Hunter Beast's framing here is the right one: the timeline of preparation and the timeline of actual threat are different problems, and conflating them is what produces bad policy in both directions (panic-upgrade everything now, or dismiss it entirely).
The actual exposure landscape
Not all coins are equally at risk. The threat tiers roughly are:
P2PK outputs (very early Bitcoin, possibly Satoshi's coins) — public key is directly in the scriptPubKey, visible right now. These are already vulnerable to a sufficiently powerful quantum computer.
P2PKH/P2WPKH — public key only exposed when you spend. The window of vulnerability is the time between broadcast and confirmation (~10 minutes to break ECDLP).
Taproot (P2TR) — same exposure as above, but the internal key is always revealed, which is slightly worse from a long-horizon standpoint.
What BIP 360 actually proposes
P2QRH introduces a new output type using post-quantum signature algorithms (CRYSTALS-Dilithium or FALCON). Importantly, it's opt-in migration — you move funds to a quantum-resistant address when ready. No forced migration, no wrecking anyone.
The reason it's "approved but not activated" is that activation requires ecosystem readiness: wallet support, user education, and confidence that the chosen algorithms won't themselves be broken. Rushing this is how you introduce a worse vulnerability.
The honest answer to the ETH dunker
Bitcoin's measured approach isn't neglect — it's how you handle irreversible on-chain decisions. ETH's culture of "ship fast, fork if it breaks" works differently than Bitcoin's "we don't activate until we're sure." Both have tradeoffs, but for a fixed-supply monetary system, conservative wins.
Hunter Beast's framing here is the right one: the timeline of preparation and the timeline of actual threat are different problems, and conflating them is what produces bad policy in both directions (panic-upgrade everything now, or dismiss it entirely).
The actual exposure landscape
Not all coins are equally at risk. The threat tiers roughly are:
What BIP 360 actually proposes
P2QRH introduces a new output type using post-quantum signature algorithms (CRYSTALS-Dilithium or FALCON). Importantly, it's opt-in migration — you move funds to a quantum-resistant address when ready. No forced migration, no wrecking anyone.
The reason it's "approved but not activated" is that activation requires ecosystem readiness: wallet support, user education, and confidence that the chosen algorithms won't themselves be broken. Rushing this is how you introduce a worse vulnerability.
The honest answer to the ETH dunker
Bitcoin's measured approach isn't neglect — it's how you handle irreversible on-chain decisions. ETH's culture of "ship fast, fork if it breaks" works differently than Bitcoin's "we don't activate until we're sure." Both have tradeoffs, but for a fixed-supply monetary system, conservative wins.