What BTQ’s Bitcoin quantum testnet reveals about “old BTC” risk

Key takeaways

• Bitcoin’s quantum hazard centers connected exposed nationalist keys and signature security.

• BTQ’s testnet explores post-quantum signatures successful a Bitcoin-like environment.

• Post-quantum signatures importantly summation transaction size and artifact abstraction demands.

• “Old BTC risk” is concentrated successful bequest output types and code reuse patterns.

BTQ Technologies said it had launched a Bitcoin Quantum testnet connected Jan. 12, 2026, a Bitcoin-like web designed to proceedings post-quantum signatures without touching Bitcoin mainnet governance.

The thought is that BTQ would regenerate Bitcoin’s existent signature scheme with ML-DSA, the module-lattice signature modular formalized by the National Institute of Standards and Technology (NIST) arsenic Federal Information Processing Standard (FIPS) 204, for post-quantum information assumptions.

It is worthy remembering that successful astir Bitcoin quantum-threat models, the cardinal precondition is public-key exposure. If a nationalist cardinal is already disposable onchain, a sufficiently susceptible aboriginal quantum machine could, successful theory, effort to retrieve the corresponding backstage cardinal offline.

Did you know? BTQ Technologies is simply a research-focused steadfast moving connected post-quantum cryptography and blockchain security. Its Bitcoin Quantum testnet is designed to survey however quantum-resistant signatures behave successful a Bitcoin-like system.

What quantum changes?

Most Bitcoin quantum-risk discussions absorption connected integer signatures, not connected Bitcoin’s coin proviso oregon the thought that a quantum machine could magically conjecture random wallets.

The circumstantial interest is that a cryptographically applicable quantum machine (CRQC) could tally Shor’s algorithm to lick the discrete logarithm occupation efficiently capable to deduce a backstage cardinal from a known nationalist key, undermining some the Elliptic Curve Digital Signature Algorithm (ECDSA) and Schnorr-based signing.

Chaincode Labs frames this arsenic the ascendant quantum menace exemplary for Bitcoin due to the fact that it could alteration unauthorized spending by producing valid signatures.

The hazard tin beryllium separated into long-range exposure, wherever nationalist keys are already disposable onchain for immoderate older publication types oregon owed to reuse, and short-range exposure, wherever nationalist keys are revealed erstwhile a transaction is broadcast and awaits confirmation, creating a constrictive clip window.

Of course, nary quantum machine contiguous poses an contiguous hazard to Bitcoin, and mining-related impacts should beryllium treated arsenic a abstracted and much constrained treatment compared with signature breakage.

Did you know? Shor’s algorithm already exists arsenic mathematics, but it requires a large, fault-tolerant quantum machine to run. If specified machines are built, they could beryllium utilized to deduce backstage keys from exposed nationalist keys.

What BTQ built and wherefore it’s interesting

BTQ’s Bitcoin Quantum testnet is fundamentally a Bitcoin Core-based fork that swaps retired 1 of Bitcoin’s astir important primitives, signatures.

In its announcement, BTQ said the testnet replaces ECDSA with ML-DSA, the module-lattice signature strategy standardized by the NIST arsenic FIPS 204 for post-quantum integer signatures.

This alteration forces a acceptable of engineering trade-offs. ML-DSA signatures are astir 38-72 times larger than ECDSA, truthful the testnet raises the artifact size bounds to 64 mebibytes (MiB) to marque country for the further transaction data.

The institution besides treats the web arsenic a afloat lifecycle proving ground, supporting wallet creation, transaction signing and verification, and mining, on with basal infrastructure specified arsenic a artifact explorer and mining pool.

In short, the testnet’s applicable worth is that it turns post-quantum Bitcoin into a show and coordination experiment.

Where aged BTC hazard concentrates

When analysts talk astir “old BTC risk” successful a post-quantum context, they are usually referring to nationalist keys that are already exposed onchain.

A aboriginal CRQC susceptible of moving Shor’s algorithm could, successful theory, usage those nationalist keys to deduce the corresponding backstage keys and past nutrient valid spends.

There are 3 output types instantly susceptible to long-range attacks, specifically due to the fact that they spot elliptic-curve nationalist keys straight successful the locking publication (ScriptPubKey): Pay-to-Public-Key (P2PK), Pay-to-Multi-Signature (P2MS) and Pay-to-Taproot (P2TR).

The organisation is uneven:

• P2PK is simply a tiny stock of today’s unspent transaction outputs (UTXOs), astir 0.025%, but it locks a disproportionate stock of BTC value, astir 8.68% oregon 1,720,747 Bitcoin (BTC), mostly dormant Satoshi-era coins.

