The issue of quantum computing within Bitcoin has long been intertwined with a problem involving its creator, known only as Satoshi Nakamoto. Vast amounts of bitcoin are stored in outdated wallets with exposed public keys, rendering them susceptible to theft by sufficiently powerful quantum computers. This includes approximately 1.1 million bitcoins linked to Satoshi Nakamoto, valued at around $84 billion today.
A proposed solution is a soft fork or network upgrade that would phase out the use of these vulnerable addresses over five years, as per BIP-361 introduced in mid-April by Jameson Lopp and five other developers. This proposal forces holders into quantum-safe formats before attackers can derive their private keys but presents another challenge: it requires long-dormant Bitcoin holders like Satoshi to activate their assets publicly or risk losing them.
Addressing this issue, Dan Robinson of Paradigm suggested Provable Address-Control Timestamps (PACTs) on Friday. This method involves timestamping proof of ownership without public disclosure until spending is necessary. A holder generates a secret salt and uses BIP-322 to create a unique cryptographic commitment. This data is then anchored onto the Bitcoin blockchain via OpenTimestamps, ensuring its privacy.
If a future soft fork freezes quantum-vulnerable coins, a rescue path involving a STARK proof could be implemented. This zero-knowledge proof, secure against quantum computers, would demonstrate that the holder created their commitment before quantum technology existed. Upon spending, this proof allows the network to release the coins without revealing specific details of the transaction.
PACTs also resolve an issue in BIP-361 by offering a rescue path for wallets generated with BIP-32, introduced in 2012. Wallets from before 2012, including most known Satoshi addresses, require this additional solution as they aren’t compatible with BIP-32. Robinson emphasized that Bitcoin would need to adopt STARK verification protocol through another soft fork agreed upon by the community.
Currently, Bitcoin lacks the necessary infrastructure for such verification, which would involve implementing multisig wallets, complex scripts, and hardware wallet support, all requiring meticulous standardization efforts. PACTs cannot circumvent this requirement.
PACTs can only protect Satoshi’s holdings if the current controller of those keys makes a commitment to them. If Satoshi is truly absent, no retroactive PACT can be created, leaving the coins vulnerable to either quantum theft or community-imposed freezes.
Ultimately, PACTs offer an alternative in the BIP-361 debate between protecting against quantum threats and respecting dormant property rights. However, whether Satoshi will utilize this solution remains uncertain.