Bitcoin core developer Matt Corallo used a fresh Blockstream announcement this week to push back on a familiar line in the quantum debate: that nobody serious is working on post-quantum cryptography for Bitcoin. The immediate trigger was Blockstream’s preview of OP_SHRINCSVERIFY, but the broader point was that the work did not appear out of nowhere; it sits on top of research that has already been published and debated in public.
Bitcoin’s Post-Quantum Critics Are Wrong
Corallo’s post was blunt: “And the Bitcoin fudsters keep trying to claim no one is working on PQC in Bitcoin...” Blockstream, in turn, framed Jonas Nick’s upcoming talk at OPNEXT 2026 (on April 16, 2026) around a specific technical artifact rather than a vague promise, saying, “He’ll be presenting on OP_SHRINCSVERIFY.” It described the proposal as “a new opcode enabling SHRINCS,” a construction aimed at 324-byte stateful post-quantum signatures with static backups.
The event lineup itself also reinforces Corallo’s point. Quantum is not a one-off mention tied only to Jonas Nick’s OP_SHRINCSVERIFY session. The main stage schedule also includes Alex Pruden of Project 11 speaking on “Quantum Bitcoin,” and later a “Quantum/Investor fireside” featuring Robert Mitchnick of BlackRock and David Duong of Coinbase.
In other words, post-quantum risk and the response to it are showing up repeatedly across both the technical and institutional sides of the program.
The subtext was hard to miss: whatever one thinks about Bitcoin’s quantum timetable, the claim that the problem is being ignored is increasingly difficult to sustain.
What SHRINCS Actually Is
Nick laid out SHRINCS in a December post on Delving Bitcoin as a hybrid hash-based signature design that combines a stateless scheme such as SPHINCS+ with a stateful scheme based on unbalanced XMSS. The design goal is to get the efficiency benefits of stateful signing when wallet state is intact, while keeping a stateless fallback available if that state is lost or a backup has to be restored.
In Nick’s words, the scheme is “extremely efficient when only a few signatures are required” and “can be backed up with a static seed.” Bitcoin Optech later summarized the same trade-off more plainly: cheaper normal-path signing, heavier fallback signing when state integrity is in doubt.
That efficiency claim is where the proposal gets interesting for BTC. Nick wrote that the normal-path SHRINCS signature size is min(292 + q·16, s_l) + 16, where q is the number of signatures already produced through the stateful path. For q = 1, that yields the now-circulating 324-byte figure, which he said is more than 11x smaller than the smallest NIST-standardized alternative, ML-DSA, in that setting.
The earlier paper by Nick and Mikhail Kudinov made the broader case for hash-based signatures in Bitcoin, arguing that they are attractive post-quantum candidates because their security reduces to hash assumptions, while keeping public keys small and verification cost per byte within a workable range.
None of that means Bitcoin suddenly has a settled post-quantum roadmap. Nick’s Delving post explicitly invited feedback, and the December mailing-list discussion raised unresolved questions about hardware performance, signature limits, wallet design, and whether Bitcoin should standardize stateful schemes alongside stateless ones. Bitcoin Optech also covered SHRINCS as part of ongoing consensus-change discussion, not as an adopted upgrade.
That is why Corallo’s jab matters. The more precise framing is not that BTC has solved post-quantum cryptography, but that the engineering work is already underway in public view, with concrete proposals, concrete trade-offs, and increasingly concrete opcodes attached to them.
For a debate that often swings between complacency and panic, OP_SHRINCSVERIFY is evidence of something more grounded: Bitcoin’s post-quantum discussion is no longer theoretical hand-waving, even if it is still very much a research problem.
At press time, BTC traded at $66,630.
