Bitcoin's Post-Quantum Migration: From P2PK to P2MR
After reading the NIST post-quantum standards, FIPS 204 and FIPS 205, I started looking for chain-specific migration efforts. Bitcoin is a natural starting point: it has the most valuable UTXO set, the most value secured by classical signatures, and a long history of conservative script upgrades. The two draft proposals that caught my attention are BIP360 and BIP361. BIP361 is the broader migration plan: after a future post-quantum output type exists, it proposes a staged sunset for legacy ECDSA/Schnorr usage. BIP360 is the more interesting technical step. It proposes Pay-to-Merkle-Root, or P2MR, a new output type that keeps the useful parts of Taproot script trees while removing Taproot’s key path. ...