Bitcoin developers have proposed a new output type, Pay-to-Merkle-Root (P2MR), which removes the key-path door from Taproot’s functionality. This change aims to reduce long-exposure risk and make the protocol more quantum-safe. P2MR outputs directly commit to the script-tree Merkle root, requiring users to reveal a script and provide a Merkle proof.
The proposal frames quantum risk through two attack models: short-exposure attacks (targeting unconfirmed transactions) and long-exposure attacks (targeting exposed public keys). BIP-0360 argues that post-quantum signatures can defend against short-exposure attacks, but P2MR eliminates the long-exposure surface for Taproot-style functionality.
The migration lead time is the real constraint, with each phase taking months or years. Starting early creates optionality, as waiting for certainty means starting too late. The proposal is opt-in, not mandatory, and activation requires broad consensus and a successful soft fork deployment.
While some users may argue that quantum risk is too distant to justify coordination costs, others see the value in having an option today that reduces risk tomorrow. P2MR’s success depends on whether enough participants find the tradeoffs worthwhile. The proposal is now formally documented and awaits further debate, testing, and coordination.
Source: https://cryptoslate.com/bitcoin-devs-merge-new-plan-to-limit-quantum-exposure-risk-but-you-pay-in-fees-and-privacy