New Bitcoin quantum proposal offers Satoshi Nakamoto a way to prove control without moving BTC
A new design proposed by venture fund Paradigm would let holders privately timestamp proof that they control vulnerable keys before quantum computers arrive, creating a possible rescue path if Bitcoin ever sunsets old addresses.
What to know:
— A new proposal called Provable Address-Control Timestamps, or PACTs, aims to protect old bitcoin wallets from future quantum-computing attacks without forcing their owners to move coins now.
— PACTs let holders privately timestamp cryptographic proofs of ownership today and later use quantum-resistant STARK proofs to unlock their coins if the network freezes vulnerable addresses.
— The system would require Bitcoin to adopt new STARK verification infrastructure via a soft fork and can only safeguard Satoshi Nakamoto’s coins if whoever controls those keys acts before quantum theft or a community-imposed freeze occurs.
Bitcoin’s quantum computing concerns have always had a Satoshi problem inside it.
Millions of bitcoin sitting in old wallets with exposed public keys could be vulnerable to theft if powerful enough quantum computers arrive. That includes the roughly 1.1 million bitcoin attributed to pseudonymous creator Satoshi Nakamoto, currently worth around $84 billion.
The obvious defense is a soft fork (or an upgrade to existing network rules) that eventually stops allowing spends from those legacy address types, forcing holders to move into quantum-safe formats before attackers can derive their private keys.
Prominent developer Jameson Lopp and five other developers proposed exactly that in mid-April through BIP-361, which would phase out quantum-vulnerable addresses on a five-year timeline and freeze any coins that fail to migrate.
That proposal created a different problem, however. Satoshi, and every other long-dormant holder, would have to wake up publicly or risk losing access to their assets.
Dan Robinson, a general partner at Paradigm, published a proposal Friday for a way around that trade-off that revolves around the concept of Provable Address-Control Timestamps, or PACTs.
The core idea is not to move coins but timestamp proof of ownership at a specific date and reveal nothing to the public until the owners of those wallets actually need to spend.
A holder generates a random salt, which is a piece of secret data used to make a cryptographic commitment unique and unguessable, and uses BIP-322, a standard for signing messages from a Bitcoin address without spending from it, to produce a proof of ownership.
The salt and proof are bundled together into an onchain commitment and timestamp it through OpenTimestamps, a free service that anchors data onto the Bitcoin blockchain through a single batched transaction. The salt, proof, and timestamp files stay private.
If Bitcoin later activates a soft fork that freezes quantum-vulnerable coins, the protocol could include a rescue path that accepts a STARK proof, a type of zero-knowledge proof that remains secure against quantum computers, showing the holder created their commitment before quantum hardware existed.
The holder submits that proof when they want to spend, and the network releases the coins. The redemption reveals nothing about which address, which amount, or even when the original timestamp was created.
These PACTs also address a specific gap in BIP-361 by including a rescue path for wallets derived through BIP-32, the deterministic key generation standard introduced in 2012. Pre-2012 wallets, including most of Satoshi’s known addresses, do not use BIP-32 and cannot be rescued through that path.
As such, Robinson stated that the PACTs require Bitcoin to eventually adopt a STARK verification protocol, which would itself need a separate soft fork with broad community consensus.
The verification infrastructure does not exist in Bitcoin currently and would need what Robinson calls