Bitcoin’s cryptographic backbone has an expiration date. Nobody knows exactly when quantum computers will be powerful enough to crack the elliptic curve digital signature algorithm (ECDSA) that secures every Bitcoin transaction, but the crypto industry is already wrestling with what comes next. The answer, it turns out, involves some uncomfortable trade-offs.
The core issue is deceptively simple. Bitcoin currently relies on ECDSA signatures that clock in at roughly 65 bytes each. The post-quantum alternatives blessed by NIST, specifically ML-DSA (formerly known as Dilithium) and SLH-DSA (formerly SPHINCS+), produce signatures that are 10 to 70 times larger. In English: swapping to quantum-safe signatures would be like replacing every compact car on a highway with a semi-truck and expecting traffic to flow the same way.
The block size dilemma returns
ML-DSA signatures alone can reach 2.4 to 4.6 KB per signature, compared to ECDSA’s trim 65 bytes. Multiply that across every transaction in a block, and Bitcoin’s current capacity gets obliterated.
Some experimental proposals have floated increasing Bitcoin’s block size limit to 32 or even 64 MiB to accommodate quantum-safe transaction variants. For context, Bitcoin’s current block size limit sits at around 4 MB with SegWit. A jump to 64 MiB would represent a roughly 16x increase.







