Doichain · Living lab for Bitcoin

What Bitcoin cannot test on itself, Doichain tests.

Over the coming years Bitcoin will have to migrate to post-quantum cryptography. With a market capitalisation of 2.4 trillion US dollars attempting that on the mainnet is out of the question. Doichain takes on this trial — as a Bitcoin-related, value-bearing productive chain with over 90% shared codebase.

> 90%

shared codebase with Bitcoin

< 500,000

qubits according to Google Research (April 2026) for an ECDSA break

< 9 min.

estimated attack duration — shorter than a Bitcoin block

2026 – 2031

Doichain's three-phase plan

Why now

Bitcoin secures transactions with ECDSA over the elliptic curve secp256k1. The security of this scheme rests on a mathematical problem that classical computers cannot solve in a reasonable time. Shor's algorithm solves the same problem on a sufficiently capable quantum computer in minutes.

In April 2026 a research team at Google reduced the estimated hardware for such an attack from roughly nine million to fewer than 500,000 physical qubits — with an execution time below nine minutes. The attack therefore fits, for the first time, within a single Bitcoin confirmation window. Current hardware is still two to three orders of magnitude away, but is visibly closing the gap.

More remarkable than the timing is the harvesting that is happening today: the Bitcoin blockchain is being archived ("harvest now, decrypt later"). Every key visible today can be broken retroactively as soon as the hardware is ready. A migration after that day is ineffective — the data are already in the attacker's hands.

Harvest now, decrypt later

TODAY

Collection of encrypted data

Blockchain archives, exposed public keys, network captures

→

LATER

Quantum computer available

Shor's algorithm on sufficiently capable hardware

⇒

RETROACTIVELY

Break of keys archived today

Migration after that day is ineffective

Bitcoin exposure (estimated)

19.8M BTC

Total supply (circulating)

6.9M BTC

with exposed public keys (≈ 35%)

1.7M BTC

in old P2PK addresses (incl. Satoshi)

Why Bitcoin cannot test itself

Bitcoin is aware of the threat. But a direct migration on the mainnet is risky: SegWit took 8.5 years from proposal to activation, Taproot 7.5 years. BIP-360 — the first concrete proposal for quantum-resistant Bitcoin addresses — was accepted into the official BIP repository in February 2026, but is explicitly still in the proposal phase.

On top of that come three structural problems: post-quantum signatures are 11 to 267 times larger than ECDSA signatures, with significant consequences for block propagation and the fee market. Wallet migration of a value-bearing UTXO base remains unsolved. And the burn-vs-steal dilemma — what happens to coins whose owners do not migrate — can only be answered honestly under real economic pressure, not in a simulation.

Bitcoin does not need another testnet. Bitcoin needs a living lab.

Six properties that define the role

01
Genetic kinship.
Over 90% of the codebase is identical to Bitcoin Core. Patches can be ported between the two codebases with manageable effort.
02
Identical cryptographic primitives.
ECDSA over secp256k1, SHA-256. Doichain faces exactly the same problem today that Bitcoin faces.
03
Merged mining.
Doichain is secured by the same ASIC miners that secure Bitcoin. The living lab operates under real hashrate, not in an isolated sandbox.
04
Identical tokenomics.
21 million DOI, halving cycle, 10-minute blocks. Economic effects — for instance fee-market reactions to enlarged signatures — translate directly to Bitcoin.
05
Real market value, real transactions.
Migration incentives are economically genuine, holder behaviour is genuine, wallet vendors actually have to migrate — they cannot simply flip a test configuration.
06
Namespace layer.
An additional data layer (up to 512 bytes per namespace operation) allows post-quantum schemes to be trialled not only for value transfer but also for identity, consent and proof of existence under real conditions — a testing surface that Bitcoin testnets structurally lack.

Three phases, six years, one migration path for Bitcoin

Each phase delivers standalone, verifiable results and creates the preconditions for the next. Click a phase for details.

Modular signature framework in Doichain Core, versioned address format (Witness v3, analogous to BIP-360), new opcodes (OP_CHECKSIG_PQ), parallel acceptance of classical ECDSA and post-quantum signatures, BIP-9 / BIP-8 compatible soft-fork activation.

What Bitcoin takes away

Empirical evidence that a Bitcoin-near codebase can carry crypto agility without losing its security guarantees.

An important nuance

Not everything in Bitcoin is equally vulnerable. The SHA-256 hash function that secures mining and address hashes is only quadratically accelerated by Grover's algorithm — doubling the hash length would, if needed at all, suffice as a countermeasure. The actual problem is therefore not mining but signatures. Addresses that have never spent are comparatively safe today; their public key has not been exposed. Addresses whose keys are already visible on the blockchain are the ones at risk.

A precedent exists

The idea that a smaller, technically related blockchain serves as a living lab for Bitcoin is not new. Namecoin — Doichain's mother chain — provided the first proof of concept for merged mining in 2011, a concept Satoshi Nakamoto himself had sketched on BitcoinTalk in 2010, and which is the standard today. Doichain stands in that tradition: now for post-quantum migration.

What Doichain will deliver

When Bitcoin introduces post-quantum signatures in the 2030s, its developers will not have to start from zero. They will be able to draw on a productive implementation hardened against real attackers and tested by a real market — with real measurement data, documented pitfalls and a migration roadmap that has already shown in practice that it holds. That is what Doichain is for.

If it holds

Should Doichain deliver the first productive migration playbook for a Bitcoin-related chain, a technical possibility space emerges that exists nowhere today: a Bitcoin-near codebase that has shown under real load that post-quantum signatures can be rolled out in a value-bearing UTXO economy. That possibility space is equally relevant for the Bitcoin developer community, wallet vendors, regulated custodians and academic research.

What follows from it economically or socially cannot seriously be predicted today, and does not belong on this page. Doichain is a living lab with a clear technical mandate, not a speculative object. Success is measured in reproducible results, accepted BIPs and adopted patches — not in market movements.

No investment advice, no return promises. This page describes a technical research and migration undertaking. Statements about market value, price or return are expressly not made.

What we do not promise

A living lab is only a living lab if it admits failure. The following risks are real and are named openly.

PQC standards may change.
ML-DSA, SLH-DSA and ML-KEM were standardised by NIST in 2024. Cryptographic research moves on; new attacks or parameter adjustments are possible. Crypto agility — not any single algorithm — is therefore the design principle.
The BIP process is slow and uncontrollable.
Even excellent empirical results do not guarantee timely inclusion in Bitcoin Core. SegWit took 8.5 years, Taproot 7.5. Doichain supplies material, it does not dictate a schedule.
Adoption is not guaranteed.
Wallet vendors, custodians, exchanges and miners decide independently. Even a technically working migration playbook may go unused if the incentives are missing.
Hardware assumptions may shift.
The threat rests on publicly available research into quantum hardware. That research may accelerate — or unexpectedly stall. Either would shift the time pressure, not the technical necessity.
Burn vs steal remains a political question.
Even with perfect measurement data, the decision of how to treat un-migrated coins is in the end a question of social consensus, not of technology.