February 18, 2026 — The Bitcoin community faces a critical seven-year timeline to secure the network against an emerging quantum computing threat, according to a lead researcher behind a key upgrade proposal. Ethan Heilman, co-author of the newly submitted BIP-360 proposal, provided an exclusive forecast to Cointelegraph, warning that a full migration to post-quantum cryptography could take until 2033 if started today. This urgent assessment arrives as scientific papers and industry leaders signal rapidly accelerating progress in quantum computing capabilities, potentially capable of breaking Bitcoin’s current encryption within the same timeframe. The blockchain’s security, protecting over $1.3 trillion in value, now hinges on unprecedented technical coordination and community consensus.
The Seven-Year Roadmap to Quantum Resilience
Ethan Heilman’s detailed breakdown presents a sobering timeline. First, the Bitcoin community must agree on a technical roadmap—a process with no guarantee of success. Subsequently, he estimates two and a half years to finalize Bitcoin Improvement Proposals (BIPs), complete code reviews, and conduct rigorous testing. Following this development phase, a network activation period of roughly six months would be required. “Three years until it activates. This assumes two and a half years to get the BIPs done and the code reviewed and tested. Assuming everyone wants it, half a year to activate,” Heilman explained. However, activation is merely the starting gun for the most daunting phase: migration.
Every Bitcoin holder must move their funds to new, quantum-safe addresses. Given Bitcoin’s throughput of 3-10 transactions per second, this mass migration could itself take months or years. Furthermore, Heilman notes that wallets, custodians, payment processors, Lightning Network nodes, and treasury management software all require separate, time-consuming upgrades. “Likely, some future-forward parties will have prepared to upgrade while the softfork was activating. If we are lucky, 90% will have updated five years after activation,” he stated, emphasizing that the perceived immediacy of the threat would dictate the speed of adoption. “The bigger the perceived danger, the faster this will happen.”
Quantum Advancements Narrow the Safety Window
This lengthy lead time places Bitcoin in a precarious position as quantum computing leaps from theory toward practicality. Recent statements from leading scientists suggest the danger window is closing. Caltech president Thomas Rosenbaum recently predicted a “functioning, fault-tolerant quantum computer in five to seven years.” More urgently, Professor Scott Aaronson from the University of Texas at Austin suggested the timeline could be even shorter, citing the “staggering rate of hardware progress.” He raised the possibility of a machine capable of running Shor’s algorithm—which can break Bitcoin’s elliptic curve cryptography—before the next U.S. presidential election.
- Hardware Progress: The largest experimental array to date is Caltech’s 6,100 neutral-atom qubit system. While error correction remains a massive hurdle, theoretical requirements are falling fast.
- Shrinking Qubit Requirements: Estimates for the qubits needed to break 2048-bit RSA encryption have plummeted from tens of millions five years ago to under 100,000 in a recent preprint paper on the “Pinnacle Architecture.”
- Bitcoin’s Vulnerability: Professor Aaronson notes Bitcoin’s 256-bit elliptic curve cryptography could fall “a bit before RSA” due to the smaller key size, which Shor’s algorithm targets more efficiently.
Expert Consensus on the Engineering Challenge
Antonio Sanso from Ethereum’s dedicated post-quantum team contextualizes the shift. “There are not a lot of theoretical issues at the moment,” he told Cointelegraph Magazine. “At the moment, it’s an engineering problem. It’s going to be solved for sure.” Sanso aligns with the U.S. National Institute of Standards and Technology (NIST), which views the 2030s as a realistic timeframe for cryptographically relevant quantum computers. This perspective underscores that the threat is no longer a distant sci-fi scenario but a foreseeable engineering milestone. The acceleration has been notably fueled by end-of-2024 breakthroughs, like Google’s Willow chip demonstrating scalable quantum error correction, and AI-driven discoveries in materials science and error-correction decoders.
BIP-360: A Conservative First Step
The updated BIP-360 proposal, co-authored by Heilman, Hunter Beast, and Isabel Foxen Duke, represents the first concrete step. Merged into GitHub for official consideration last week, it proposes a new output type called Pay-to-Merkle-Root (P2MR). This upgrade to the existing Taproot (P2TR) system hides the public key and removes a quantum-vulnerable key path. Crucially, it’s a soft fork—backward compatible, so nodes that don’t upgrade simply ignore the new transaction type. “BIP 360 is step one,” Heilman clarified. “It proposes a quantum-resistant output type that has the upgradability and features of P2TR without the quantum vulnerability.”
