BIP324 encrypts connections between Bitcoin nodes since 2023 utilizing ECDH.
P2P visitors will be collected at the moment to be decrypted sooner or later, being an assault vector.
Olaoluwa Osuntokun, core developer of the Lightning Community protocol, revealed a proposal on the Bitcoin-Dev mailing listing on Could 5 to replace BIP324, the protocol that encrypts communications between community nodes.
In response to Osuntokun, This protocol presents a vulnerability to quantum computer systems which may compromise the privateness of Bitcoin customers earlier than any assault on the consensus layer happens.
BIP324, adopted in 2023, launched transport encryption for Bitcoin peer-to-peer (P2P) connections. The protocol makes use of the ECDH algorithm, a variant throughout the elliptic curve signature household, in order that two nodes derive a shared secret with which they encrypt all their visitors. In response to Osuntokun, a sufficiently superior quantum pc may derive the personal keys from that change and decrypt the communications. The developer warns that attackers may already be gathering that visitors at the moment, with the intention of decrypting it sooner or later, a method recognized in cryptography as harvest now, decrypt later (harvest now, decipher later).
This warning is framed in a context of technical escalation concerning the quantum risk to Bitcoin. A Google Quantum AI examine estimated in March 2026 {that a} quantum pc may crack a Bitcoin public key in lower than 9 minutes, with lower than 500,000 bodily qubits. Subsequently, French researcher André Schrottenloher managed to reconstruct and surpass the effectivity of the quantum assault circuits that Google stored beneath business secret, which revealed that the window to behave is narrowing.
Osuntokun is likely one of the most acknowledged names in Bitcoin infrastructure improvement. He’s co-founder of Lightning Labs, the corporate liable for LND, probably the most used Lightning Community shopper on the community. Its place throughout the ecosystem provides it technical weight and visibility on the Bitcoin developer mailing listing.
Why BIP324 and never the consensus layer
The Osuntokun proposal states that upgrading BIP324 doesn’t require broad market settlement that requires a change of consensus, equivalent to a mushy fork. In contrast to modifying digital signatures or Bitcoin addresses—which might contain coordinating miners, exchanges, and wallets globally—transport encryption will be up to date incrementally and with out protocol interruption. In response to the developer, this makes BIP324 an achievable first step in the direction of Bitcoin quantum resistance.
To switch ECDH, Osuntokun proposes two major routes. The primary would hold BIP324 unchanged in its exterior layer and would execute ML-KEM—the important thing encapsulation mechanism standardized by NIST in 2024 with confirmed quantum resistance—throughout the already encrypted channel, in a second part. The second choice would use a hybrid combiner known as OEINC (Outer Encrypts Inside Nested Combiner), which merges classical and post-quantum encryption right into a single preliminary change, albeit with a bigger quantity of information within the first message.
Osuntokun additionally identifies a related operational variable: ML-KEM requires the receiving node to course of a 1,184-byte encapsulation key earlier than finishing the change, up from ElligatorSwift’s present 64 bytes. In a permissionless P2P community, that improve expands the denial-of-service assault floor and, in line with the developer, may require stricter byte limits and shorter handshake timeouts.
The proposal doesn’t embrace a proper BIP or implementation code. Osuntokun presents it as a name to first outline the design parameters—KEM kind and randomness requirement of the preliminary change— earlier than writing a particular specification. In contrast to modifications to the digital signature layer, which require community-wide coordination to succeed in Q-Day, Osuntokun maintains that BIP324 represents a decrease political friction replace, and that addressing it now would enable sensible expertise with post-quantum cryptography to be gained earlier than going through the extra complicated modifications to the protocol.
