A new proposal by StarkWare’s Avihu Mordechai Levy suggests that Bitcoin transactions can be made resistant to future quantum threats without altering the network’s core protocol. In a recent paper, Levy introduces a ‘Quantum-Safe Bitcoin’ transaction scheme that would function securely even if quantum computers compromise current elliptic-curve cryptography. The approach adheres to Bitcoin’s existing scripting rules and does not necessitate a soft fork or other network upgrades.
Levy explained, “We present QSB, a Quantum Safe Bitcoin transaction scheme that requires no changes to the Bitcoin protocol and remains secure even in the presence of Shor’s algorithm.” This proposal involves replacing elliptic-curve signatures with hash-based cryptography and Lamport signatures, which are considered resistant to quantum attacks.
“Since Lamport signatures are post-quantum secure and sign a strong cryptographically identifier of the transaction, it is impossible to modify the transaction without generating a new Lamport signature—something an attacker cannot forge, even with quantum computing,” Levy wrote. At the heart of this design lies a cryptographic puzzle that must be solved prior to broadcasting a transaction. The paper estimates that solving such a puzzle would require around 70 trillion attempts.
Unlike Bitcoin mining, this computation occurs off-chain before the transaction enters the network. Users solve the puzzle using commodity hardware like GPUs, with an estimated cost of a few hundred dollars per transaction.
The scheme adheres to Bitcoin’s scripting constraints of 201 opcodes and 10,000 bytes by merging Lamport signatures with hash-based puzzles in a layered structure. It also introduces ‘transaction pinning,’ ensuring that any modifications require solving the puzzle again.
Levy characterizes this system as a “last-resort” measure rather than a scalable solution, noting that both computational costs off-chain and transaction size on-chain would not meet Bitcoin’s throughput goals or most users’ needs. Creating transactions is also more complex than standard usage and might be deemed non-standard under current relay policies, potentially causing propagation issues unless submitted directly to mining pools.
The proposal does present security trade-offs; while it counters attacks using Shor’s algorithm on elliptic-curve signatures, Grover’s algorithm could still offer a quadratic speedup for quantum attackers. Levy emphasized the necessity of ongoing research and implementation of optimal solutions that are efficient, user-friendly, and protocol-level, addressing Bitcoin’s needs.
Levy’s paper joins other efforts proposing how Bitcoin can transition to quantum-resistant cryptography, such as BIP-360, which introduces a Pay-to-Merkle-Root address format for supporting quantum-safe signatures. Although the quantum threat remains theoretical, companies like Google and Cloudflare are preparing by setting a 2029 deadline to shift their systems to post-quantum technology.