StarkWare researcher proposes a way to make Bitcoin transactions quantum-resistant — without changing the protocol
A researcher at StarkWare says Bitcoin could be made resistant to future quantum attacks without a soft fork or other protocol upgrade. In a new paper, Avihu Mordechai Levy lays out “Quantum-Safe Bitcoin” (QSB), a transaction design that replaces today’s elliptic-curve signatures with hash-based cryptography and Lamport signatures, and that operates entirely inside Bitcoin’s existing scripting rules.
How it works
- Instead of ECDSA/ Schnorr signatures (vulnerable to Shor’s algorithm on a large quantum computer), QSB uses Lamport-style hash-based signatures, which are widely considered post-quantum secure.
- Each Lamport signature signs a cryptographically strong identifier of the transaction, so any attempt to alter the transaction would require a new Lamport signature that a quantum attacker cannot forge.
- The design adds a pre-broadcast cryptographic puzzle. Users solve this puzzle off-chain and include a proof of work in the transaction before submitting it; the paper estimates a valid solution would take on the order of 70 trillion attempts. This computation is done by the transaction creator (not miners), and Levy estimates it could be achieved with commodity GPUs at a cost of a few hundred dollars per transaction.
Why no fork is needed
QSB is built to fit within Bitcoin’s current script constraints (201 opcodes and 10,000 bytes), which are deliberately restrictive. To meet those limits the scheme layers Lamport signatures with hash-based puzzles and introduces “transaction pinning,” forcing anyone who would try to modify a transaction to solve the puzzle again. Because it uses existing opcodes and script semantics, Levy argues the plan requires no consensus change.
Practical limits and trade-offs
Levy frames QSB as a “last-resort” defense rather than a scalable, long-term fix. Key caveats:
- Cost and size: The off-chain compute requirements and large on-chain transaction footprint don’t scale to Bitcoin’s target throughput or normal user needs. Lamport signatures are large and effectively one-time, contributing to this overhead.
- Usability and propagation: Creating QSB transactions is more complex than standard Bitcoin spending and might be considered non-standard under current relay policies; such transactions could face mempool propagation problems and may need to be submitted directly to miners or mining pools.
- Quantum trade-offs: QSB defends against Shor’s algorithm (which breaks elliptic-curve signatures), but Grover’s algorithm still offers a quadratic speedup against hash-based defenses, so quantum capabilities would reduce the effective security margin.
Context in the wider debate
Levy’s proposal joins several other ideas for migrating Bitcoin to post-quantum cryptography, including BIP-360 (Pay-to-Merkle-Root), which aims to provide an address format compatible with quantum-safe signatures. While the quantum threat to Bitcoin is still theoretical, major tech firms are already planning migrations — Google and Cloudflare, for example, have set internal targets around 2029 to transition systems to post-quantum algorithms.
Bottom line
QSB is a clever, deployable way to harden individual Bitcoin transactions against quantum attacks without forcing a protocol-level change. But its cost, size, and complexity make it a niche “emergency” tool rather than a practical replacement for a long-term, protocol-level transition to usable post-quantum signatures. Levy and others emphasize continued research into efficient, user-friendly, and consensus-level solutions for Bitcoin’s post-quantum future.
Read more AI-generated news on: undefined/news
