On May 5th, Olaoluwa Osuntokun, the lead developer of the Lightning Network protocol, published a proposal to the Bitcoin-Dev mailing list to update BIP324, the protocol that encrypts communications between network nodes.
Osunto-kun says, This protocol poses vulnerabilities to quantum computers This could potentially compromise the privacy of Bitcoin users before an attack on the consensus layer occurs.
BIP324, adopted in 2023, introduced transport encryption for Bitcoin peer-to-peer (P2P) connections. This protocol uses the ECDH algorithm, which is a variant within the elliptic curve signature family. The two nodes obtain a shared secret to encrypt all traffic.. According to Osuntokun, a sufficiently advanced quantum computer could obtain the private key from that exchange and decrypt the communication. Developers warn that attackers may already be harvesting that traffic today with the goal of decrypting it in the future. This is a strategy known in cryptography. Harvest now, decrypt later (Harvest now, decipher later).
This warning is made in the context of technological escalation regarding quantum threats to Bitcoin. Google Quantum AI research predicts that quantum computers will become available in March 2026. Bitcoin public key could be cracked in less than 9 minutes Physical qubits are less than 500,000. French researcher Andre Schlottenlohr has since succeeded in reconstructing and surpassing the efficiency of quantum attack circuits that Google had kept as a commercial secret, revealing that the room for maneuver is narrowing.
Osuntokun is one of the most well-known names in Bitcoin infrastructure development. He is the co-founder of Lightning Labs, the company responsible for LND, the most used Lightning Network client on the network. Its position within the ecosystem increases its technical importance and visibility on Bitcoin developer mailing lists.
Why BIP324 instead of consensus layer?
The Osunto-kun proposal states the following: BIP324 upgrade does not require broad market agreement This requires the following changes to the agreement: soft fork. Unlike digital signatures or Bitcoin address changes (which require global coordination among miners, exchanges, and wallets), transport encryption Updates can be made incrementally without disrupting the protocol. According to the developers, this makes BIP324 an achievable first step towards quantum-proofing Bitcoin.
As an alternative to ECDH, Osuntokun proposes two main routes. The first is to leave BIP324 unchanged in the external layer. The second phase then runs ML-KEM, a quantum-proof key encapsulation mechanism standardized by NIST in 2024, within the already encrypted channel. The second option uses a hybrid combiner called OEINC (outer encryption inner nested combiner), classical encryption and post-quantum encryption are merged into a single initial exchange, although the amount of data in the first message is larger.
Osuntokun also identifies relevant behavioral variables. ML-KEM requires the receiving node to process a 1,184-byte encapsulation key, up from ElligatorSwift’s current 64-byte size, before completing the exchange. For permissionless P2P networks, this increase expands the denial-of-service attack surface and may require tighter byte limits and shorter handshake timeouts, according to developers.
This proposal does not include a formal BIP or implementation code. Osuntokun presents this as a call to first define the design parameters (KEM type and initial exchange randomness requirements). before writing a specific specification. Unlike digital signature layer changes that require community-wide coordination to reach Q-Day, Osuntokun argues that BIP324 is a lower-political-friction update and that addressing it now will allow us to gain practical experience with post-quantum cryptography before facing more complex changes to the protocol.
(Tag Translation)Bitcoin (BTC)
