Builder Notes from Bitcoin House Malaysia

This one is for developers, wallet builders, and technically curious Bitcoiners. Quantum computers are not breaking Bitcoin today. But if you’re building tools meant to protect value for decades, you should understand the migration problem now.

If you’re writing signing logic today, the Presidio Bitcoin quantum readiness repository belongs in your reading list. Not because quantum computers can break ECDSA tomorrow — they can’t. But because the attack surface is already mapped, the engineering discussion is becoming more concrete, and developers who build durable sovereign tools are thinking about this now.

This isn’t about panic. It’s about understanding which Bitcoin addresses are actually vulnerable, and building systems that can migrate to post-quantum cryptography without abandoning user sovereignty.

The Exposure Map: Which Keys Are Actually at Risk

Not all Bitcoin addresses face the same quantum risk. The Presidio report quantifies exposure across address types.

P2PKH and P2WPKH addresses only reveal public keys when spending — giving quantum attackers a narrow window between broadcast and confirmation. The higher-risk scenario: reused addresses, or unspent outputs from addresses that have already published their public key on-chain.

P2TR is different: the Taproot output key is already visible on-chain, so it belongs in the long-range exposure discussion, even though its current usage and upgrade path differ from early P2PK.

Presidio estimates that if a cryptographically relevant quantum computer existed today, around 6.5 million BTC could be vulnerable due to long-exposed public keys — roughly 1.72 million BTC sitting in early P2PK outputs, with much of the rest linked to address reuse.

For Malaysian developers, this has immediate architectural implications:

• Building a remittance app for migrant workers? Advise users to never reuse addresses.
• Implementing multisig vaults for small businesses managing long-term treasury reserves? Your address generation logic needs quantum-aware hygiene now, not in 2030.

The protocol upgrade question is harder. Forced migration versus opt-in transitions carries very different governance complexity — and very different consequences for users who can’t easily come online to act.

Post-Quantum Signatures: The Sovereignty Trade-offs

The Presidio repository surveys post-quantum cryptographic schemes built for Bitcoin’s constrained environment. Lattice-based signatures like CRYSTALS-Dilithium (now standardized by NIST as ML-DSA) and hash-based schemes like SPHINCS+ (standardized as SLH-DSA) both appear in the research alongside Bitcoin-specific compact variants.

The trade-offs are significant: signature sizes explode from 64 bytes to multiple kilobytes. That matters across the stack:

• Running a Lightning node in Kuala Lumpur? Larger signatures mean higher on-chain costs for channel opens and force-closes.
• Building a mobile-first wallet for users on unstable connections or limited data plans? Multi-kilobyte signatures change your UX assumptions entirely.

The report evaluates hybrid Taproot approaches — committing to both Schnorr and post-quantum signatures in script trees, enabling gradual transition while preserving backward compatibility. But this introduces complexity: managing two signature types, coordinating between legacy and quantum-safe outputs, and handling fee estimation across mixed transaction types.

The sovereignty principle that must hold through any transition: post-quantum cryptography cannot require trusted setup ceremonies or third-party key generation services. Any scheme that centralizes cryptographic parameter generation reintroduces the institutional dependency Bitcoin was built to escape. The report emphasizes transparent, deterministic schemes — non-negotiable for developers building in jurisdictions where trusting external authorities is not an option.

Migration Scenarios: Design for Users Who Can’t Be Online

The Presidio report models two transition paths.

The optimistic scenario: users voluntarily migrate to quantum-safe addresses over years as wallet software integrates post-quantum support. The pessimistic scenario: a quantum breakthrough forces an emergency soft fork with a sunset period for vulnerable outputs — after which they become unspendable.

Each path has sovereignty implications. For Malaysian users holding keys offline in hardware wallets, or communities in Myanmar using Bitcoin to preserve value under authoritarian regimes, any protocol change imposing deadlines creates existential risk. Miss the migration window, lose your coins.

The report also discusses “quantum emergency” address freezes — temporarily locking outputs with exposed public keys if a viable quantum computer emerges, buying users time to migrate. But this requires global coordination, real-time threat detection, and consensus on what threshold justifies such action.

For developers building in Southeast Asia: design for resilience now. If you’re building tools for users in markets like Malaysia, where users may face banking friction, remittance costs, and changing FX conditions, your upgrade path cannot assume reliable internet access or sophisticated user technical literacy.

Build quantum-aware features as opt-in today — address rotation, script-based quantum commitments, clear migration UX. When the timeline accelerates, your users won’t be left behind.

Builder Takeaway: Quantum computing shifts Bitcoin’s threat model from protecting keys at rest to protecting keys across decades under evolving cryptographic assumptions. Build for post-quantum migration now.

💬 Discussion question: How should wallet developers in markets with banking friction and remittance constraints balance quantum readiness features — larger signatures, higher fees — against the immediate accessibility needs of unbanked users with limited data and transaction budgets?

Found this useful? Zap 21 sats ⚡

#Bitcoin #Malaysia #BitcoinDev #QuantumComputing