Headline: StarkWare proposes “Quantum Safe Bitcoin” — a no-protocol-change patch that could blunt future quantum attacks, with big caveats
StarkWare’s chief product officer Avihu Levy has outlined a novel way to make new Bitcoin transfers resistant to quantum attacks without changing the Bitcoin protocol. Called Quantum Safe Bitcoin (QSB), the proposal swaps ECDSA’s elliptic-curve math for a hash-to-signature puzzle that can be enforced inside Bitcoin’s existing legacy script limits — meaning it would not require a soft fork.
How QSB works (short version)
- Instead of creating a conventional elliptic-curve signature, QSB requires the sender to find an input whose hash output looks like a valid ECDSA signature.
- That search is brute-force work (GPU compute), not the number-theory structure that quantum algorithms such as Shor’s are expected to break.
- Because QSB fits within Bitcoin’s legacy scripting rules, it could be used today for new transactions without changing the protocol itself.
Why proponents are excited
- StarkWare CEO Eli Ben‑Sasson called the paper “huge,” arguing QSB “essentially makes Bitcoin quantum-safe today” because transactions created under QSB would remain resilient even if a quantum computer capable of breaking conventional signatures appeared.
- The approach is pragmatic: it doesn’t try to redesign Bitcoin, but instead bolts on a narrow, localized defense that users could opt into.
Key limitations and criticisms
- Cost and practicality: Levy’s scheme is computationally expensive. The researchers estimate GPU compute costs in the range of about $75–$150 per transaction, which makes QSB impractical for routine payments and realistic mainly for large-value transfers.
- Coverage gaps: QSB protects only new transfers that use the scheme. It does not retroactively protect exposed public keys or dormant wallets. Bitcoin specialist Daniel Batten notes this omission is significant — early P2PK addresses alone may hold roughly 1.7 million BTC that would remain vulnerable if a sufficiently powerful quantum computer appeared.
- Nonstandard and non-scalable: The authors describe QSB as a temporary, stop-gap measure. It doesn’t scale to all users, is nonstandard relative to common transaction types, and doesn’t cover second-layer use cases such as the Lightning Network.
- Long-term answer still unclear: The researchers themselves say protocol-level upgrades to quantum-safe signature schemes remain the better long-term solution.
Where this fits in the larger debate
The Bitcoin community is already split on quantum risk: some prioritize preserving Bitcoin unchanged, others advocate stronger moves (including freezing or burning vulnerable coins), and a third camp pushes for protocol upgrades to post‑quantum signatures. Levy’s proposal sits between those positions — it offers an opt-in, last-resort tool that skips network-wide consensus while the community considers more fundamental fixes.
Timing and related work
QSB arrives as quantum risk discussion is heating up. Google published research in March that renewed urgency around the topic, and Lightning Labs’ CTO Olaoluwa Osuntokun recently published a quantum fallback prototype. Together, these developments have intensified debate about how — and how fast — Bitcoin should prepare for a possible quantum future.
Bottom line
QSB is a clever, pragmatic proposal that shows one way to make new Bitcoin transactions harder for future quantum machines to steal — without changing the protocol. But it’s expensive, limited in who and what it protects, and not a substitute for the broader, protocol-level upgrades many experts say are ultimately necessary.
Read more AI-generated news on: undefined/news
