So here’s the plot twist: Bitcoin’s BIP 360 just got a glow-up. Meet Pay-to-Merkle-Root, or P2MR, the new output type that’s supposed to trim long-term quantum risk without turning Taproot into a stodgy museum exhibit. It drops Taproot’s key-path spend entirely, zero drama, and goes straight for the addresses most likely to get roasted by future quantum hackers.
P2MR Could Offer Conservative First Step Toward Quantum-Resistant Bitcoin
Bitcoin Improvement Proposal (BIP) 360, still in draft mode and not activated, pitches P2MR as a quantum-resistant alternative to Pay-to- Taproot (P2TR). Instead of a public key for key-path spending, it commits directly to the Merkle root of a Tapscript tree. In practical terms, it’s like Taproot, but with less public-key drama and more Merkle gossip.
That distinction matters because Taproot’s key-path spend exposes a public key. Under current cryptography, deriving a private key from a public key is computationally infeasible. But sufficiently powerful quantum computers running Shor’s algorithm could, in theory, reverse elliptic-curve cryptography. P2MR simply removes that exposed key from the equation.
Importantly, P2MR does not introduce new signature schemes or opcodes. It preserves full Tapscript (BIP 342) functionality and Merkleized Abstract Syntax Tree (MAST)-style script trees, including leaf versions, control blocks and annex data – minus the internal public key. Wallets can reuse much of their existing Taproot code.
The outputs remain 32-byte hashes, tagged as “TapBranch,” offering 128-bit collision resistance comparable to P2WSH. Developers describe it as a conservative first step toward quantum resistance rather than a sweeping cryptographic overhaul.
The proposal has already undergone multiple rewrites and renames. Originally drafted in 2024 as P2QRH (“Pay to Quantum Resistant Hash”), it became P2TSH (“Pay-to-Tapscript-Hash”) in late 2025 before settling on P2MR (“Pay-to-Merkle-Root”) after community feedback that the name should more accurately reflect what the output commits to.
For now, BIP 360 remains a draft pull request and has not been merged or scheduled for activation. Discussion continues across the bitcoin developer mailing list and community forums.
Why Quantum Concerns Exist
Bitcoin’s primary quantum vulnerability lies in signature schemes, not hashing. Addresses that expose public keys on-chain are the most susceptible because Shor’s algorithm could theoretically compute private keys from those public keys.
Legacy Pay-to-Public-Key (P2PK) addresses embed public keys directly in the locking script and hold roughly 1.7 million BTC, making them prime long-range targets. Reused Pay-to-Public-Key-Hash (P2PKH) addresses become vulnerable once a spend reveals the public key. Taproot’s key-path spend also reveals a tweaked public key.
Estimates of at-risk bitcoin range widely. Some analyses suggest 20% to 50% of supply could be exposed under certain definitions, while others argue only a small fraction would pose meaningful market disruption. The timeline for cryptographically relevant quantum computers is generally projected years or decades away, but uncertainty fuels debate.
P2MR does not solve short-exposure risk during a mempool window, and it does not introduce post-quantum signatures. Instead, it addresses what developers call the “long-exposure” threat – coins sitting for years with publicly visible keys.
In effect, P2MR allows users – particularly long-term holders or participants in Lightning, BitVM or Ark-style protocols – to migrate funds into outputs that eliminate the most obvious ECC exposure while preserving Taproot’s scripting benefits. It is evolutionary, not revolutionary.
For a network that prefers incremental soft forks to sweeping redesigns, that tone is deliberate. Quantum alarms may be distant, but BIP 360 signals that developers are at least checking the exits – calmly, methodically and with their cryptographic homework in hand.
FAQ ❓
- What is P2MR in Bitcoin’s BIP 360?
P2MR (Pay-to-Merkle-Root) is a proposed output type that removes Taproot’s key-path spend while preserving full Tapscript functionality. - Why are some bitcoin addresses vulnerable to quantum attacks?
Addresses that expose public keys on-chain could, in theory, allow a quantum computer using Shor’s algorithm to derive private keys. - Does BIP 360 introduce post-quantum signatures?
No, it is a conservative step that does not add new signature schemes or opcodes. - Is BIP 360 active on Bitcoin today?
No, it remains a draft pull request under active review with no activation timeline.
Read More
- Best Controller Settings for ARC Raiders
- 10 X-Men Batman Could Beat (Ranked By How Hard It’d Be)
- DCU Nightwing Contender Addresses Casting Rumors & Reveals His Other Dream DC Role [Exclusive]
- Stephen Colbert Jokes This Could Be Next Job After Late Show Canceled
- Is XRP ETF the New Stock Market Rockstar? Find Out Why Everyone’s Obsessed!
- 7 Home Alone Moments That Still Make No Sense (And #2 Is a Plot Hole)
- 7 Western Antiheroes (Almost) Better Than Doc Holliday in Tombstone
- Pokémon Legends: Z-A’s Mega Dimension Offers Level 100+ Threats, Launches on December 10th for $30
- All Her Fault cast: Sarah Snook and Dakota Fanning star
- 10 Most Brutal Acts Of Revenge In Marvel Comics History
2026-02-12 11:27