Nearly a decade ago, the Bitcoin community spent two bruising years arguing over whether one megabyte should stay sacred. That fight feels quaint now.
Quantum computers are maturing, but the clash is no longer just a squabble between developers. Institutional adoption of Bitcoin, sovereign coin holdings, and mainstream custody platforms means that hundreds of billions of dollars in value now sit onchain. Any upgrade proposal must now placate governments, auditors, and insurers, a far bigger and more diverse group of stakeholders than the IRC channels of 2016.
On that note, before diving into today’s quantum anxieties, it helps to recall the network’s last capacity skirmish for context.
Why One Megabyte Still Haunts the Network
From 2015 to 2017 developers, miners and users wrangled over the 1 MB ceiling, a saga later dubbed the Blocksize War.
The uneasy compromise, Segregated Witness, boosted effective throughput without touching that cap. Dissidents soon launched Bitcoin Cash, proving that technical disputes quickly become political. After a few years of struggling to gain traction, Bitcoin Cash is still treading water now, indicating that such political spats can carry a high cost for those who commit to backing one side over another.
Today, node operators cite the war when rejecting marginal tweaks. Memory footprints, upload caps, and ASIC influence all trace back to those arguments, which is a useful reminder that governance frictions scale with adoption.
That lesson matters because integrating post‑quantum cryptography (PQC) is far more invasive than rearranging witness data. If a one‑line parameter tweak required a user‑activated soft fork, imagine the friction when every wallet, exchange, and hardware signer must swap algorithms.
Quantum Computers Are A Threat That Won't Just Go Away
Shor’s algorithm collapses both RSA factorization and elliptic‑curve discrete logs once machines reach roughly 20 million physical qubits, assuming sufficient error-correction which would enable around 2,500 logical qubits. That's a problem that's only going to get more pressing over time as quantum computers become more sophisticated.
Deloitte warns that about 25% of existing Bitcoins already sit in vulnerable address types and urges migration before such hardware arrives. Some observers question the timetable, but headlines like "Will Quantum Computing Kill Bitcoin?" keep the risk on investors’ dashboards. Meanwhile, River Financial estimates almost 1.9 million BTC remain in early Pay‑to‑Public‑Key outputs, which is to say public keys long exposed and ready for a “store‑now, crack‑later” raid.
Venture capital is betting the risk materializes sooner rather than later: quantum computing startups raised more than $1.9 billion in 2024 alone, and the National Quantum Initiative continues to add new federal labs. Money flows to where breakthroughs are expected.
Before brushing off the danger here as being in the far future, or as being already solved, consider the main attack vectors:
Early P2PK outputs reveal public keys the moment coins are mined
Reused P2PKH addresses expose keys after first spend
Roughly 5.9 million BTC in total sit in addresses with known keys, which could include your coins if they're in someone else's custody, or even your own
Fault‑tolerant machines are still theoretical, yet signatures can be archived today
Taken together, these vectors show why the community must next examine the hard numbers behind quantum‑safe signatures, and determine whether those bytes can realistically fit inside Bitcoin’s longstanding block ceiling.
Remember: if that tail risk ever materializes, it strikes in a single block. There won't be time to react even if you're watching like a hawk.
Post‑Quantum Signatures Versus the One‑Megabyte Wall
Quantum‑safe signatures exist, but they are bulky. Dilithium 2 weighs in at about 2,420 bytes, while Falcon‑512 trims the payload to roughly 666 bytes, which is still an order of magnitude above ECDSA.
Below is a size comparison to illustrate why block space becomes the next battlefield.
Scheme | Claimed security | Public key bytes | Signature bytes | Key plus signature bytes | Simple TXs per 1 MB block |
|---|---|---|---|---|---|
ECDSA‑secp256k1 | Classical 128‑bit | 32 | 70 | ~100 | ~4,000 |
Falcon‑512 | NIST Level 1 | 897 | 512 - 752 | ~1,650 | ~1,180 |
Dilithium‑2 | NIST Level 2 | 1312 | 2,420 | ~3,600 | < 385 |
The table underscores a brutal trade‑off.
