QuantumBTC
Securing Satoshi's Vision in the Quantum Era
The Sword of Damocles
The emergence of quantum computing threatens Bitcoin’s core cryptography. Transitioning to post-quantum security is urgent, but it challenges Bitcoin's Trilemma: larger signatures reduce scalability and threaten decentralization. To solve this, the Lightning Network must become our agile laboratory. By participating in our LN Stress-Test, you actively fund and generate real-world data for the post-quantum migration.
Recommended LN Bitcoin Wallets
Bitcoin Layer 1 (L1) is the immutable vault, while the Lightning Network (L2) acts as your instant pocket wallet. We recommend using the following LN wallets exclusively for day-to-day transactions with small amounts. While some of these apps can also process L1 transactions, for securely storing significant amounts on L1 you should always use dedicated hardware cold wallets such as Trezor, Coldcard, or BitBox02.
Macadamia Wallet
Cashu / LNMacadamia Wallet: iOS. A privacy-focused Cashu/Lightning wallet designed by Christoph Ono (Germany's Best Kept Secret). Excellent for instant L2 operations with QR scanning, but requires external swaps for L1.
Muun Wallet
Self-CustodyMuun Wallet: iOS / Android. Self-custodial wallet that unifies L1 and L2 balances using Submarine Swaps. Handles both seamlessly with QR scanning, but beware of high hidden fees if the L1 network is congested.
Phoenix
Self-CustodyPhoenix: iOS / Android. Excellent non-custodial LN option that uses 'Splicing' to handle channels transparently. Handles both L1 and L2 transactions with QR support.
Zeus
Self-CustodyZeus: iOS / Android. A powerful non-custodial wallet for power users. Handles L1 and L2 transactions via your own node or integrated LSPs, featuring full QR support.
Blink Wallet
CommunityBlink Wallet: iOS / Android / Web. The easiest onboarding for Lightning and L1. A community-favorite wallet with perfect dual-layer functionality and QR scanning.
Wallet of Satoshi
CustodialWallet of Satoshi: iOS / Android. Custodial but the absolute easiest for immediate onboarding. Handles L1 and L2 seamlessly with QR support. Only store small BTC amounts.
The Sword of Damocles: Bitcoin's Quantum Fragility
The emergence of Cryptographically Relevant Quantum Computers (CRQC) capable of executing Shor's algorithm puts Bitcoin's ECDSA and Schnorr signatures at risk. We must act before the 2029 'Q-Day' timeline.
1. The Cryptographic Lifecycle & Permanent Exposure
Not all addresses face the same risk. P2PK (like Satoshi's coins) and P2TR (Taproot) addresses encode the public key directly on the ledger. This means permanent exposure to a quantum attacker who has unlimited time to derive the private key offline.
- Hashed addresses (P2PKH, P2SH, SegWit) only reveal the public key during transaction broadcast, creating a much harder 'Short-Term' exposure window.
- Vulnerability: Address reuse turns short-term exposure into permanent risk. Always generate a new address for every transaction.
2. Systemic Risk: The 34% Exposure Threshold
Approximately 1.7 million BTC remain in permanently exposed P2PK addresses. With the growing adoption of Taproot and address reuse, over 34% of the circulating supply has exposed public keys. A compromise here represents a systemic market risk.
BIP-360: Pay-to-Merkle-Root (P2MR)
A conservative 'hardened' Taproot designed to facilitate Post-Quantum Cryptography (PQC) algorithms like Dilithium. It hides the key while unspent, neutralizing long-range attacks.
BIP-361: The Migration and Sunset Framework
A phased timeline to invalidate legacy signatures (ECDSA/Schnorr) to protect dormant coins. A controversial governance decision between immutability and network survival.
3. Analyzing Short-Term vs Permanent Risk
While short-term exposure requires a CRQC to perform a 'mempool-speed attack' in under 10 minutes, permanent exposure leaves billions of dollars vulnerable right now. Transitioning to P2MR is the first step.
How can you protect your BTC today?
- Migrate funds from old P2PK or reused addresses to fresh Native SegWit (Bech32) addresses.
- Strictly avoid address reuse to keep your public key hashed until the moment of spending.
- Prepare for the P2MR transition by staying informed on BIP-360 developments.
- Support open-source research and testing to ensure a smooth post-quantum migration.
The deployment of BIP-360 proves the technology is ready; the only remaining variable is the social consensus of the network.
Security FAQ
Q-Day is the estimated moment (potentially by 2029) when quantum computers can run Shor's algorithm efficiently enough to break 256-bit elliptic curve cryptography, allowing them to derive private keys from exposed public keys.
Addresses that do not hash their public keys. This includes the original Pay-to-Public-Key (P2PK) addresses (holding 1.7M BTC) and modern Pay-to-Taproot (P2TR) addresses.
Permanent exposure means a quantum attacker has unlimited offline time to crack a visible public key. Short-Term exposure (like in SegWit) means the key is only visible during the ~10-minute transaction broadcast window.
BIP-360 introduces Pay-to-Merkle-Root, a hardened version of Taproot that supports Post-Quantum algorithms (like Dilithium), keeping keys hidden from long-range quantum attacks.
BIP-361 is a proposal to eventually invalidate old ECDSA/Schnorr signatures at the consensus level to prevent quantum theft. However, it effectively 'freezes' early dormant coins, sparking a debate over immutability.
// educational tool · bitcoin cryptography
Bitcoin Wallet Lab
Explore how seven Bitcoin address types are derived from a passphrase and query their on-chain history live.
For educational purposes only. This tool uses SHA-256(phrase) as the private key, which is cryptographically insecure. Never deposit real funds in any address generated here. Plain-text phrases are not secure seeds for production wallets. Use this only to learn how Bitcoin address derivation works.