Neha Narula, director of the MIT Digital Currency Initiative, has published a detailed proposal for making Bitcoin resilient against future quantum computing attacks. In a post dated April 20, Narula advocates for a staged, practical approach rather than waiting for consensus on all complex issues. Her core thesis is that Bitcoin should implement "low-harm, low-risk, high-benefit, safety-critical mitigations NOW" and defer more contentious decisions until a cryptographically relevant quantum computer (CRQC) is imminent.
Narula's proposed roadmap centers on deploying a post-quantum-safe output type and signature scheme via a soft fork. Specifically, she favors P2MR (described in BIP 360) combined with a new post-quantum signature opcode and cryptographic agility. This would allow users to move funds into a quantum-safe output type immediately, provided they avoid address reuse that exposes non-post-quantum public keys. She acknowledges this doesn't solve the systemic problem of protecting unmoved or lost coins (a variable she labels "X"), but argues progress shouldn't be delayed by this uncertainty. "If only 0.0001% of coins are insecure, I think Bitcoin will be fine. If 20% of coins are insecure, I think things would probably get pretty chaotic," she wrote.
Concurrently, Ripple has announced a multi-stage plan to harden the XRP Ledger (XRPL) against quantum threats, setting a 2028 target for full readiness. The urgency follows recent Google Quantum AI research suggesting that roughly 500,000 physical qubits—a 20-fold reduction from prior estimates—may be sufficient to attack ECDLP-256 cryptography, potentially deriving private keys from public keys in minutes.
Ripple's four-phase roadmap begins immediately with contingency planning for a "Q-Day" scenario. The subsequent stages involve: research and performance testing of NIST-recommended post-quantum algorithms in H1 2026; controlled hybrid deployment testing on Devnet in H2 2026; and finally, designing and proposing a native XRPL amendment to achieve full production readiness by 2028. The company highlights that XRPL's native key rotation and seed-based key generation features could make migration less disruptive than on other networks.
A key challenge both initiatives face is the performance cost of post-quantum signatures, which are significantly larger than current elliptic-curve signatures, impacting storage, bandwidth, and validation times. Ripple is collaborating with Project Eleven to accelerate testing and identify infrastructure bottlenecks.