Even adopting the slimmer Falcon scheme slashes on‑chain throughput by nearly 90%, turning today’s median fee spikes into a permanent feature. Dilithium is worse, as it would reserve almost the entire block for a handful of simple payments unless the limit grows, thereby guaranteeing a rerun of the 2017 hysteria.
Bitcoin’s full history already totals more than 666 GB. Initial sync for a pruned node still downloads the entire chain, and guides aimed at hobbyists concede that a pruned copy settles near 10 GB. Inflate every transaction by 3X to 10X and the chain balloons, forcing a choice.
Either raise block size, or price casual node runners out of the network with high fees -- and it's a surprise to nobody that the latter option will probably be the preferred one for major new holders, like BlackRock and other institutions.
Developers are brainstorming ways to dodge that squeeze, and the most prominent options are worth listing:
SegWit and Taproot keep public keys off‑chain until spend, buying time
MuSig2 and batching reduce aggregate signature weight
Lightning and other Layer‑2 (L2) channels offload routine payments
Ongoing research seeks even more compact PQC schemes or hybrid designs
All might be helpful, but none would be decisive. Furthermore, given the mediocre adoption of Lightning today, it's questionable whether L2 solutions are appropriate at all. And if signatures stay on the main layer, someone will inevitably campaign for larger blocks.
QRAMP, Soft‑Fork Plans and Side‑Chain Experiments
There are two proposed solutions discussed in the contemporary crypto ecosystem:
QRAMP | Soft Fork |
|---|---|
One camp wants a mandatory hard fork, which, while previously unthinkable, is likely the technical approach that could offer the most comprehensive solution if there's a political impasse that can't be resolved in time. | A gentler route appears in a GitHub discussion proposing new address versions that wallets adopt voluntarily. Coins remain spendable under old rules, but rising fees and wallet defaults nudge users to migrate. |
The Quantum‑Resistant Address Migration Protocol (QRAMP) forces users to move coins or lose them, betting that tough love beats quantum theft. Critics say the plan sets a confiscation precedent. Yet QRAMP’s supporters counter that inaction simply hands the thieves a timetable. Their argument: provoking temporary dissent is preferable to watching Satoshi’s original stash vanish in a single quantum‑enabled swipe.
Meanwhile, a venture‑funded group is trying to duck consensus entirely. Project Eleven just raised $6 million to prototype a quantum‑safe side‑chain. Users peg their Bitcoin into the chain, enjoy Dilithium security, then peg out when ready. Side‑chains avoid the block‑size impasse, yet add trust assumptions and liquidity frictions.
What Holders and Builders Should Do Now
Waiting for universal agreement is risky and unnecessary.
You can buy time with a few simple moves:
Shift coins from legacy P2PK to P2PKH or Taproot addresses so the public key stays hidden until final spend
Rotate cold‑storage outputs on a schedule to minimize long‑term exposure
Budget for higher on‑chain fees if bulky signatures ultimately win consensus
In parallel, institutions should rehearse key‑refresh drills and integrate watch‑only wallets that flag any outgoing transactions. Small operational tweaks today could prevent eight‑figure losses tomorrow.
These actions do not eliminate quantum risk, but they convert an existential threat into a manageable upgrade cycle.
The Countdown Has Started
Bitcoin’s culture often treats past code as scripture.
Something must yield. Either cryptographers invent signatures slim enough for a 1‑megabyte world, or governance finds a way to stomach bigger blocks without fragmenting again.
Optimists pin their hopes on breakthroughs like hash‑based aggregate signatures or zero‑knowledge (ZK) rollups that compress witness data. Pessimists prepare for another civil war.
Investors who remember 2017 know that politics will decide how quickly any compromise arrives -- and for most of us who were there, that's a gut-wrenching realization, to say the least.
To keep up with the latest in blockchain technology and quantum computing, join us on X and subscribe to our newsletter.
