Bitcoin engineer Matt Corallo says fears that Bitcoin developers are “sleepwalking” into a quantum-crisis overstate the problem — and that a practical mitigation path is already forming.
Speaking on the Unchained podcast published Feb. 22, Corallo (known in the community as TheBlueMatt) pushed back on criticism from Castle Island Ventures’ Nick Carter, who has warned that Bitcoin’s development community isn’t treating quantum risk urgently enough. Corallo argued that the current work is meaningful and that the migration problem is less dire than critics suggest, because much of the plumbing in modern wallets already gives Bitcoin a useful head start.
A simple, two-step approach
Corallo framed the roadmap in two straightforward stages. Step one: add the ability for wallets and software to commit to post-quantum public keys. Step two: at a later, politically sensitive moment, decide when to stop accepting legacy, quantum-vulnerable spend paths. “There are only two steps,” he said. “The first relevant step is just adding the ability to commit to a postquantum public key. I think that should be done soon.”
He emphasized that committing now doesn’t force everyone to immediately use bulky, expensive post-quantum signatures on-chain. Instead, wallets could publish commitments to post-quantum keys without paying the ongoing size and fee penalties until a future enforcement decision is made. That staging, Corallo argued, lets wallets prepare without creating an immediate cost-driven incentive to delay upgrades.
Wallets already have a head start
One critical technical point Corallo raised: many wallets that use seed phrases already incorporate a “quantum-safe anchor” at the wallet-derivation layer, even though on-chain public keys and signatures today would be vulnerable to a large, cryptographically relevant quantum computer. That means users and custodians can prepare and migrate more smoothly than if everything had to change simultaneously on-chain.
Hash-based signatures gaining traction
On implementation, Corallo said the community is coalescing around hash-based signature schemes for the initial commitments. Debate has shifted away from whether to pursue post-quantum measures toward fine-tuning formats and implementation details; he pointed to active work around BIP 360 and characterized the consensus on hash-based approaches as “pretty strong.”
The harder political decision
Corallo acknowledged the second step — when to disable legacy spend paths that a quantum computer could exploit — will be contentious. Deciding to stop accepting old, un-migrated coins could touch lost or abandoned funds and create market-driven fork dynamics. He conceded that migrating active wallets could take years and that the social and economic fallout of hard cutoffs would be significant. Still, his central point was that a final end-state doesn’t need to be fully defined before meaningful preparation starts.
Ongoing research and discussion
Corallo also disputed the idea that developers are ignoring the issue. He pointed to research and engineering work at Blockstream Research and Chaincode Labs, named academic and engineering contributors such as Ethan Heilman and co-authors working on BIP 360, and said discussion of post-quantum topics on the Bitcoin developer mailing list has “grown steadily,” at one point accounting for “30 or 40%” of posts in his view — a sign, he argued, of sustained attention rather than neglect.
Bottom line
Corallo’s message: start the practical, low-cost work now — commit to post-quantum keys and allow wallets to migrate on their own timeline — and leave the politically fraught decision of when to enforce legacy cutoffs for later. That staged approach, he believes, reduces disruption while keeping Bitcoin on a credible path to post-quantum resilience.
https://orcid.org/0009-0009-1599-2739