However, BIP-360 only protects against “long-range” attacks, where an attacker has years to crack a static public key, like those guarding Satoshi’s unmoved coins. It does not defend against “short-range” attacks, where a public key exposed in the mempool during a transaction could be cracked before the transaction confirms. Addressing this requires step two: integrating a post-quantum signature algorithm into Bitcoin’s scripting language, a more complex upgrade with significant trade-offs.
| Blockchain | Post-Quantum Status | Key Challenge |
|---|---|---|
| Bitcoin | BIP-360 proposed; 7-year upgrade estimate | Community consensus on hard forks, signature size/bloat |
| Ethereum | Dedicated PQ team; target overhaul by 2029 | Majority of funds have exposed public keys |
| Solana | Experiments completed; fast-upgrade capability | All public keys exposed by default |
The Daunting Consensus Hurdle
Technically, Bitcoin’s path is clearer than for chains like Ethereum or Solana, where most public keys are already exposed. Bitcoin’s real obstacle is social. The community must agree on difficult technical choices. Post-quantum signature algorithms produce signatures 10 to 100 times larger than current ones. Integrating them could slow Bitcoin to a fraction of one transaction per second. Solutions like increasing the block size, implementing a witness discount, or using zero-knowledge proofs to compress signatures are all contentious topics that have sparked civil wars in the past. The debate over Taproot’s downstream effects, for instance, continues five years later.
The most existential debate may concern Satoshi Nakamoto’s estimated 1.1 million Bitcoin. Without access to Satoshi’s private keys, those coins cannot be migrated. The community would face an impossible choice: freeze them forever, violating the sacrosanct principle of private property rights, or allow them to be stolen and potentially dumped on the market. Reaching consensus on these fundamental issues, Heilman implies, is the variable that could stretch the timeline far beyond seven years or collapse it entirely under the pressure of a sudden quantum breakthrough.
Cross-Chain Collaboration Emerges
Interestingly, potential collaboration is emerging across blockchain borders. Ethereum’s post-quantum team has developed a prototype using hash-based ZK-STARKs to aggregate signatures per block, requiring only one proof on-chain. Researcher Justin Drake expressed hope that Bitcoin would adopt this as an industry standard, noting the design was made “with Bitcoiner security in mind.” He revealed that Ethereum and Bitcoin researchers, including Blockstream’s Mikhail Komarov, have already co-authored four academic papers on the subject, building a rare bridge between the often-divided ecosystems.
Conclusion
The race to secure Bitcoin against quantum computers is no longer theoretical. A seven-year upgrade timeline, as outlined by BIP-360 co-author Ethan Heilman, now runs parallel to a 5-7 year forecast for the arrival of the threat itself from leading quantum scientists. While the technical blueprint for a post-quantum Bitcoin is taking shape with proposals like BIP-360, the monumental challenge lies in Bitcoin’s decentralized governance. The network must achieve unprecedented consensus on technically disruptive changes under a ticking clock. The coming months will test whether the community can prioritize long-term security over ideological disputes, as the window for a orderly transition may be narrower than anyone anticipated.
Frequently Asked Questions
Q1: What is the main takeaway from Ethan Heilman’s warning?
Heilman, a co-author of the Bitcoin post-quantum proposal BIP-360, estimates that a full, coordinated upgrade of the Bitcoin network to withstand quantum computer attacks would take approximately seven years from today. This timeline is dangerously close to expert predictions for when such quantum computers might become operational.
Q2: How much Bitcoin is immediately at risk from quantum computers?
According to data from entities like Project 11, only about 6.9 million Bitcoin (roughly one-third of the total supply) currently has its public key exposed on-chain and is immediately vulnerable if a quantum computer existed today. Coins stored in unspent Taproot outputs or in legacy Pay-to-Public-Key-Hash (P2PKH) addresses are safer until they are spent.
Q3: What is BIP-360, and does it fully solve the problem?
BIP-360 is a proposed soft fork that creates a new, quantum-resistant transaction output type called Pay-to-Merkle-Root (P2MR). It is a critical first step that protects against “long-range” attacks on static keys but does not defend against “short-range” attacks on keys exposed during a transaction. Full protection requires a second step: adopting a post-quantum signature algorithm.
Q4: Why is Bitcoin’s upgrade considered harder than Ethereum’s or Solana’s?
Technically, Bitcoin’s upgrade is simpler as less of its supply is exposed. However, the primary challenge is social consensus. Bitcoin’s decentralized, conservative community must agree on significant changes like increasing block sizes or implementing complex cryptography, which has historically been a slow and contentious process.
Q5: What happens to Satoshi Nakamoto’s Bitcoin?
This is a major unsolved dilemma. Satoshi’s estimated 1.1 million Bitcoin cannot be moved to a quantum-safe address without the private keys. The community may eventually have to choose between permanently freezing those coins (contradicting property rights) or allowing them to be stolen by a quantum attacker.
Q6: How are quantum computing advances affecting the timeline?
Breakthroughs in quantum error correction (like Google’s Willow chip) and AI-optimized hardware are accelerating progress. Furthermore, new research is consistently lowering the estimated number of physical qubits needed to break encryption, suggesting the threat could materialize sooner than previously believed.
