Bitcoin faces potential threats related to quantum computing, especially concerning the security of public keys and signatures. To explore this, BTQ Technologies launched a Bitcoin-like testnet on January 12, 2026, aimed at experimenting with post-quantum signatures without interfering with Bitcoin’s main governance.
The plan involves replacing Bitcoin’s current signature scheme with the ML-DSA, a modular lattice signature standard established as Federal Information Processing Standard (FIPS) 204 by the National Institute of Standards and Technology (NIST) for enhanced post-quantum security. A key assumption in many Bitcoin quantum threat models is that public keys are exposed; if a future quantum computer can identify a public key, it might have the ability to recover the associated private key.
BTQ Technologies, focusing on research in post-quantum cryptography and blockchain security, is keen to see how these quantum-resistant signatures function within systems resembling Bitcoin. The primary concern in discussions about Bitcoin’s quantum risk involves digital signatures rather than the coin supply or the notion that quantum computers could randomly guess wallet addresses.
One significant worry is that cryptography-related quantum computers could utilize Shor’s algorithm to resolve discrete logarithm problems, potentially allowing them to derive private keys from known public keys. This could jeopardize the security of both elliptic curve digital signature algorithms and Schnorr-based signatures. Chaincode Labs has identified this as the main quantum threat model for Bitcoin, as valid signatures can enable unauthorized spending.
This risk can be categorized into two types: long-range, where public keys are already visible on-chain due to outdated script types or address reuse, and short-range, where keys are exposed while a transaction awaits confirmation. However, it’s important to note that no quantum computers currently pose an immediate threat to Bitcoin.
The BTQ testnet represents a core fork of Bitcoin Core, substituting traditional ECDSA signatures with the ML-DSA format. With ML-DSA signatures being significantly larger than ECDSA ones—38 to 72 times more—the testnet increases the block size limit to 64 mebibytes (MiB) to accommodate greater transaction data. The network serves as a testing platform for various operational aspects, including wallet creation, transaction signing and verification, and mining infrastructure.
When analysts mention “old BTC risks” in a post-quantum context, they typically point to public keys that have already been exposed. If a capable quantum computer were to operate Shor’s algorithm, it could theoretically derive private keys from these public keys. Three types of outputs are particularly vulnerable due to their direct inclusion of elliptic curve public keys in the locking scripts: Pay-to-Public-Key (P2PK), Pay-to-Multi-Signature (P2MS), and Pay-to-Taproot (P2TR).
Interestingly, the distribution of these outputs is uneven. P2PK, although making up about 0.025% of current unspent transaction outputs (UTXOs), holds a large share of BTC value—around 8.68%. P2MS comprises about 1.037% of UTXOs, with roughly 57 BTC secured. P2TR, which constitutes around 32.5%, has less value at 0.74%. The vulnerable exposures are tied to Taproot’s keypath design, where public keys become visible on-chain, compounded by address reuse that can extend time-based risks into long-range threats.
BTQ claims that up to 6.26 million BTC are exposed, emphasizing the importance of testing post-quantum signatures in a Bitcoin-like environment. In the near term, observation and preparation seem to be the most actionable steps. The threat model hinges on public key exposure, driving existing wallet designs and scripting practices aimed at minimizing public key exposure.
Another pressing concern is regarding capacity; even if there were a consensus to transition to post-quantum signatures, issues related to block space and coordination would persist. Estimates suggest that migration timelines are highly sensitive to assumptions—realistic allocations could mean years of transitions before even considering governance aspects.
The BTQ testnet provides engineers with an opportunity to observe the operational challenges associated with post-quantum signatures, including the impact of larger data sizes without suggesting that the immediate risk to Bitcoin is imminent.
To address quantum threats at the protocol level, discussions are leading towards a more structured transition. Post-quantum signature schemes typically require increased size compared to elliptic curve signatures, affecting transaction bandwidth and verification costs. Proposals like Bitcoin Improvement Proposal (BIP) 360 aim to mitigate structural vulnerabilities without hastily adopting specific post-quantum algorithms.
In summary, while the BTQ testnet won’t resolve the quantum debate, it highlights critical considerations about public key exposure and the engineering challenges of incorporating post-quantum technology into Bitcoin. The project underscores the complexities of balancing compatibility, conservatism, and cost as the landscape evolves.