• P2MS accounts for astir 1.037% of UTXOs, but reports estimation that it secures lone astir 57 BTC.

• P2TR is communal by count, astir 32.5% of UTXOs, yet tiny by worth successful the aforesaid snapshot, astir 0.74% oregon 146,715 BTC. Its vulnerability is tied to Taproot’s key-path design, wherever a tweaked nationalist cardinal is disposable onchain.

Address reuse tin besides crook what would different beryllium “spend-time” vulnerability into long-range vulnerability due to the fact that erstwhile a nationalist cardinal appears onchain, it remains visible.

BTQ’s ain messaging uses this exposed-key framing to reason that the perchance affected excavation is large. It cites 6.26 cardinal BTC arsenic exposed, which is portion of wherefore the institution says investigating post-quantum signatures successful a Bitcoin-like situation is worthy doing now.

What’s adjacent for Bitcoin?

In the adjacent term, the astir factual enactment is observability and preparedness.

As explored, the signature menace exemplary is driven by public-key exposure. This is wherefore discussions often halfway connected however Bitcoin’s existing wallet and scripting practices either uncover nationalist keys early, arsenic with immoderate bequest publication types, oregon trim vulnerability by default, arsenic with communal wallet behaviour that avoids reuse.

“Old BTC risk” is truthful mostly a spot of humanities output types and reuse patterns and not thing that abruptly applies evenly to each coin.

The second, much applicable constraint is capacity. Even if a post-quantum migration were socially agreed upon, it would inactive beryllium a blockspace and coordination problem.

River’s explainer summarizes world estimates showing however delicate timelines are to assumptions. A theoretical script successful which each transactions are migrations tin compress timelines dramatically, portion much realistic blockspace allocation stretches a modulation into years, adjacent earlier accounting for governance and adoption.

BTQ’s testnet fits into that bucket. It lets engineers observe the operational costs of post-quantum signatures, including larger information sizes and antithetic limits, successful a Bitcoin-like setting, without claiming that Bitcoin is imminently breakable.

Did you know? The biggest origin holding quantum computers backmost is noise, oregon errors. Today’s qubits marque mistakes frequently, truthful fault-tolerant mistake correction is required. This means utilizing galore carnal qubits to nutrient a tiny fig of reliable “logical” qubits earlier moving the agelong computations needed to interruption real-world cryptography.

What Bitcoin-level mitigation mightiness look like

At the protocol level, quantum preparedness is often discussed arsenic a sequenced path.

Post-quantum signature schemes thin to beryllium overmuch larger than elliptic-curve signatures, which person knock-on effects for transaction size, bandwidth and verification costs; the aforesaid kinds of trade-offs BTQ is surfacing by experimenting with ML-DSA.

That is wherefore immoderate Bitcoin proposals absorption archetypal connected reducing the astir structural vulnerability wrong existing publication designs, without committing the web to a circumstantial post-quantum signature algorithm immediately.

A caller illustration is Bitcoin Improvement Proposal (BIP) 360, which proposes a caller output benignant called Pay-to-Tapscript-Hash (P2TSH). P2TSH is astir identical to Taproot but removes the key-path spend, the way that relies connected elliptic-curve signatures, leaving a tapscript-native way that tin beryllium utilized successful ways intended to debar that key-path dependency.

Related ideas person circulated connected the Bitcoin developer mailing database nether the broader “hash-only” oregon “script-spend” Taproot family, often discussed arsenic Pay-to-Quantum-Resistant-Hash (P2QRH)-style constructions. These proposals again purpose to reuse Taproot’s operation portion skipping the quantum-vulnerable cardinal spend.

Importantly, nary of this is settled. The main constituent is that Bitcoin’s apt response, if it moves, is debated arsenic an incremental coordination occupation that balances conservatism, compatibility and the outgo of changing the transaction format.

The BTQ testnet is rather revealing

BTQ’s Bitcoin Quantum testnet does not settee the quantum debate, but it does marque 2 points harder to ignore.

First, astir credible menace models absorption connected wherever nationalist keys are already exposed, which is wherefore “old coin” patterns support appearing successful analyses.

Second, post-quantum Bitcoin is an engineering and coordination problem. BTQ Technologies’ ain plan choices, specified arsenic moving to ML-DSA and lifting artifact limits to accommodate overmuch larger signatures, exemplify those trade-offs.

Ultimately, the testnet is simply a sandbox for measuring costs and constraints and should not beryllium seen arsenic impervious that Bitcoin is imminently breakable.