[Draft BIP] Quantum-Resistant Transition Framework for Bitcoin

This proposal introduces a comprehensive framework for transitioning Bitcoin to quantum-resistant cryptography, designed to secure the network against potential quantum computing threats. The initiative is driven by the growing vulnerability of Bitcoin's current encryption methods, notably ECDSA and Schnorr signatures, to quantum decryption algorithms such as Shor's algorithm. Approximately 25% of Bitcoin's Unspent Transaction Output (UTXO) set, valued around $150 billion as of 2025, is directly at risk due to exposed public keys from practices like address reuse. Recent advancements in quantum computing, highlighted by Google's development of a trapped-ion quantum computer with high gate fidelity, have underscored the urgency of this transition. These developments potentially allow for the breaking of 256-bit ECDSA within hours, posing significant security threats including the ability for attackers to conduct stealthy thefts by precomputing keys.

The proposed migration to quantum-resistant cryptography unfolds in four phases over an extended timeline, ensuring backward compatibility and minimizing disruption. Initially, it introduces soft-fork activation of quantum-resistant (QR) witness programs, followed by a gradual deprecation of classical ECDSA outputs and ultimately freezing of classical UTXOs to prevent their quantum-assisted theft. This phased approach aims to provide market certainty, apply progressive pressure for adoption, and respects the sunk cost principle where users who ignore repeated warnings face the consequences of their inaction.

A key element of this proposal is the selection of SPHINCS+-SHAKE256f (SLH-DSA-SHAKE-256f) for its robust quantum-resistant properties, offering significant security advantages over current standards under both Shor's and Grover's algorithms. Detailed specifications and comparative analyses are available, including information on signature sizes, private key entropy, and resistance to quantum attacks. The proposal also outlines the necessity for hardware wallets, exchanges, miners, and light clients to upgrade and adapt to these QR protocols within specified timelines to ensure network-wide resilience against quantum vulnerabilities.

For further reading and technical details, references include the implementation of SPHINCS+ provided by the Bitcoin Foundation and federal standards documentation for SLH-DSA. Feedback from all stakeholders involved in Bitcoin's development and maintenance is encouraged to refine and improve upon this draft before its finalization.