A prominent developer within the Bitcoin community has successfully created a solution that had been under discussion for years: a mechanism to rescue standard wallets if the network faces a quantum computer threat.
In response to potential quantum attacks, a widely discussed emergency soft fork for Bitcoin involves disabling the Taproot keyspend path. This would effectively transform it into something akin to BIP-360, pending an initial precautionary soft-fork addition of pq protection measures.
Olaoluwa “Roasbeef” Osuntokun, CTO at Lightning Labs, revealed this prototype on April 8 in a post to the Bitcoin developer mailing list. His creation addresses a specific flaw in Bitcoin’s long-term quantum defense strategy. The proposed upgrade, known as an “emergency brake,” aims to shield the network from quantum threats but risks locking millions out of their funds. Osuntokun offers a solution for this predicament.
Bitcoin’s encryption could potentially be compromised by powerful quantum computers. Such devices might convert publicly visible blockchain data into private keys, enabling fund theft. A leading proposal, BIP-360, merged into Bitcoin’s improvement-proposal repository in February as a draft, suggests creating new wallets resistant to quantum threats for users to transition their funds preemptively.
However, not all users may migrate in time. This has led developers to consider an extreme contingency: the “emergency brake.” Presently, Bitcoin transactions are validated by digital signatures that prove ownership. A quantum computer could forge these signatures, prompting a network-wide shutdown of the current signature system as a preventative measure—akin to disabling locks once keys have been duplicated.
The dilemma arises for those still engaged in the system. Modern wallets, particularly Taproot wallets introduced in 2021 and prevalent across Bitcoin’s ecosystem, rely solely on this signature mechanism. Disabling it leaves their assets inaccessible even to rightful owners, rendering them stranded by the very upgrade meant to protect users.
Osuntokun’s prototype offers an alternative verification method: instead of using digital signatures—vulnerable to quantum attacks—the system allows users to mathematically prove wallet ownership via the original “seed” used during wallet creation. Importantly, this proof doesn’t expose the seed itself, preventing compromise of other wallets derived from it and effectively substituting a transaction signature with proof of wallet origin.
The prototype functions on a high-end consumer MacBook, producing proofs in approximately 55 seconds and verifying them under two seconds. The proof file is roughly 1.7 MB, akin to a high-resolution image size. Osuntokun mentions this was developed as a side project and remains unoptimized.
Currently, there’s no formal proposal for blockchain integration or deployment timeline, with developers divided over the quantum threat’s immediacy.
Academics note that many cited quantum advancements are based on simplified test conditions; large-scale attacks face substantial physical limitations. Nevertheless, the wallet risk is deemed significant enough to prompt years of defensive upgrade planning by developers. Market uncertainty persists, evidenced by Polymarket traders assigning a 28% likelihood of BIP-360’s adoption by 2027.
Osuntokun’s prototype addresses an unresolved theoretical challenge: safeguarding Bitcoin from future threats while avoiding user exclusion from their wallets.