as whether to treat long‑dormant coins differently — which can be left for later if and when a real quantum threat nears. “We should make the low‑harm, low‑risk, high‑benefit, safety‑critical mitigations NOW,” she writes, saving higher‑risk interventions for later.
Narula pushes back on alternatives she considers impractical for broad deployment: ad hoc scripted PoC solutions or complex, costly escape hatches. Those may work as research experiments but aren’t operationally suitable at scale. She also flags tradeoffs with P2MR: it removes Taproot’s efficient key‑spend privacy path and relies on wallet behavior to avoid address reuse. Still, she contends these downsides are worth the immediate benefit of giving users a reliable migration option without waiting for consensus on the hardest governance problems.
Bottom line: Narula’s roadmap reframes the debate from “everything must be solved before we act” to “deploy safe, low‑risk tools now so people can protect their funds — and use adoption data to guide the harder choices later.”
At press time, Bitcoin traded at $75,802.
Read more AI-generated news on: undefined/news
