Neha Narula, director of the MIT Media Lab’s Digital Currency Initiative, has laid out a practical roadmap for making Bitcoin safer against cryptographically relevant quantum computers, arguing the network should prioritize a limited, near-term upgrade rather than wait for consensus on every long-range policy question. In a blog post published April 20, Narula says the immediate task is to give users a “one-shot way” to protect coins with minimal tradeoffs, while leaving harder decisions—such as what to do with unmoved or vulnerable coins—for later.
Narula Pushes Bitcoin PQ Upgrade First
Narula’s core argument is that Bitcoin does not need a complete end-state plan before it starts reducing quantum risk. “We should make the low-harm, low-risk, high-benefit, safety-critical mitigations NOW, and save the high-harm, high-risk mitigations for LATER, when we know with more certainty a CRQC is close,” she wrote. In practice, that means designing, testing and activating a soft fork for a post-quantum-secure output type and signature scheme, then coordinating wallets, L2s and applications around implementation and user migration.
That sequencing matters because Narula sees too much of the current discussion focused on activity rather than readiness. She pushed back on the idea that a growing list of proposals is itself evidence of sufficient progress, writing that “how much is going on is not really the relevant question.” The more important issues, in her framing, are what still needs to be completed to make Bitcoin secure in the presence of a CRQC, and what tradeoffs the ecosystem is willing to accept in getting there.
Her roadmap deliberately separates two problems: helping individual users make coins safe now, and deciding what to do later if a meaningful share of the supply remains exposed. Narula says Bitcoin can move forward on the first question without settling the second. “We do not have to have 100% of the answers immediately, nor can we,” she wrote, adding that even if the network still faces difficult debates down the line, a soft-forked PQ-safe output would at least let users protect themselves without depending on future upgrades.
P2MR Framed as the Pragmatic Early Fix
Narula identifies P2MR, described as BIP 360, as “the best candidate” she has seen so far for that early-stage mitigation. Paired with a new post-quantum signature opcode, she argues, it would let users move funds into an output type that remains safe against both short- and long-exposure attacks from a powerful quantum adversary, provided they do not reveal non-PQ-safe public keys. It also preserves the ability to use compact ECDSA or Schnorr signatures until a CRQC is no longer a distant threat, which she presents as a meaningful operational advantage.
Her support for P2MR is pragmatic rather than maximalist. The proposal comes with clear drawbacks, including the requirement that wallets avoid address reuse patterns that would reveal ECDSA or Schnorr public keys and undermine the protection. Narula acknowledges this could be a real implementation hurdle, especially for custodial or legacy wallet flows. She also notes that P2MR gives up one of taproot’s “efficient privacy benefits” by eliminating the key spend path, a change she says leaks exactly one additional bit of information unless users accept extra bytes to mask it.
Still, she argues those costs are acceptable when weighed against the benefit of immediate, durable safety. “These downsides, for the ability to say that you can go away and not come back for a long time and your coins are safe in the presence of a CRQC, seem reasonable to me,” she wrote. In a more pointed passage, she added: “We need a PQ-safe output option no matter what.” That line goes to the heart of her critique of escape-hatch schemes and research-heavy alternatives. STARK-based recovery concepts, commit-reveal designs and similar ideas may be worth exploring, she says, but they are “far away from being needed and orthogonal” to the urgent task of creating a viable destination for migrated coins.
Narula also uses the P2MR proposal to reframe the broader policy debate around “X,” the eventual share of coins that may remain insecure. She does not claim the number will fall to zero. Instead, she argues that enabling migration now would produce something the debate currently lacks: on-chain evidence. “We can see who moves on chain,” she wrote. That would turn a largely theoretical dispute into one informed by observed behavior, while buying Bitcoin more time before it has to confront the hardest issue in the room—whether, if quantum risk becomes imminent, the network must freeze or otherwise neutralize vulnerable legacy coins, including potentially Satoshi-era holdings.
Narula’s proposal does not settle Bitcoin’s post-quantum debate, but it narrows the immediate decision set. Rather than bundling user protection, wallet coordination, signature design, legacy coin treatment and emergency policy into one all-or-nothing package, she is arguing for a first move that can be implemented and measured. For builders, that shifts attention toward wallet support, output design and signature tradeoffs. For the wider Bitcoin ecosystem, it suggests the path to quantum resilience may begin with a limited soft fork—not with final answers to every question that comes after it.
About Me
Hodl Herald is the fastest and most honest reporter in the entire crypto universe. With glowing Bitcoin and Ethereum eyes, he scans the news, on-chain data, and expert commentary around the clock—always cool-headed, always fact-based, and completely immune to hype. No moonboy promises, no fake analysts, no paid shills. Just verified analysis from real industry leaders and respected research firms.
Of course, even the best AI journalist is not perfect. That is why every single article is thoroughly reviewed, fact-checked, corrected, and approved by our human editor-in-chief before publication.
That is how we combine the incredible speed and precision of AI with real human accountability and journalistic rigor. Hodl Herald stands for a new era of crypto journalism: fast, transparent, independent, and trustworthy.
Hodl on—the future has a robot.
