I just noticed something quite critical for Bitcoin holders—P2MR upgrade has officially been implemented.

Honestly, there have been concerns that quantum computers could threaten Bitcoin security, but most people might not realize how real this threat is. Quantum computing related to cryptography can theoretically crack existing elliptic curve encryption. That means if your public key is exposed, a quantum computer with enough time could derive your private key. This is not science fiction; NIST is already planning to deprecate elliptic curve cryptography by 2035.

Now, things are different. The Pay-to-Merkle-Root protocol has been merged into the Bitcoin core repository, meaning quantum-resistant protection has finally moved from concept to reality. The new P2MR scheme cleverly removes the vulnerable key-path spending method in Taproot while maintaining backward compatibility. According to the technical specifications of BIP 360, this new output type effectively defends against "long-term exposure attacks"—where a quantum computer has enough time to crack the public key.

The key point here is that P2MR addresses start with "bc1z," completely bypassing the exposure of internal keys and only committing to the Merkle root. In contrast, old Taproot addresses starting with "bc1p" that are reused will have their public keys continuously exposed on-chain, posing a risk of being cracked by quantum computers. The new scheme not only enhances quantum resistance but also improves privacy—transaction sizes are smaller than equivalent Taproot spends.

Interestingly, this upgrade is a soft fork, so existing Taproot outputs are unaffected and can opt-in voluntarily. Wallets and exchanges will have low integration costs because P2MR reuses existing Bitcoin code. This suggests a relatively smooth market adaptation.

Of course, there is an increase in fees—P2MR witness data includes leaf scripts and Merkle path data, adding extra information to blocks. But considering it can effectively protect your funds from future quantum cracking, this security trade-off seems worthwhile.

Most interestingly, Anduro BTC mentioned in their announcement that this is just the first step. Full post-quantum protection with signatures may be achieved in future upgrades, making even short-term exposure attacks impossible. Bitcoin developers are finally responding to concerns about quantum threats with concrete actions.

The national security algorithm suite for commercial use aims to complete quantum resistance upgrades by 2030, and Bitcoin has already met this target. CNSA 2.0 requires a full upgrade by 2033. It looks like Bitcoin has taken the lead in this quantum arms race. Your public wallet security layer has now been upgraded—this is real protection.